Audit Program
Cash Recycle Machine (CRM) audit focuses on control effectiveness, transaction integrity, and governance compliance rather than only functional performance. Testing scope must cover normal and upnormal scenarios to validate system resilience and risk controls.
Functional testing verifies deposits, withdrawals, and recycle operations. Upnormal tests simulate failures such as cassette full, insufficient cash, shutter stuck, offline conditions, and hardware errors. These scenarios demonstrate error handling, user notification, and transaction rollback mechanisms. From an audit view, negative testing provides evidence that controls operate under failure conditions.
Testing sufficiency is a shared responsibility. IT executes tests, business defines requirements, and risk teams validate controls. Requirement → Test → Result traceability is essential. Lack of documentation or approval weakens control assurance and may create audit findings. Governance therefore requires documented evidence and multi-line oversight.
CRM projects involve multiple stakeholders: IT implementation, operational risk, procurement, legal, and management. No single team owns the entire process. Lines of defense (execution, risk oversight, and audit assurance) must work together. Management’s requirement that risk and governance approvals be obtained is standard practice to mitigate operational and compliance risk.
Procurement and migration (including database or system transitions) are high-risk activities affecting data integrity and business continuity. Compliance with procedural stages—requirement gathering, risk assessment, technical validation, and contract approval—ensures transparency and control. Skipping steps increases risk exposure and potential audit issues.
From IT auditor perspective, the key questions are:
- Is testing coverage adequate?
- Are controls documented and approved?
- Is evidence available for transactions and logs?
- Are risks identified and mitigated?
- Does governance align with policy?
Blame allocation is less important than root cause analysis and control improvement. If management challenges testing sufficiency, auditors evaluate documentation and governance alignment rather than assuming execution failure. CRM audit ultimately supports organizational risk management. Effective controls protect financial transactions, customer data, and operational stability. Evidence-based governance ensures accountability and compliance.
Anjar Priandoyo 
Tinggalkan komentar