Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

Slides:



Advertisements
Similar presentations
Bodnar/Hopwood AIS 7th Ed1 Chapter 5 u TRANSACTION PROCESSING AND INTERNAL CONTROL PROCESS.
Advertisements

Control and Accounting Information Systems
Auditing Concepts.
©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart 10-1 Accounting Information Systems 9 th Edition Marshall.
Auditing Computer-Based Information Systems
Internal Control.
Auditing Computer Systems
Auditing Computer-Based Information Systems
Lecture 1: Overview modified from slides of Lawrie Brown.
The Islamic University of Gaza
The Islamic University of Gaza
Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Internal Control Concepts A Guide for Deans, Directors, and Department Chairs.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
The Information Systems Audit Process
Overview of IS Auditing n Need for control and Audit of Computers –Org cost of data loss –cost of incorrect decision –Value of hardware, software, personnel.
Session 3 – Information Security Policies
Chapter 10: Computer Controls for Organizations and Accounting Information Systems
SEC835 Database and Web application security Information Security Architecture.
Overview of Systems Audit
Computer Based Information Systems Control UAA – ACCT 316 – Fall 2003 Accounting Information Systems Dr. Fred Barbee.
Chapter 13 Processing Controls. Operating System Integrity Operating system -- the set of programs implemented in software/hardware that permits sharing.
Security in Practice Enterprise Security. Business Continuity Ability of an organization to maintain its operations and services in the face of a disruptive.
Presented to President’s Cabinet. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an.
Chapter 3 Ethics, Fraud, and Internal Control Accounting Information Systems, 5 th edition James A. Hall COPYRIGHT © 2007 Thomson South-Western, a part.
Internal controls. Session objectives Define Internal Controls To understand components of Internal Controls, control environment and types of controls.
Chapter 5 Internal Control over Financial Reporting
 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 4 – 1 Transaction Processing and the Internal Control.
Internal Control in a Financial Statement Audit
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
Evaluation of Internal Control System
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
Information Security What is Information Security?
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Today’s Lecture Covers
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-1 Chapter 6 CHAPTER 6 INTERNAL CONTROL IN A FINANCIAL STATEMENT AUDIT.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
AUDIT IN COMPUTERIZED ENVIRONMENT
IT Risks and Controls Revised on Content Internal Control  What is internal control?  Objectives of internal controls  Types of internal controls.
Presented to Managers. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an organization.
S5: Internal controls. What is Internal Control Internal control is a process Internal control is a process Internal control is effected by people Internal.
IS 630 : Accounting Information Systems Auditing Computer-based Information Systems Lecture 10.
McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Auditing Internal Control over Financial Reporting Chapter Seven.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
1 Banking and Reconciliation. 2 To Certify As A Cash Handler  Visit the training website  Review the Payment Card Industry (PCI)
E-Commerce E-Commerce Security?? Instructor: Safaa S.Y. Dalloul E-Business Level Try to be the Best.
© 2003 McGraw-Hill Australia Pty Ltd, PPTs t/a Accounting Information & Reporting Systems by A. Aseervatham and D. Anandarajah. Slides prepared by Kaye.
Chapter 8-1 Chapter 8 Accounting Information Systems Information Technology Auditing Dr. Hisham madi.
Chapter 3-Auditing Computer-based Information Systems.
Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.
Governance, risk and ethics. 2 Section A: Governance and responsibility Section B: Internal control and review Section C: Identifying and assessing risk.
Database Security Threats. Database An essential corporate resource Data is a valuable resource Must be strictly controlled, managed and secured May have.
McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Internal Control in a Financial Statement Audit Chapter Six.
©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley Internal Control and Control Risk Chapter 10.
CS457 Introduction to Information Security Systems
Auditing Concepts.
Internal Control Principles
INFORMATION SYSTEMS SECURITY AND CONTROL.
Internal Control.
Processing Integrity and Availability Controls
Chapter 9 Control, security and audit
Managing the IT Function
INFORMATION SYSTEMS SECURITY and CONTROL
Database Security &Threats
INTERNAL CONTROLS AND THE ASSESSMENT OF CONTROL RISK
Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.
Presentation transcript:

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements

Information System Audit : © South-Asian Management Technologies Foundation Risk Factors The risk factors inherent in business operations include the following: * Access Risk* Business Disruption Risk * Credit Risk* Customer Service Risk * Data Integrity Risk * Misstatement Risk * Physical Harm Risk* Fraud Risk * Legal And Regulatory Risk

Information System Audit : © South-Asian Management Technologies Foundation Risk analysis and Exposure A Risk is the likelihood that the organisation would face a vulnerability being exploited or a threat becoming harmful A Threat is an action, event or condition where there is a compromise in the system, its quality and ability to inflict harm to the organisation. Attack is a set of actions designed to compromise confidentiality, integrity, availability or any other desired feature of an information system.

