Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance."— Presentation transcript:

1 Internal Control Concepts Knowledge

2 Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance

3 Internal Control Objectives Safeguarding of information technology assets Compliance to corporate policies or legal requirements Authorization/input Accuracy and completeness of processing of transactions Output Reliability of process Backup/recovery Efficiency and economy of operations

4 Information Systems Control Objectives Safeguarding assets Assuring the integrity of general operational system environments Assuring the integrity of sensitive and critical application system environments –Authorization of the input –Accuracy and completeness of processing of transactions –Reliability of overall information processing activities –Accuracy, completeness and security of the output –Database Integrity Ensuring the efficiency and effectiveness of operations (operationnal objectives) Complying with the users' requirements, organizational policies and procedures, and applicable laws and regulations (compliance objectives) Developing business continuity and disaster recovery plans Developing an incident response and handling plan

5 COBIT 34 high level control objectives 4 domains –Plan and organize –Acquire and implement –Deliver and support –Monitor and evaluate

6 Other Internal Control Standards ITIL ISO IEC 1799 Sarbanes - Oxley COSO

7 Procedures Strategy and direction General organizational and management Access to data and programs Systems development methodologies and change control Data processing operations Systems programming and technical support functions Data processing quality assurance procedures Physical access controls Business Continuity/Disaster Recovery Planning Network and Communications Database administration

8 Application Controls Function To ensure Auditor task

9 Function Input Processing Output

10 Input Input Authorization Batch Control and Balancing Error reporting and handling Techniques

11 Input Authorization Signatures on batch forms or source documents Online access controls Unique password Terminal or client workstation identification Source documents –Standard headings –Title and instructions –Layouts Emphasize ease of use and readability Group similar fields together to facilitate input Provide predetermined input codes to reduce errors Contain appropriate cross-reference numbers or a comparable identifiier to facilitate research and tracing Use boxes to identify field size errors Include an appropriate area for management to document authorization

12 Batch Control and Balancing Types of batch control Types of batch balancing

13 Types of batch control Total monetary amount Total items Total documents Hash totals

14 Types of batch balancing Batch registers Control accounts Computer agreement

15 Error reporting and handling Rejecting only transactions with errors Rejecting the whole batch of transactions Holding the batch in suspense Accepting the batch and flagging error transactions

16 Techniques Transaction log Reconsilition of data Documentation Error correction procedures Anticipation Transmittal log Cancellation of source documents

17 Error correction procedures Logging of errors Timely corrections Upstream resubmission Approval of corrections Suspence file Error file Validity of corrections

18 Processing Data Validation and Editing Procedures Techniques Data file control procedures

19 Techniques Manual recalculations Editing Run to run totals Programmed controls Reasonableness verification of calculated amounts Limit checks on calculated amounts Reconciliation of file totals Exception reports

20 Data file control procedures System control parameters Standing data Master data/balance data Transaction files

21 Output Logging and storage of negotiable, sensitive and critical forms in a secure place Computer generation of negotiable instruments, forms, and signatures Report distribution Balancing and reconciling Output error handling Output report retention Verification of receipt of reports

22 To ensure Only complete, accurate, and valid data are entered and updated in a computer system Processing accomplishes the correct task Processing results meet expectations Data are maintained

23 Auditor task Identifying the significant application component and the flow of transactions throught the system and gaining a detailed understanding of the application by reviewing the availability documentation and interviewing appropriate personnel Identifying the application control strenghts, and evaluation the impact of the control weaknesses on the development of a testing strategy by analyzing the accumulated information Testing the controls to ensure their functionality and effectiveness by applying appropriate audit procedures Evaluating the control environment to determine that control objectives were achieved through analyzing the test results and other audit evidence Considering the operational aspects of the application to ensure its efficiency and effectiveness by comparing the system with efficient programming standards, analyzing procedures used and comparing them to management's objectives for the systems

Download ppt "Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance."

Similar presentations

Application Security By Prashant Mali.

Application Security By Prashant Mali.
IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….
Presented to the Tallahassee ISACA Chapter

Presented to the Tallahassee ISACA Chapter
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
Software Quality Assurance Plan

Software Quality Assurance Plan
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.

Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.
Auditing Computer Systems

Auditing Computer Systems
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
The Islamic University of Gaza

The Islamic University of Gaza
OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.

OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.
Chapter 10: Auditing the Expenditure Cycle

Chapter 10: Auditing the Expenditure Cycle
Security Controls – What Works

Security Controls – What Works
1 Continuous Auditing Implications: Rethinking the Roles of Systems of Internal Controls Presented by Rob Nehmer Berry College at the Fifth Continuous.

1 Continuous Auditing Implications: Rethinking the Roles of Systems of Internal Controls Presented by Rob Nehmer Berry College at the Fifth Continuous.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Managing the Information Technology Resource Jerry N. Luftman

Managing the Information Technology Resource Jerry N. Luftman
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.

COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Similar presentations

Ads by Google