Managing the IT Function

Slides:



Advertisements
Similar presentations
Presented to the Tallahassee ISACA Chapter
Advertisements

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
General Ledger and Reporting System
Information Technology Control Day IV Afternoon Sessions.
Auditing Computer-Based Information Systems
Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.
Auditing Computer Systems
9 - 1 Computer-Based Information Systems Control.
Chapter 10: Auditing the Expenditure Cycle
©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder The Impact of Information Technology on the Audit Process Chapter 12.
Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.
Database Integrity, Security and Recovery Database integrity Database integrity Database security Database security Database recovery Database recovery.
Chapter 14 System Controls. A Quote “The factory of the future will have only two employees, a man and a dog. The man will be there to feed the dog. The.
Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.
Pertemuan 16 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Auditing Auditing & Automated Systems Chapter 22 Auditing & Automated Systems Chapter 22.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley The Impact of Information Technology on the Audit.
General Ledger and Reporting System
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Chapter 10 Information Systems Controls for System Reliability—Part 3: Processing Integrity and Availability Copyright © 2012 Pearson Education, Inc.
Today’s Lecture application controls audit methodology.
 Review the security rule as it pertains to ›Physical Safeguards ♦ How to protect the ePHI in the work environment ♦ Implementation ideas for your office.
Auditors: Why do they ask all those questions? LGC Resource April 2015 Penny Austin, Assistant Director – IS Local Government Audit.
Chapter 10: Computer Controls for Organizations and Accounting Information Systems
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
TO ENSURE  THE EFFICIENT & EFFECTIVE DEVELOPMENT / MAINTENANCE OF IT SYSTEMS  PROPER IMPLEMENTATION OF IT SYSTEMS  PROTECTION OF DATA AND PROGRAMS.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Computer Based Information Systems Control UAA – ACCT 316 – Fall 2003 Accounting Information Systems Dr. Fred Barbee.
Transaction Processing and the Internal Control Process Small Business Information Systems Professor Barry Floyd.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
The University of Akron Dept of Business Technology Computer Information Systems DBMS Functions 2440: 180 Database Concepts Instructor: Enoch E. Damson.
Transaction Processing System
Security Architecture
Implications of Information Technology for the Audit Process
Copyright © 2007 Pearson Education Canada 1 Chapter 13: Audit of the Sales and Collection Cycle: Tests of Controls.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
Information Systems Security Operational Control for Information Security.
Fundamentals I: Accounting Information Systems McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Database Security Outline.. Introduction Security requirement Reliability and Integrity Sensitive data Inference Multilevel databases Multilevel security.
Auditing the Revenue Cycle. Learning Objectives After studying this chapter, you should: Understand the operational tasks associated with the revenue.
SECURITY OF DATA By: ADRIAN PERHAM. Issues of privacy; Threats to IT systems; Data integrity; Standard clerical procedures; Security measures taken to.
Today’s Lecture Covers
Chapter 2 Securing Network Server and User Workstations.
IT Risks and Controls Revised on Content Internal Control  What is internal control?  Objectives of internal controls  Types of internal controls.
Security Policies. Threats to security and integrity  Threats to information systems include  Human error –keying errors, program errors, operator errors,
ISO/IEC 27001:2013 Annex A.8 Asset management
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Copyright © 2007 Pearson Education Canada 23-1 Chapter 23: Using Advanced Skills.
1 Banking and Reconciliation. 2 To Certify As A Cash Handler  Visit the training website  Review the Payment Card Industry (PCI)
The Impact of Information Technology on the Audit Process
Protecting Data. Privacy Everyone has a right to privacy Data is held by many organisations –Employers –Shops –Banks –Insurance companies –etc.
Internal Control.
Chapter 11 Designing Inputs, Outputs, and Controls.
Errors, Fraud, Risk Management, and Internal Controls
APPLICATION RISK AND CONTROLS
Processing Integrity and Availability Controls
The Impact of Information Technology on the Audit Process
Internal Controls.
The Impact of Information Technology on the Audit Process
Systems Design Chapter 6.
CHAPTER 15 AUDITING EDP SYSTEMS.
HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.
Managing the IT Function
Internal Controls.
Internal Controls.
Presentation transcript:

