We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byJane Roff
Modified about 1 year ago
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements
Information System Audit : © South-Asian Management Technologies Foundation Risk Factors The risk factors inherent in business operations include the following: * Access Risk* Business Disruption Risk * Credit Risk* Customer Service Risk * Data Integrity Risk * Misstatement Risk * Physical Harm Risk* Fraud Risk * Legal And Regulatory Risk
Information System Audit : © South-Asian Management Technologies Foundation Risk analysis and Exposure A Risk is the likelihood that the organisation would face a vulnerability being exploited or a threat becoming harmful A Threat is an action, event or condition where there is a compromise in the system, its quality and ability to inflict harm to the organisation. Attack is a set of actions designed to compromise confidentiality, integrity, availability or any other desired feature of an information system.
Information System Audit : © South-Asian Management Technologies Foundation Risk and Exposures Vulnerability is the weakness in the system safeguards that exposes the system to threats. An Exposure is the extent of loss the organisation has to face when a risk materialises. Likelihood of the threat occurring is the estimation of the probability that the threat will succeed in achieving an undesirable event.
Information System Audit : © South-Asian Management Technologies Foundation Information System Control Objectives
Information System Audit : © South-Asian Management Technologies Foundation Information System Control Objectives Safeguarding information systems assets Compliance with corporate policies, regulatory and legal requirements Assuring system reliability Maintaining data integrity Assuring system security Assuring system availability
Information System Audit : © South-Asian Management Technologies Foundation Information System Control Objectives Maintaining system controllability Assuring system maintainability Assuring system usabilityensuring system effectiveness Maintaining system economy and efficiency Maintaining system quality
Information System Audit : © South-Asian Management Technologies Foundation Information System Audit Objectives Adequacy and effectiveness of internal controls. Efficient and effective allocation of resources Provide assurance that computer-related assets are safeguarded. Ensure that information is accurate, available on request, and reliable. Provide reasonable assurance that all errors, omissions, and irregularities are prevented, detected, corrected, and reported. Review the systems to ensure compliance to policies, procedures and standards.
Information System Audit : © South-Asian Management Technologies Foundation Information System Audit Objectives Ensure legal requirements are complied with, audit trails are incorporated, documentation is completed and systems data integrity and security is maintained. To identify and recognize the potential of computer related fraud, embezzlement, misappropriations and thefts. Ensure that the management takes corrective and preventive actions when required
Information System Audit : © South-Asian Management Technologies Foundation Information Systems Abuse Destruction of assets Theft of assets Modification of assets Privacy violations Disruption of operations Unauthorised use of assets
Information System Audit : © South-Asian Management Technologies Foundation Steps to Asset Safeguarding Compiling functional IT asset list - Mission-critical functions Detailing the IT systems identified Asset protection Assigning of probabilities
Information System Audit : © South-Asian Management Technologies Foundation Evidence Collection during Audit Reviewing the organizational structure, documentation, standards, and practices. Interviewing appropriate personnel Observing processing and operations. Using audit documentation techniques Applying analytical review procedures and sampling techniques. Using software tools to analyse logs and audit trails
Information System Audit : © South-Asian Management Technologies Foundation Evidence Collection during Audit Physical Examination Confirmation Documentation Observation Inquiry Processing accuracy Screen shots Log Files Testing Software Results Analytical Procedures Audit Trails
Information System Audit : © South-Asian Management Technologies Foundation Audit Trails Audit trails are records of an activity that can be used to reconstruct the performance of the activity. Ensure audit trail when: –Access is granted to a sensitive information asset. –Network services are accessed. –Override system controls are used –Unsuccessful attempts are made to access sensitive information or use network services.
Information System Audit : © South-Asian Management Technologies Foundation Audit Trails To include in the audit trail as much of the following as is practical: –User identification –Functions, resources and information used or changed –Date and time stamp (including time zone) ; –Work-station address and network connectivity path –Specific transaction or program executed.
Information System Audit : © South-Asian Management Technologies Foundation Audit Trails To provide an additional real time alarm for on-line capabilities: –Access attempts that violate the access control rules –Attempts to access functions or information not authorized –Concurrent log-on attempts –Security profile changes
Information System Audit : © South-Asian Management Technologies Foundation System Logs Control Total Verification Transaction logs Operator logs System starting and finishing time System errors and corrective action taken Confirmation of the correct handling of data files and computer output Name of the person making the log entry. Operator’s logs should be compared against operating procedures. Fault logging
Auditing Computer Systems Dr. Yan Xiong College of Business CSU Sacramento 9/11/03.
