Presentation is loading. Please wait.

Presentation is loading. Please wait.

Systems Development Audit. Principles  To check that they system is producing the expected results  Ensure that the appropriate controls are operating.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Systems Development Audit. Principles  To check that they system is producing the expected results  Ensure that the appropriate controls are operating."— Presentation transcript:

1 Systems Development Audit

2 Principles  To check that they system is producing the expected results  Ensure that the appropriate controls are operating correctly

3 Audit of computer system development  Internal control and audit requirements fall into 2 categories: 1.Ensuring that the development takes place within an approved structure and under management control 2.Ensuring that the systems once developed are suitable and controllable.

4 Features of systems development audits  Ensure that the project is led by a senior operational manager with adequate understanding of IT  Ensure a project team representing all concerned at senior level.  Insist that suppliers and contractors are reputable, financially sound and that the contract is sound  Ensure that the progress of the project is monitored and reviewed by management  Ensure that the project is justified on financial grounds and that all concerned understand the objectives of the project.

5 Objectives of a systems development audit  To ensure that predetermined standards for development are satisfactory and have been observed.  Reviewing the controls that are being built into the new system to ensure that the new system is: –Reliable and secure –Easily auditable

6 Principles of auditing a new computer system  First priority is understanding the system and its workings, and being able to confirm that the system in use is the system documented.  The next is to ascertain how the system can be tested. A simple approach is the use of test packs.  Other approached include reviewing how system management and database management staff make their own checks on the system operation  Security needs to be reviewed. Networks require the security of effective password control, including regular changing of passwords and control of password security for system access and a DBMS limiting access to certain parts of the data.  Data may have to be encrypted.

7 Principles of auditing a new computer system  Access of terminals to other computer systems needs to be controlled  Some check must be made on the accuracy of information generated by the system.  Message acknowledgement/confirmation systems.  Back up of some form is the first step towards system security and preventing disaster. Back up may be in the form of an overnight back up and a log of the days transactions  Recovery procedures will need to cover central processor, terminal and line failure.

Download ppt "Systems Development Audit. Principles  To check that they system is producing the expected results  Ensure that the appropriate controls are operating."

Similar presentations

Information Management and Technology

Information Management and Technology
Presented to the Tallahassee ISACA Chapter

Presented to the Tallahassee ISACA Chapter
NERC Security Requirements – What Vendors Should Provide James W. Sample, CISSP, CISM Manager of Information Security California ISO.

NERC Security Requirements – What Vendors Should Provide James W. Sample, CISSP, CISM Manager of Information Security California ISO.
Information Technology Control Day IV Afternoon Sessions.

Information Technology Control Day IV Afternoon Sessions.
Information Systems Audit Program (cont.). PHYSICAL SECURITY CONTROLS.

Information Systems Audit Program (cont.). PHYSICAL SECURITY CONTROLS.
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
Professional Behaviour

Professional Behaviour
Group 3 John Gregory John Marsh Gerri Houston Samantha McNeily.

Group 3 John Gregory John Marsh Gerri Houston Samantha McNeily.
Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.

Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.
Auditing Computer Systems

Auditing Computer Systems
9 - 1 Computer-Based Information Systems Control.

9 - 1 Computer-Based Information Systems Control.
The Islamic University of Gaza

The Islamic University of Gaza
Corrective & Preventive Action Programme l Corrective and preventive action managed by one programme l Closely linked to the internal audit programme l.

Corrective & Preventive Action Programme l Corrective and preventive action managed by one programme l Closely linked to the internal audit programme l.
Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.

Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.
Reliability Week 11 - Lecture 2. What do we mean by reliability? Correctness – system/application does what it has to do correctly. Availability – Be.

Reliability Week 11 - Lecture 2. What do we mean by reliability? Correctness – system/application does what it has to do correctly. Availability – Be.
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.

Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
Managing the Information Technology Resource Jerry N. Luftman

Managing the Information Technology Resource Jerry N. Luftman
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Concepts of Database Management Seventh Edition

Concepts of Database Management Seventh Edition
Factors to be taken into account when designing ICT Security Policies

Factors to be taken into account when designing ICT Security Policies

Similar presentations

Ads by Google