Managing the IT Function CISB424, Sulfeeza Revised on 2015

Content What is IT Function? How to plan, measure and monitor IT function in an organization Managing IT function in terms of: Organizing the IT function Funding the IT function Staffing the IT function Directing the IT function Controlling the IT function Security Applications Database Backup and Recovery CISB424, Sulfeeza

b) Application Controls The main objective of application controls are to ensure the confidentiality, accuracy, integrity, availability and completeness of the application and its associated data. So, what does that mean? Confidentiality – a data breach or release in violation of legal regulations Accuracy – correctness of data Integrity – data can be relied upon for accuracy Availability – data is available when needed Completeness – data is processed in complete manner CISB424, Sulfeeza

b) Application Controls It covers the controls over input, processing and output So, what does that mean? Ensure that input data is complete, accurate and valid Ensure that processing produces expected results Ensure that processing accomplished desired tasks Ensure that output are protected from disclosure CISB424, Sulfeeza

b) Application Controls Input controls - Controls that are in-placed to ensure only accurate and authorised data is entered into the system Objectives of input control: All transactions are initially and completely recorded All transactions are completely and accurately entered into the system All transactions are entered only once CISB424, Sulfeeza

b) Application Controls - Input Controls that can be implemented: Pre-numbered documents Control total reconciliation Data validation Activity logging Document scanning Access authorization Document cancellation CISB424, Sulfeeza

Input Controls – Example Scenario A customer purchases goods at a store counter. (Authorizing the sale) A cashier records the sale on the cash register (Approving the sale, balances the register, logs the logs into the register with ID) An accounting clerk later processes cash register sales in batches. (Inputs sales transactions into accounting system in batches) CISB424, Sulfeeza

Sample audit program CISB424, Sulfeeza

Sample audit program CISB424, Sulfeeza

b) Application Controls Processing controls -Controls that are in-placed to ensure that data are correctly and completely processed by the system Objectives of process controls: Approved transactions are accepted by the system and processed All rejected transactions are reported, corrected and re-input All accepted transactions are processed only once All transactions are accurately processed All transactions are completely processed Input data update the correct data files CISB424, Sulfeeza

b) Application Controls - Processing Controls that can be implemented: Control totals Programmed balancing Segregation of duties Restricted access File labels Exception reports Error logs Reasonableness tests Concurrent update control CISB424, Sulfeeza

Sample audit program CISB424, Sulfeeza

b) Application Controls Output controls Controls that are in-placed to ensure that data are correct, can only be accessed by authorized personnel and distributed only to authorized recipients Determine where the output could be printed, how long should it be retained in the systems, when it should be archived, etc CISB424, Sulfeeza

b) Application Controls - Output Controls that can be implemented: Complete audit trail Output distribution logs CISB424, Sulfeeza

Sample audit program CISB424, Sulfeeza

Sample audit program CISB424, Sulfeeza

b) Application Controls - Output Computer Screens Screens need to be physically secured when output is visible. Output should be removed when user leaves the terminal. Return to the screen should require a password. Printed reports Printer rooms need trail of accountability. Locks to prevent unauthorized access. Logs to sign in anyone entering. Logs to sign for reports. End user report requests should be password protected. Network printers should be placed where unauthorized persons will not have access. Must have record retention and destruction policies. Mandated by regulatory agency. Dictated by company policy. Permanent reports must be in secured area. Temporary reports must by properly destroyed. CISB424, Sulfeeza

c) Database Controls The DBMS acts as a layer between the application software and the OS. The application passes on the instructions for manipulating data, which are executed by the DBMS following the integrity rules and constraints built into the database definitions CISB424, Sulfeeza

c) Database Controls IT auditor would check to see that the following controls have been implemented and maintained to ensure database integrity and availability: Definition standards Data backup and recovery procedures Access controls - only authorized personnel can read, update or delete the database Concurrency controls Controls to ensure the accuracy, completeness and consistency of data elements and relationships. Checkpoints to minimize data loss Database re-organizations Database performance Capacity planning Who can access the database without going through the application? CISB424, Sulfeeza

d) Backup and Recovery Controls Controls that are implemented to ensure that business operations are able to recover and resume in the event of disasters Disaster can be: Natural – flood, earthquake Environmental – oil spill Man made – arson (fire), crime CISB424, Sulfeeza

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.