Information System Audit : © South-Asian Management Technologies Foundation Risk and Exposures Vulnerability is the weakness in the system safeguards that exposes the system to threats. An Exposure is the extent of loss the organisation has to face when a risk materialises. Likelihood of the threat occurring is the estimation of the probability that the threat will succeed in achieving an undesirable event.

Information System Audit : © South-Asian Management Technologies Foundation Information System Control Objectives

Information System Audit : © South-Asian Management Technologies Foundation Information System Control Objectives Safeguarding information systems assets Compliance with corporate policies, regulatory and legal requirements Assuring system reliability Maintaining data integrity Assuring system security Assuring system availability

Information System Audit : © South-Asian Management Technologies Foundation Information System Control Objectives Maintaining system controllability Assuring system maintainability Assuring system usabilityensuring system effectiveness Maintaining system economy and efficiency Maintaining system quality

Information System Audit : © South-Asian Management Technologies Foundation Information System Audit Objectives Adequacy and effectiveness of internal controls. Efficient and effective allocation of resources Provide assurance that computer-related assets are safeguarded. Ensure that information is accurate, available on request, and reliable. Provide reasonable assurance that all errors, omissions, and irregularities are prevented, detected, corrected, and reported. Review the systems to ensure compliance to policies, procedures and standards.

Information System Audit : © South-Asian Management Technologies Foundation Information System Audit Objectives Ensure legal requirements are complied with, audit trails are incorporated, documentation is completed and systems data integrity and security is maintained. To identify and recognize the potential of computer related fraud, embezzlement, misappropriations and thefts. Ensure that the management takes corrective and preventive actions when required

Information System Audit : © South-Asian Management Technologies Foundation Information Systems Abuse Destruction of assets Theft of assets Modification of assets Privacy violations Disruption of operations Unauthorised use of assets

Information System Audit : © South-Asian Management Technologies Foundation Steps to Asset Safeguarding Compiling functional IT asset list - Mission-critical functions Detailing the IT systems identified Asset protection Assigning of probabilities

Information System Audit : © South-Asian Management Technologies Foundation Evidence Collection during Audit Reviewing the organizational structure, documentation, standards, and practices. Interviewing appropriate personnel Observing processing and operations. Using audit documentation techniques Applying analytical review procedures and sampling techniques. Using software tools to analyse logs and audit trails

Information System Audit : © South-Asian Management Technologies Foundation Evidence Collection during Audit Physical Examination Confirmation Documentation Observation Inquiry Processing accuracy Screen shots Log Files Testing Software Results Analytical Procedures Audit Trails

Information System Audit : © South-Asian Management Technologies Foundation Audit Trails Audit trails are records of an activity that can be used to reconstruct the performance of the activity. Ensure audit trail when: –Access is granted to a sensitive information asset. –Network services are accessed. –Override system controls are used –Unsuccessful attempts are made to access sensitive information or use network services.

Information System Audit : © South-Asian Management Technologies Foundation Audit Trails To include in the audit trail as much of the following as is practical: –User identification –Functions, resources and information used or changed –Date and time stamp (including time zone) ; –Work-station address and network connectivity path –Specific transaction or program executed.

Information System Audit : © South-Asian Management Technologies Foundation Audit Trails To provide an additional real time alarm for on-line capabilities: –Access attempts that violate the access control rules –Attempts to access functions or information not authorized –Concurrent log-on attempts –Security profile changes

Information System Audit : © South-Asian Management Technologies Foundation System Logs Control Total Verification Transaction logs Operator logs System starting and finishing time System errors and corrective action taken Confirmation of the correct handling of data files and computer output Name of the person making the log entry. Operator’s logs should be compared against operating procedures. Fault logging

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.