Today’s Lecture Covers <Chapter 5 - Controls over Computer Operations and IS Support – Integrity <Chapter 7 – application controls

Slides:



Advertisements
Similar presentations
Configuration Management
Advertisements

Presented to the Tallahassee ISACA Chapter
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
Software Quality Assurance Plan
Auditing Concepts.
Information Technology Control Day IV Afternoon Sessions.
Auditing Computer-Based Information Systems
Group 3 John Gregory John Marsh Gerri Houston Samantha McNeily.
Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.
Auditing Computer Systems
Chapter 10: Auditing the Expenditure Cycle
Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.
CHAPTER 9 UNDERSTANDING INTERNAL CONTROLS Winter 2004
Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Auditing Auditing & Automated Systems Chapter 22 Auditing & Automated Systems Chapter 22.
PowerPoint Presentation by Charlie Cook Copyright © 2004 South-Western. All rights reserved. Chapter 9 Controlling Information Systems: Process Controls.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley The Impact of Information Technology on the Audit.
Copyright © 2015 Pearson Education, Inc. Processing Integrity and Availability Controls Chapter
Chapter 10 Information Systems Controls for System Reliability—Part 3: Processing Integrity and Availability Copyright © 2012 Pearson Education, Inc.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Today’s Lecture application controls audit methodology.
Chapter 17: Computer Audits ACCT620 Internal Accounting Otto Chang Professor of Accounting.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
TO ENSURE  THE EFFICIENT & EFFECTIVE DEVELOPMENT / MAINTENANCE OF IT SYSTEMS  PROPER IMPLEMENTATION OF IT SYSTEMS  PROTECTION OF DATA AND PROGRAMS.
Computer Based Information Systems Control UAA – ACCT 316 – Fall 2003 Accounting Information Systems Dr. Fred Barbee.
Information Systems Security Computer System Life Cycle Security.
Chapter 5 Internal Control over Financial Reporting
Auditing Complex EDP Systems
1 12 Systems Analysis and Design in a Changing World, 2 nd Edition, Satzinger, Jackson, & Burd Chapter 12 Designing Systems Interfaces, Controls, and Security.
Today’s Lecture Covers < Chapter 6 - IS Security
Service Transition & Planning Service Validation & Testing
Copyright © 2007 Pearson Education Canada 1 Chapter 13: Audit of the Sales and Collection Cycle: Tests of Controls.
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
Information Systems Security Operational Control for Information Security.
Understanding the IT environment of the entity. Session objectives Defining contours of financial accounting in an IT environment and its characteristics.
I.Information Building & Retrieval Learning Objectives: the process of Information building the responsibilities and interaction of each data managing.
S4: Understanding the IT environment of the entity.
THE STUDY & EVALUATION OF INTERNAL CONTROL. Definition Professional Standards Data-Oriented  Small, simple systems  Weaker controls System-Oriented.
© Mahindra Satyam 2009 Configuration Management QMS Training.
1 Chapter Nine Conducting the IT Audit Lecture Outline Audit Standards IT Audit Life Cycle Four Main Types of IT Audits Using COBIT to Perform an Audit.
Chapter 9 Controlling Information Systems: Application Controls.
College Reviews An Overview Presented by Howard Lutwak, CIA Director of Internal Audit January 2004.
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.1 Internal.
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-1 Chapter 6 CHAPTER 6 INTERNAL CONTROL IN A FINANCIAL STATEMENT AUDIT.
AUDIT IN COMPUTERIZED ENVIRONMENT
Hall, Accounting Information Systems, 7e ©2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly.
ISO/IEC 27001:2013 Annex A.8 Asset management
Copyright © 2007 Pearson Education Canada 23-1 Chapter 23: Using Advanced Skills.
Chapter 8 Auditing in an E-commerce Environment
This Lecture Covers Roles of –Management –IT Personnel –Users –Internal Auditors –External Auditors.
Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.
© 2003 McGraw-Hill Australia Pty Ltd, PPTs t/a Accounting Information & Reporting Systems by A. Aseervatham and D. Anandarajah. Slides prepared by Kaye.
Chapter 3-Auditing Computer-based Information Systems.
Pertemuan 14 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Welcome. Contents: 1.Organization’s Policies & Procedure 2.Internal Controls 3.Manager’s Financial Role 4.Procurement Process 5.Monthly Financial Report.
EECS David C. Chan1 Computer Security Management Session 1 How IT Affects Risks and Assurance.
Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
8 INTERNAL CONTROL. Definition Duty  mgt (CEO)  Board  Internal auditor  Employee  External person.
Auditing Concepts.
Processing Integrity and Availability Controls
Software Requirements
Managing the IT Function
The Impact of Information Technology on the Audit Process
The Impact of Information Technology on the Audit Process
Internal controls 01-Nov-2017.
Chapter 22, Part
SDLC Phases Systems Design.
Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.
Presentation transcript:

Today’s Lecture Covers <Chapter 5 - Controls over Computer Operations and IS Support – Integrity <Chapter 7 – application controls

Integrity System processing is complete, accurate, timely and authorized

Need to Align Comp. Op’n Services with Business Requirements <7 minimum control standards to ensure that defined user requirements are met. < Operations and support to be defined in a formal service agreement <procedures to monitor operations and services delivery performance (use of charge-out systems for IT costs - need to decide on fair allocation) <mgt processes should assess effectiveness and efficiency of service delivery

Alligning Comp. Op’n Services with Business Requirements 7 minimum control standards (cont’d) <procedures should identify and resolved promptly to minimize impact (anticipate user requirements and get appropriate resources in advance) <configuration mgt and planning procedures should be established. Important to have hardware and software monitoring and approval process.

