Control and Security Frameworks Chapter Three Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc. 2007.

Slides:



Advertisements
Similar presentations
Internal Control Integrated Framework
Advertisements

Internal Control in a Financial Statement Audit
Lisanne Sison Director ERM Bickmore
Chapter 10 Accounting Information Systems and Internal Controls
Control and Accounting Information Systems
Prepared by Wa'el Bibi,CPA,CIA,CISA1 Internal Control Integrated Framework An Overview.. Bibi Consulting COSO’s Source: COSO’s Internal Control Integrated.
Internal Control.
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
INTERNAL CONTROL. INTERNAL CONTROL DEFINED  INTERNAL CONTROL IS A PROCESS - EFFECTED BY AN ENTITY'S BOARD OF DIRECTORS, MANAGEMENT, AND OTHER PERSONNEL.
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.
Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.
Information Systems Controls for System Reliability -Information Security-
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
McGraw-Hill/Irwin © 2013 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 3 Internal Controls.
Central Piedmont Community College Internal Audit.
Chapter 8 Introduction to Internal Control Systems
Chapter 3 Internal Controls.
Transitioning to the COSO 2013 Update.  Released on May 14, 2013  Designed to build upon the foundation of the 1992 Framework  Will supersede the 1992.
Slide 1 Using Models Introduced in ISA-d Standard: Security of Industrial Automation and Control Systems (IACS) Rahul Bhojani ISA SP99 WG4 Meeting.
Chapter 07 Internal Control McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.
Introduction to Internal Control Systems
Vijay V Vijayakumar.  SOX Act  Difference between IT Management and IT Governance  Internal Controls  Frameworks for Implementing SOX  COSO - Committee.
This Lecture Covers Review of Internal Control Definitions.
Chapter Three IT Risks and Controls.
Internal controls. Session objectives Define Internal Controls To understand components of Internal Controls, control environment and types of controls.
Chapter 5 Internal Control over Financial Reporting
Considering Internal Control
Monitoring Internal Control Systems Johann Rieser Senior Auditor, Ministry of Finance, Vienna.
Introduction In 1992, the Committee Of Sponsoring Organizations of the Treadway Commission (COSO) published Internal Control-Integrated Framework (1992.
Internal Control in a Financial Statement Audit
Learning Objectives LO5 Illustrate how business risk analysis is used to assess the risk of material misstatement at the financial statement level and.
An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.
Committee of Sponsoring Organizations of The Treadway Commission Formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting “Internal.
Evaluation of Internal Control System
Richard F. Chambers, CIA, CGAP Vice President, IIA Learning Center The Institute of Internal Auditors.
Security Standards and Threat Evaluation. Main Topic of Discussion  Methodologies  Standards  Frameworks  Measuring threats –Threat evaluation –Certification.
The Connection between Risk Management and Internal Control in Organizations Mag. Norbert Wagner Budapest,
Advanced Accounting Information Systems Day 20 Control and Security Frameworks October 9, 2009.
Enterprise Risk Management Chapter One Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc
Everyone’s Been Hacked Now What?. OakRidge What happened?
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.1 Internal.
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-1 Chapter 6 CHAPTER 6 INTERNAL CONTROL IN A FINANCIAL STATEMENT AUDIT.
Advanced Accounting Information Systems Day 19 Control and Security Frameworks October 7, 2009.
IT Controls Global Technology Auditing Guide 1.
Chapter 9: Introduction to Internal Control Systems
S5: Internal controls. What is Internal Control Internal control is a process Internal control is a process Internal control is effected by people Internal.
SecSDLC Chapter 2.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Internal Control Chapter 7. McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. 7-2 Summary of Internal Control Definition.
Chapter 5 Evaluating the Integrity and Effectiveness of the Client’s Control Systems.
Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.
©©2012 Pearson Education, Auditing 14/e, Arens/Elder/Beasley Considering Internal Control Chapter 10.
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall. Chapter
Company LOGO Chapter4 Internal control systems. Internal control  It is any action taken by management to enhance the likelihood that established objectives.
COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.
Internal Control. McGraw-Hill/Irwin © 2004 The McGraw-Hill Companies, Inc., All Rights Reserved. 7-2 Summary of Internal Control Definition A process...designed.
©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley Internal Control and Control Risk Chapter 10.
Auditors’ Dilemma – reporting requirements on Internal Financial Controls under the Companies Act 2013 and Clause 49 of the Listing agreement V. Venkataramanan.
Chapter Three Objectives
Chapter 9 Control, security and audit
Internal control objectives
An overview of Internal Controls Structure & Mechanism
Presentation transcript:

