Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Systems Controls for System Reliability -Information Security-

Published byHarvey McDaniel Modified over 8 years ago

Similar presentations

Presentation on theme: "Information Systems Controls for System Reliability -Information Security-"— Presentation transcript:

1 Information Systems Controls for System Reliability -Information Security-

2 Accounting Information System Control  COSO’s Enterprise Risk Management – Integrated Framework  COBIT

3 Information for management  Effectiveness  Information must be relevant and timely.  Efficiency  Information must be produced in a cost- effective manner.  Confidentiality  Sensitive information must be protected from unauthorized disclosure.  Integrity  Information must be accurate, complete, and valid.  Availability  Information must be available whenever needed.  Compliance  Controls must ensure compliance with internal policies and with external legal and regulatory requirements.  Reliability  Management must have access to appropriate information needed to conduct daily activities and to exercise its fiduciary and governance responsibilities.

4 COSO’s Enterprise Risk Management – Integrated Framework

5 Components of COSO’s ERM Internal Environment Encompasses the tone of an organization. Includes risk management philosophy and risk appetite, integrity and ethical values, and the environment in which they operate. Objective Setting Objectives must exist before management can identify potential events affecting their achievement. Event Identification Internal and external events affecting achievement of an entity’s objectives must be identified, distinguishing between risks and opportunities. Risk Assessment Risks are analyzed, considering likelihood and impact, as a basis for determining how they should be managed.

6 Components of COSO’s ERM Risk Response Management selects risk responses – avoiding, accepting, reducing, or sharing risk – developing a set of actions to align risks with the entity’s risk tolerances and risk appetite. Control Activities Policies and procedures are established and implemented to help ensure the risk responses are effectively carried out. Information and Communication Relevant information is identified, captured, and communicated to enable people to carry out their responsibilities. Effective communication also occurs in a broader sense, flowing down, across and up the entity. Monitoring Enterprise risk management is monitored and modifications are made as necessary.

7 COBIT Framework – Control Objectives

8 Plan & Organise Acquire & implement Deliver & Support Monitor & Evaluate Management develops plans to organize information resources to provide the information it needs. Management authorizes and oversees efforts to acquire (or build internally) the desired functionality. Management ensures that the resulting system actually delivers the desired information. Management monitors and evaluates system performance against the established criteria. Cycle constantly repeats, as management modifies existing plans and procedures or develops new ones to respond to changes in business objectives and new developments in information technology.

9 Trust Service Framework Security Access to the system and its data is controlled and restricted to legitimate users. Confidentiality Sensitive organizational information (e.g., marketing plans, trade secrets) is protected from unauthorized disclosure. Privacy Personal information about customers is collected, used, disclosed, and maintained only in compliance with internal policies and external regulatory requirements and is protected from unauthorized disclosure. Processing Integrity Data are processed accurately, completely, in a timely manner, and only with proper authorization. Availability The system and its information are available to meet operational and contractual obligations.

10 Trust Service Framework

11 Security – Systems Reliability Foundation of the Trust Service Framework :  Management Issue, not a technology issue  SOX Section 302—CEOs and CFOs must certify quarterly and annual financial statements.  Defense-in-depth and the time-based model of information security  Have multiple layers of control

12 Management’s Role  Create security aware culture  Inventory and value company information resources  Assess risk, select risk response  Develop and communicate security:  Plans, policies, and procedures  Acquire and deploy IT security resources  Monitor and evaluate effectiveness

13 Control Plans Preventive Controls: stop problems from occurring. Ex. Programmed edits reject incorrect data as it is entered. Detective Controls: discover that problems have occurred. Ex. Review and compare totals to determine if processing was carried out correctly. Corrective Controls: rectify problems that have occurred. Ex. Erroneous data is entered in the system and reported on an error and summary report; a clerk re-enters the data.

14 Other Control Plans Pervasive control plans relate to a multitude of goals and processes, They are broad in scope and apply equally to all business processes. General controls (also known as IT general controls) applied to all IT service activities. Business process control plans applied to a particular business process, such as billing or cash receipts. Application controls automated business process controls contained within IT application systems (i.e., computer programs).

15  Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall  Copyright © 2011 Cengage Learning. All Rights Reserved.

Download ppt "Information Systems Controls for System Reliability -Information Security-"

Similar presentations

Internal Control Integrated Framework

Internal Control Integrated Framework
Internal Control–Integrated Framework

Internal Control–Integrated Framework
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Control and Accounting Information Systems

Control and Accounting Information Systems
Control and Accounting Information Systems

Control and Accounting Information Systems
Prepared by Wa'el Bibi,CPA,CIA,CISA1 Internal Control Integrated Framework An Overview.. Bibi Consulting COSO’s Source: COSO’s Internal Control Integrated.

Prepared by Wa'el Bibi,CPA,CIA,CISA1 Internal Control Integrated Framework An Overview.. Bibi Consulting COSO’s Source: COSO’s Internal Control Integrated.
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.

ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.

Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
The Islamic University of Gaza

The Islamic University of Gaza
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Accounting Information Systems 7e

Accounting Information Systems 7e
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 222 C HAPTER 7 Information Systems Controls for Systems.

© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 222 C HAPTER 7 Information Systems Controls for Systems.
Accounting Information Systems Chapter Outlines

Accounting Information Systems Chapter Outlines
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.

COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Auditing A Risk-Based Approach To Conducting A Quality Audit

Auditing A Risk-Based Approach To Conducting A Quality Audit

Similar presentations

Ads by Google