<Alligning Comp. Op’n Services with Business Requirements <the final 2 of 7 <Operations change mgt process should ensure the integrity of operations <formal procedures should govern software version usage and control strategy

Control over Integrity and Availability ensure complete, accurate and authorized processing of information ensure continuity of processing services in light of minor processing errors or minor destruction of records formal stds and procedures for all significant computer operations application environment is properly controlled offsite-back up is used

Control over Integrity and Availability operation service schedules used and monitored physical and/or logical control over output procedures to provide integrity of files in off-line storage

Control Over System Software <config mgt procedures used <acquisition and implementation policies used <change mgt procedures should be used <protection from viruses

Control over Info Transmission <procedures to protect in bound information and outbound information <network design should incorporate information integrity, confidentiality and availability requirements for transmissions <network implementation and config mgt needs to be controlled

Control over Data Mgt roles and responsibilities for data mgt needed database design and implementation needs to address security, integrity and control requirements also incorporate reliability and availability requirements

Control over End-Using Computing procedures to ensure that end-users conform with organizational strategy stds for development, acquisition, documentation and operation of applications procedures. Effective support and training monitoring end-using computing

General vs Application Controls general implemented consist. across all appl. application are built into specific programs distinction often arbitrary- general are usually reviewed once for audit as a whole application must be considered for each significant application if general are uniformly strong and operate effectively obtain such assur. wrt each app. if not, does not mean each appl. affected... need to consider app by app.

Hardware - such as parity checks, character checks Input and output controls - at source dep’t and data control Programmed controls (software) Application Controls

Effective Design designed with regard to business require designed with regard to business risk analysis only rely upon after taking general controls into consideration look for integrity/accuracy use structured programming techniques use training

Types of Transactions each have different sensitivity and risk of errors master file changes - updated only periodically normal business applications error correction transactions

Master File Changes completeness, accuracy, and data authorization critical error would occur every time make sure using current masters important to guard against fraud

Normal Transactions second largest concern as most transactions necessary to control effectively Need to include controls over regular transactions and reports

Error Correction Transactions watch bypass potential errors often put aside and ignored all should be logged with clear responsibility for correction ideally put back through regular processing

Preventive Controls over Processing data entry as close to source of transact as possible to ensure familiarity structure operating procedures so that business activity not complete till transaction processing eliminate human component as much as possible authorize transactions before data entry use access control software

Preventive Controls over Processing (cont’d) use 3 levels access - physical access to terminal, access control over use of terminal and then authorization in software scrutinize manually prepared input use computer to edit transactions - use edit progs to check for items such as missing data, format, self checking digit, limits & logical relation checks use key verification & interactive systems use formatted input screens

Preventive Controls over Processing (cont’d) use appropriately designed input forms single source transaction data - input once document application control procedures - manuals etc. training and supervision adequate working conditions

Detective Controls Use suspense records for impending transactions Monitor & investigate lack of regular activity (see if transactions omitted) verify records by examining assets etc. prepare budgets/investigate variances number transactions - check sequence group and count source documents and count # transactions processed

Detective Controls (cont’d) use control totals to check completeness reconcile changes in recorded assets and liabilities to transactions processed If practical, establish procedures for verification by users design programmed reasonableness tests match processing results to source documents in detail check computations

Detective Controls (cont’d) use summary and exception reports use double entry recording to balance transactions agree summary records to detailed records require user approval of results require error tracking and analysis - develop stats

Master File Controls authorize all changes before input record changes to semi-permanent listings, reconcile changes print out for review by knowledgeable users for errors use control totals application progs should internally label master files

Errors and Exception Controls use error and exception reports - ensure follow- up user error logs and define correction procedures and responsibilities resubmit errors into NORMAL processing cycle - do not bypass

Management & Audit Trails file each record in planned sequence to facilitate retrieval provide unique id for each record retain source copy for transactions provide methods of tracing data backwards and forwards through IS document retention procedures

Management & Audit Trails (cont’d) use logs periodically copy and save permanent records that are overwritten by changes provide software capability to scrutinize & analyse data

Advanced System Characteristics absence independent evidence no visible audit trails lack of auth evidence heavy I/C reliance need to understand transaction flow test controls to be relied upon audit hardware/software

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.