Control and Security Frameworks Chapter Three Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc. 2007

Chapter Three Objectives 1. Understand risks faced by information assets. 2. Comprehend the relationship between risk and asset vulnerabilities, and comprehend the nature and types of threats faced by the asset. 3. Understand the objectives of control and security of information assets and how these objectives are interrelated. 1. Understand the building blocks of control and security frameworks for information systems. 2. Apply a controls framework to a financial accounting system.

Protecting Information Assets It is necessary to protect information assets There is a potential for compromises of such assets. There may attacks on the information assets. There may be unintentional compromises of information assets. Systems are subject to regulatory protection requirements.

Vulnerabilities and Threats Vulnerability: A weakness in the information assets that leads to risk. Threat: The probability of an attack on the information asset. Attack: A series of steps taken by an attacker to achieve an unauthorized result. Threat agent: An entity, typically a person, who triggers a threat. Countermeasure: An antidote or an action that dilutes the potential impact of a known vulnerability.

Internal Control Definition of internal control A process, affected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives. Classification of internal controls General controls and application controls Detective, preventive, and corrective controls

Information Security Definition of information security Protection of information assets from harm Classification of information security measures Physical and logical security

Relationship between internal control and information security Steps taken to protect a system are called measures, or countermeasures. These measures are essentially various types of controls. Thus, security is ensured through the implementation of controls. Reference to specific controls implemented for information security is often made as “security controls.” Terms security and control are often used as if they are synonyms. General controls often overlap with security measures.

Frameworks for Control and Security COBIT: Control Objectives for Information and related Technology The framework helps bridge the gap between business risk, control needs, and technical issues. The framework’s approach is process oriented. IT Processes are classified into five categories (domains): Manage IT investment, acquire and implement, deliver and support, and monitor and evaluate. The framework includes 34 high level control objectives, which are translated into over 300 detailed objectives. Control activities support control objectives. Control activities, linked to IT processes, include policies, organizational structures, and practices and procedures.

Frameworks for Control and Security ISO Is a standard focused on the protection of information assets. It is broadly applicable across industries, therefore it is a high-level standard. It is a general model that follows from Part I of British Standard 7799 (BS 7799). The standard is organized into ten categories (sections). Each section is divided into subcategories, each of which includes a broad implementation approach (method).

Frameworks for Control and Security COSO: The Committee of Sponsoring Organizations It is an integrated framework of internal controls. It proposes five components of internal controls. Together, the five components and relationships among them make a holistic framework of internal controls.

COSO: Components of Internal Control Risk assessment Control environment Control activities Information and communication Monitoring

Internal Control and Information Security Objectives Internal control objectives Efficiency of operations Effectiveness of operations Reliability of information Compliance with applicable laws and regulations Information security objectives Information integrity Message integrity Confidentiality User authentication Nonrepudiation Systems availability

A Comparison of Internal Control and Information Security Objectives Objectives of internal controls Objectives of information security Effectiveness of operations Efficiency of operations Reliability of information Compliance with regulations Information integrityX ConfidentialityX User authenticationXX Non-repudiationX AvailabilityX

Implementing a Framework

Assurance Considerations Without a framework, no objectives can be achieved with a high degree of assurance. A first step toward assurance is to adopt a holistic framework. Elements of more than one framework can be combined into the framework adopted by an entity, to provide necessary granularity. The framework allows for a systematic approach to the design, implementation, and audit of control and security systems. The business may seek assurance regarding proper implementation of a chosen framework.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.