Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Technology Controls

Published byDominick Griffith Modified over 6 years ago

Similar presentations

Presentation on theme: "Information Technology Controls"— Presentation transcript:

1 Information Technology Controls
Presented by: Brian Christian

2 Introduction Support business management
Provide general and technical controls over the polices, processes, systems, and people that makeup IT infrastructure Essential for reliability

3 Structure of IT Auditing

4 Understanding Controls
General Application Preventive Detective Corrective Governance Management Technical Classified by purpose in overall system of internal controls Classified by group responsible for ensuring implementation and maintenance

5 IT Controls Hierarchy Define aims and objectives
Define ways of working

6 Organization and Management
Segregation of duties Initiating, authorizing, inputting, processing and checking data – Separate! IT Environment: Systems development and operations – Separate! Financial controls Identify potential failings early on Change Management

7 IT Controls Hierarchy Specific application systems Protect from damage
Generic Application Controls: Input Processing Output Integrity Management Trail Protect from damage or loss Controlled method for development Configuration Techniques

8 Security and Importance of Controls
Information Security Confidentiality Integrity Availability Importance of IT Controls Controlling costs and remaining competitive Protecting against information theft Complying with legislation (i.e. SOX)

9 Analyzing Risks Risk & Response Adequacy of Controls? Risk Mitigation
IT controls are selected and implemented based on risks they are designed to manage Adequacy of Controls? Risk Mitigation Accept Eliminate Share Control

10 Monitoring and Assessing Controls
Choosing a framework Monitoring IT Controls Ongoing Special Reviews Assessing Controls Audit Methodology Testing IT Controls and Continuous Assurance

11 Summary Multiple types of controls
General & Application PDC Controls Governance, Management, Technical Continuous, reliable assurance and trail of evidence Controlling, Protecting & Complying Risk assessment Monitoring is critical

12 Questions?

Download ppt "Information Technology Controls"

Similar presentations

Module N° 3 – ICAO SARPs related to safety management

Module N° 3 – ICAO SARPs related to safety management
Nishidh, CISSP. To comply with Sarbanes oxley and other legislations To comply with industry standards and business partner requirements To protect.

Nishidh, CISSP. To comply with Sarbanes oxley and other legislations To comply with industry standards and business partner requirements To protect.
Bodnar/Hopwood AIS 7th Ed1 Chapter 5 u TRANSACTION PROCESSING AND INTERNAL CONTROL PROCESS.

Bodnar/Hopwood AIS 7th Ed1 Chapter 5 u TRANSACTION PROCESSING AND INTERNAL CONTROL PROCESS.
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
Control and Accounting Information Systems

Control and Accounting Information Systems
Control and Accounting Information Systems

Control and Accounting Information Systems
Auditing Concepts.

Auditing Concepts.
Understanding & Managing Risk

Understanding & Managing Risk
Auditing Computer Systems

Auditing Computer Systems
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
The Islamic University of Gaza

The Islamic University of Gaza
Audit Guidance Using the Federal Information System Controls Audit Manual (FISCAM) to Achieve Audit Objectives in Financial and Performance Audits Mickie.

Audit Guidance Using the Federal Information System Controls Audit Manual (FISCAM) to Achieve Audit Objectives in Financial and Performance Audits Mickie.
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
Internal Control Concepts A Guide for Deans, Directors, and Department Chairs.

Internal Control Concepts A Guide for Deans, Directors, and Department Chairs.
First Practice - Information Security Management System Implementation and ISO 27001 Certification.

First Practice - Information Security Management System Implementation and ISO Certification.
Auditing 81.3550 Auditing & Automated Systems Chapter 22 Auditing & Automated Systems Chapter 22.

Auditing Auditing & Automated Systems Chapter 22 Auditing & Automated Systems Chapter 22.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
1 Performance Auditing  In IT Environment  Evidence Gathering & Analysis Techniques  Computer Assisted Techniques  Use of IDEA.

1 Performance Auditing  In IT Environment  Evidence Gathering & Analysis Techniques  Computer Assisted Techniques  Use of IDEA.

Similar presentations

Ads by Google