Information Technology Controls

Slides:

Advertisements

Similar presentations

Module N° 3 – ICAO SARPs related to safety management

Advertisements

Nishidh, CISSP. To comply with Sarbanes oxley and other legislations To comply with industry standards and business partner requirements To protect.

Bodnar/Hopwood AIS 7th Ed1 Chapter 5 u TRANSACTION PROCESSING AND INTERNAL CONTROL PROCESS.

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

Control and Accounting Information Systems

Control and Accounting Information Systems

Auditing Concepts.

Understanding & Managing Risk

Auditing Computer Systems

Auditing Computer-Based Information Systems

The Islamic University of Gaza

Audit Guidance Using the Federal Information System Controls Audit Manual (FISCAM) to Achieve Audit Objectives in Financial and Performance Audits Mickie.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

Internal Control Concepts A Guide for Deans, Directors, and Department Chairs.

First Practice - Information Security Management System Implementation and ISO Certification.

Auditing Auditing & Automated Systems Chapter 22 Auditing & Automated Systems Chapter 22.

Stephen S. Yau CSE , Fall Security Strategies.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.

Session 3 – Information Security Policies

1 Performance Auditing  In IT Environment  Evidence Gathering & Analysis Techniques  Computer Assisted Techniques  Use of IDEA.

Introduction to Network Defense

Information Technology Audit

Overview of Systems Audit

Evolving IT Framework Standards (Compliance and IT)

HIPAA COMPLIANCE WITH DELL

NIST Special Publication Revision 1

Introduction to Internal Control Systems

Internal controls. Session objectives Define Internal Controls To understand components of Internal Controls, control environment and types of controls.

1 Chapter Three IT Risks and Controls. 2 The Risk Management Process Identify IT Risks Assess IT Risks Identify IT Controls Document IT Controls Monitor.

ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

Roadmap to Maturity FISMA and ISO 2700x. Technical Controls Data IntegritySDLC & Change Management Operations Management Authentication, Authorization.

Risk Management. IT Controls Risk management process Risk management process IT controls IT controls IT Governance Frameworks IT Governance Frameworks.

Understanding the IT environment of the entity. Session objectives Defining contours of financial accounting in an IT environment and its characteristics.

S4: Understanding the IT environment of the entity.

Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.

Fundamentals I: Accounting Information Systems McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

Risk Management & Corporate Governance 1. What is Risk?  Risk arises from uncertainty; but all uncertainties do not carry risk.  Possibility of an unfavorable.

[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.1 Internal.

IT Risks and Controls Revised on Content Internal Control  What is internal control?  Objectives of internal controls  Types of internal controls.

Advanced Accounting Information Systems Day 19 Control and Security Frameworks October 7, 2009.

IT Controls Global Technology Auditing Guide 1.

S5: Internal controls. What is Internal Control Internal control is a process Internal control is a process Internal control is effected by people Internal.

ISO/IEC 27001:2013 Annex A.8 Asset management

IS 630 : Accounting Information Systems Auditing Computer-based Information Systems Lecture 10.

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

INTRODUCTION TO PUBLIC FINANCE MANAGEMENT Module 4.3: Internal Control & Audit.

Report Performance Monitor & Control Risk Administer Procurement MONITORING & CONTROLLING PROCESS.

© 2003 McGraw-Hill Australia Pty Ltd, PPTs t/a Accounting Information & Reporting Systems by A. Aseervatham and D. Anandarajah. Slides prepared by Kaye.

Chapter 3-Auditing Computer-based Information Systems.

Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.

Alex Ezrakhovich Process Approach for an Integrated Management System Change driven.

Collaboration Process 1. IC Objectives and Risk Tolerances Define, document, and implement top-down internal control objectives and risk tolerances: 

Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.

Welcome to the ICT Department Unit 3_5 Security Policies.

Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.

SUNY Maritime College Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal.

Modern Auditing: Assurance Services and the Integrity of Financial Reporting, 8th Edition William C. Boynton California Polytechnic State University at.

Auditing Concepts.

Training Course on Integrated Management System for Regulatory Body

Chapter 4 Internal Controls McGraw-Hill/Irwin

APPLICATION RISK AND CONTROLS

Security Engineering.

Computer Control & Audit

Risk Management Definition

HSE Case: Risk Based Approach.

INTRODUCTION TO PUBLIC FINANCE MANAGEMENT

INFORMATION SYSTEMS SECURITY and CONTROL

Performance improvement observations

Presentation transcript:

Information Technology Controls Presented by: Brian Christian

Introduction Support business management Provide general and technical controls over the polices, processes, systems, and people that makeup IT infrastructure Essential for reliability

Structure of IT Auditing

Understanding Controls General Application Preventive Detective Corrective Governance Management Technical Classified by purpose in overall system of internal controls Classified by group responsible for ensuring implementation and maintenance

IT Controls Hierarchy Define aims and objectives Define ways of working

Organization and Management Segregation of duties Initiating, authorizing, inputting, processing and checking data – Separate! IT Environment: Systems development and operations – Separate! Financial controls Identify potential failings early on Change Management

IT Controls Hierarchy Specific application systems Protect from damage Generic Application Controls: Input Processing Output Integrity Management Trail Protect from damage or loss Controlled method for development Configuration Techniques

Security and Importance of Controls Information Security Confidentiality Integrity Availability Importance of IT Controls Controlling costs and remaining competitive Protecting against information theft Complying with legislation (i.e. SOX)

Analyzing Risks Risk & Response Adequacy of Controls? Risk Mitigation IT controls are selected and implemented based on risks they are designed to manage Adequacy of Controls? Risk Mitigation Accept Eliminate Share Control

Monitoring and Assessing Controls Choosing a framework Monitoring IT Controls Ongoing Special Reviews Assessing Controls Audit Methodology Testing IT Controls and Continuous Assurance

Summary Multiple types of controls General & Application PDC Controls Governance, Management, Technical Continuous, reliable assurance and trail of evidence Controlling, Protecting & Complying Risk assessment Monitoring is critical

Questions?