Presentation is loading. Please wait.

Presentation is loading. Please wait.

APPLICATION RISK AND CONTROLS

Published byJudith Armstrong Modified over 5 years ago

Similar presentations

Presentation on theme: "APPLICATION RISK AND CONTROLS"— Presentation transcript:

1 APPLICATION RISK AND CONTROLS

2 Application Risks Weak security Unauthorized access to data
Unauthorized remote access Inaccurate information Erroneous or falsified data input Misuse by authorized end users Incomplete processing Duplicate transactions Untimely processing Communications system failure Inadequate training Inadequate support

3 End User Computing (EUC) Application Risks
Inefficient use of resources Incompatible systems Redundant systems Ineffective implementations Absence of separation of duties Unauthorized access to data or programs Copyright violations The destruction of information by computer viruses

4 Electronic Data Interchange (EDI) Application Risks
Loss of Business Continuity / Going Concern Problem Interdependence Loss of confidentiality or sensitive information Increased exposure to fraud Manipulation of payment Loss of transactions

5 Electronic Data Interchange (EDI) Application Risks
Errors in information and communication systems Loss of audit trail Concentration of control Application failure Potential legal liability Overcharging by third party service providers Manipulation of organization Not achieving anticipated cost savings

6 Implications of risks in an EDI systems
Potential loss of transaction audit trail Increased exposure to ransom, blackmail, or fraud Disruption of cash flows Loss of profitability Damage to reputation Financial collapse

7 Application Controls Input Controls Interfaces Authenticity Accuracy
Processing controls Completeness

8 Application Controls Error correction Output controls Reconciliation
Distribution Retention Functional Testing and Acceptance Management Approval

9 Documentation Requirements
Standards and descriptions of procedures Instructions to personnel Flowcharts Data flow diagrams Display or report layout Other materials that describe the systems

10 Application Software Life Cycle
System Development Methodology An information systems strategy that guides developers in building systems that are consistent with the organization’s technical and operational goals Standards that guide in selection of hardware, software, and in developing new systems Policies and procedures that support the organization’s goals and objectives Project management which ensures that project are completed on time and within budget User Interface Means by which the user interacts with the system.

11 Application Maintenance
Corrective maintenance Emergency program fixes and routine debugging Adaptive maintenance Accommodation of change Perfective maintenance User enhancements Improve documentation Recording for efficiency

Download ppt "APPLICATION RISK AND CONTROLS"

Similar presentations

OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.

OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.
IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
Information Technology Control Day IV Afternoon Sessions.

Information Technology Control Day IV Afternoon Sessions.
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.

Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.
Auditing Computer Systems

Auditing Computer Systems
Information systems Integrity Protection. Facts on fraud  UK computer fraud 400 Million £  17 000 on 136 000 companies  avg case 46 000 £  France.

Information systems Integrity Protection. Facts on fraud  UK computer fraud 400 Million £  on companies  avg case £  France.
Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.

Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.
6.1 Copyright © 2014 Pearson Education, Inc. publishing as Prentice Hall Building Information Systems Chapter 13 VIDEO CASES Video Case 1: IBM: Business.

6.1 Copyright © 2014 Pearson Education, Inc. publishing as Prentice Hall Building Information Systems Chapter 13 VIDEO CASES Video Case 1: IBM: Business.
1 Output Controls Ensure that system output is not lost, misdirected, or corrupted and that privacy is not violated. Exposures of this sort can cause serious.

1 Output Controls Ensure that system output is not lost, misdirected, or corrupted and that privacy is not violated. Exposures of this sort can cause serious.
©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart 18-1 Accounting Information Systems 9 th Edition Marshall.

©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart 18-1 Accounting Information Systems 9 th Edition Marshall.
Pertemuan 11-12 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Cash and Financial Investments. McGraw-Hill/Irwin © 2004 The McGraw-Hill Companies, Inc., All Rights Reserved. 10-2 Internal Control Over --Cash Receipts.

Cash and Financial Investments. McGraw-Hill/Irwin © 2004 The McGraw-Hill Companies, Inc., All Rights Reserved Internal Control Over --Cash Receipts.
Overview of IS Auditing n Need for control and Audit of Computers –Org cost of data loss –cost of incorrect decision –Value of hardware, software, personnel.

Overview of IS Auditing n Need for control and Audit of Computers –Org cost of data loss –cost of incorrect decision –Value of hardware, software, personnel.
Pertemuan 17-18 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Electronic Banking BY Bahaa Abas Noor abo han. Definition * e-banking is defined as: …the automated delivery of new and traditional banking products and.

Electronic Banking BY Bahaa Abas Noor abo han. Definition * e-banking is defined as: …the automated delivery of new and traditional banking products and.
 What is Code Change Management and why does it matter?  What are key code change controls and their relationship?  What are some common code change.

 What is Code Change Management and why does it matter?  What are key code change controls and their relationship?  What are some common code change.
Information Systems Auditing and Assurance

Information Systems Auditing and Assurance

Similar presentations

Ads by Google