ISRA tool
Introduction
The Information System Risk assessment (ISRA) tool is available for business clients and advisors to self-assess the integrity of their Information Technology (IT) systems. The tool helps establish if the IT systems are well governed with appropriate controls to help business meet their tax and super reporting obligations.
The information below is an online version of the ISRA tool and auditable units to complete the risk assessment. It gives you practical guidance to complete the auditable units.
For access a secure download link to the Microsoft Access database version of the tool, see Information Systems Risk Assessment.
To use the tool effectively you must have Microsoft Access and Microsoft Word available on the computer or device you are downloading the file to.
For instructions in using the ISRA tool, see the ISRA tool manual.
Overall risk ratings
To start with, refer to the table below as an example of how to fill out this table. On the left hand side, tick the auditable units you want to complete as part of your ISRA review.
Overall risk ratings table example
Auditable unit (tick the units that apply)
|
Average score from unit summary sheet
|
Tick risk rating if low
|
Tick risk rating if medium
|
Tick risk rating if high
|
Maximum score
|
Systems
|
Enter score
|
1–33
|
34–65
|
66–97
|
97
|
Interfaces
|
Enter score
|
1–9
|
10–18
|
19–27
|
27
|
Customisations
|
Enter score
|
1–11
|
12–22
|
23–32
|
32
|
Projects
|
Enter score
|
1–18
|
19–36
|
37–53
|
53
|
Governance
|
Enter score
|
1–25
|
26–49
|
50–73
|
73
|
Total score
|
Enter total of scores
|
Low 1–94
|
Medium 95–188
|
High 189–282
|
282
|
After filling out the above table, calculate the total of average scores.
The overall risk rating score ranges in the above table are only applicable if you complete all auditable units. If you don't complete all units, sum the maximum scores for the completed units to find the overall maximum score which will be:
- low range from 1% to 34%
- medium range from 34% to 67%
- high range above 67%.
After completing the review, enter the average score from each completed auditable unit. The average scores are calculated from the auditable unit summary sheets, units 1–4 as shown on the following pages.