IS 630 : Accounting Information Systems Auditing Computer-based Information Systems Lecture 10.
Chapter 11 Auditing Computer-Based Information Systems Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 11-1.
CISA : Chapter #1The Information Systems Audit Process1.
Chapter 3-Auditing Computer-based Information Systems.
Overview of IS Auditing n Need for control and Audit of Computers –Org cost of data loss –cost of incorrect decision –Value of hardware, software, personnel.
© 2003 McGraw-Hill Australia Pty Ltd, PPTs t/a Accounting Information & Reporting Systems by A. Aseervatham and D. Anandarajah. Slides prepared by Kaye.
Chapter 6-1 The Islamic University of Gaza Accounting Information System Internal Control Systems Dr. Hisham Madi.
Information System Audit : © South-Asian Management Technologies Foundation Chapter 1: Overview of Systems Audit.
Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Copyright © 2015 Pearson Education, Inc. Auditing Computer-Based Information Systems Chapter
Lecture 1: Overview modified from slides of Lawrie Brown.
Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.
Introduction to Internal Control Systems Introduction Internal Control Systems Definition Framework Preventive, Detective, and Corrective Controls.
1 Session 3 – Information Security Policies. 2 General - background How to establish security requirements –Risk assessments –Legal, statutory requirements.
©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart 10-1 Accounting Information Systems 9 th Edition Marshall.
Information Systems Security Officer CS 996: Information Security Management Pavel Margolin 4/20/05.
Bodnar/Hopwood AIS 7th Ed1 Chapter 5 u TRANSACTION PROCESSING AND INTERNAL CONTROL PROCESS.
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
Presented to President’s Cabinet. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an.
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 4 – 1 Transaction Processing and the Internal Control.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/Irwin Copyright © 2008 by The McGraw-Hill Companies, Inc. All rights reserved.
Today’s Lecture Covers
Internal Control Concepts A Guide for Deans, Directors, and Department Chairs.
S5: Internal controls. What is Internal Control Internal control is a process Internal control is a process Internal control is effected by people Internal.
1 Evaluation of Internal Control System. 2 Learning Objective 1 Contrast management’s need for internal control with the auditor’s need to consider internal.
Auditing Concepts. The Auditing Process Definition: American Accounting Association (AAA) Auditing is a systematic process of objectively obtaining.
Internal controls. Session objectives Define Internal Controls To understand components of Internal Controls, control environment and types of controls.
Chapter 8-1 The Islamic University of Gaza Accounting Information Systems Information Technology Auditing Dr. Hisham madi.
Ashok Seth, B.Sc, F.C.A. DISA (ICI) Lucknow AUDIT IN COMPUTERIZED ENVIRONMENT.
IT Risks and Controls Revised on Content Internal Control What is internal control? Objectives of internal controls Types of internal controls.
© 2016 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Copyright © 2015 Pearson Education, Inc. Control and Accounting Information Systems Chapter
Understanding the IT environment of the entity. Session objectives Defining contours of financial accounting in an IT environment and its characteristics.
Chapter 5 Internal Control over Financial Reporting Copyright © 2010 South-Western/Cengage Learning.
S4: Understanding the IT environment of the entity.
Chapter 8-1 Chapter 8 Accounting Information Systems Information Technology Auditing Dr. Hisham madi.
Security in Practice Enterprise Security. Business Continuity Ability of an organization to maintain its operations and services in the face of a disruptive.
McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Auditing Internal Control over Financial Reporting Chapter Seven.
Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Chapter 4 Risk Assessment. Audit Risk The risk that an auditor expresses an inappropriate audit opinion when the financial statements are materially misstated.
McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Internal Control in a Financial Statement Audit Chapter Six.
Auditing Internal Control Studies & Risk Assessment Chapter 9 Internal Control Studies & Risk Assessment Chapter 9.
Information Security What is Information Security?
9 - 1 What is the purpose of an ICS? l First, what is it?? Policies and procedures established to provide reasonable assurance that the entities specific.
© 2017 SlidePlayer.com Inc. All rights reserved.