Responses Should Describe Controls for Fiscal Year 20XX

Automation Questionnaire

***Responses should describe controls for fiscal year 20XX ***

Please complete this questionnaire related to each system that is used to generate performance measure information by XX. If the responses are different for each system, please indicate which system you are referring to. Please note that:

1. We prefer to receive electronic copies of the completed questionnaire and any supporting documentation, if possible.
2. Please provide sufficient detail in order to reduce the amount of follow-up that will need to occur during fieldwork.
3. If you have any questions or comments, contact XX.

Name of Agency:
Name of Person(s) completing questionnaire: / NameTitlePhone Number

Section 1.01GENERAL CONTROLS

1. System Documentation:

What types of audits, reviews, or assessments of the computer system and database(s) have been made during fiscal year 20XX? What were the results of the audits, reviews or assessments? Who performed the audit, review or assessment?

Please describe the critical automated application(s) affecting performance measures under review.

2. Logical Access Control:

What policies, procedures, organizational structure, or electronic access controls exist to assure the integrity of captured data in the automated applications? How often are the policies, procedures, and controls reviewed and/or tested? Please explain.

What agency personnel and non-agency personnel (if applicable) have access to the systems(s) and database(s) related to performance measures?

3. Program Change Control:

What controls exist to protect automated applications from unauthorized program changes? Please explain.

4. Security:

What controls exist to protect the servers or computers holding the automated applications? How often are these controls reviewed and tested? Please explain.

5. Business Continuity:

What controls exist to assure the business continuity of the automated applications, in either a manual or automated mode, in the event of a disaster or other break in service? Please explain.

Is there a current disaster recovery plan (DRP)? When was the DRP last tested? Please provide us with an electronic copy of your current DRP.

APPLICATION CONTROLS

1. Do process maps or application flowcharts exist to provide an understanding of the automated application under review? Please provide a copy.

1. What input controls exist to facilitate data validity, accuracy, completeness, timeliness, existence, classification and summarization? Discuss in detail. Include both manual and automated controls. How often are these controls reviewed and tested?

1. What process controls exist to facilitate data validity, accuracy, completeness, timeliness,

existence, classification and summarization? Discuss in detail. Include both manual and automated controls. How often are these controls reviewed and tested?

1. What output controls exist to facilitate data validity, accuracy, completeness, timeliness,

existence, classification and summarization? Discuss in detail. Include both manual and automated controls. How often are these controls reviewed and tested?

Source: Adapted from Guide to Performance Measures Management, 2006 Edition, State Auditor’s Office of Texas, Report #06-329