High call volumes may result in long wait times. Before calling us, visit COVID-19, Tax time essentials, or find answers to our Top call centre questions.

 

ato

 
 
Show download pdf controls
Show print controls

  • ISRA tool

    Introduction

    The Information System Risk assessment (ISRA) tool is available for business clients and advisors to self-assess the integrity of their Information Technology (IT) systems. The tool helps establish if the IT systems are well governed with appropriate controls to help business meet their tax and super reporting obligations.

    The information below is an online version of the ISRA tool and auditable units to complete the risk assessment. It gives you practical guidance to complete the auditable units.

    For access a secure download link to the Microsoft Access database version of the tool, see Information Systems Risk Assessment.

    To use the tool effectively you must have Microsoft Access and Microsoft Word available on the computer or device you are downloading the file to.

    For instructions in using the ISRA tool, see the ISRA tool manual.

    Overall risk ratings

    To start with, refer to the table below as an example of how to fill out this table. On the left hand side, tick the auditable units you want to complete as part of your ISRA review.

    Overall risk ratings table example

    Auditable unit (tick the units that apply)

    Average score from unit summary sheet

    Tick risk rating if low

    Tick risk rating if medium

    Tick risk rating if high

    Maximum score

    Systems

    Enter
    score

    1–33

    34–65

    66–97

    97

    Interfaces

    Enter
    score

    1–9

    10–18

    19–27

    27

    Customisations

    Enter
    score

    1–11

    12–22

    23–32

    32

    Projects

    Enter
    score

    1–18

    19–36

    37–53

    53

    Governance

    Enter
    score

    1–25

    26–49

    50–73

    73

    Total score

    Enter total
    of scores

    Low
    1–94

    Medium
    95–188

    High
    189–282

    282

    After filling out the above table, calculate the total of average scores.

    The overall risk rating score ranges in the above table are only applicable if you complete all auditable units. If you don't complete all units, sum the maximum scores for the completed units to find the overall maximum score which will be:

    • low range from 1% to 34%
    • medium range from 34% to 67%
    • high range above 67%.

    After completing the review, enter the average score from each completed auditable unit. The average scores are calculated from the auditable unit summary sheets, units 1–4 as shown on the following pages.

    Last modified: 18 Jun 2019QC 59343