Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module 6 – Part 1 An Overview of Information Systems Audit 1.

Published bySamantha Evans Modified over 8 years ago

Similar presentations

Presentation on theme: "Module 6 – Part 1 An Overview of Information Systems Audit 1."— Presentation transcript:

1 Module 6 – Part 1 An Overview of Information Systems Audit 1

2 Introduction Today computers perform much of data processing required in both the private and public sectors of our economies. Need to maintain the integrity of data processed by computers now seems to pervade our lives. Fear of the substantially increased data- processing capabilities are not well controlled – computer abuse. 2

3 Introduction Concerns with the privacy of data exchange with organizations.  E.g. tax department, medical authorities. Uncontrolled use of computers can have a widespread impact on a society.  E.g. inaccurate information causes misallocation of resources within the economy and fraud can perpetrated because of inadequate system controls.  Those who suffer most often are those who can least afford to suffer. 3

4 Need for control & Audit of computers Computers are used extensively to process data and to provide information for decision making. Rapid decrease in the cost of computer technology, widespread availability of powerful microcomputers and their associated packaged software – resulted in the extensive use of computers in the workplace and at home. 4

5 Need for control & Audit of computers Seven major reasons for establishing a function to examine controls over computer-based data processing. Costs of incorrect decision making Costs of computer Abuse Organization costs of data loss Value of hardware, software, personnel High costs of computer error Maintenance of privacy Controlled evolution of computer use ORGANIZATIONS Control and audit of computer-based information system 5

6 Factors influencing an organization toward control and audit of computers. Organization costs of data loss  Data make up a critical resource necessary for an organization’s continuing operations.  Data provides the organization with an image to itself, its environment, its history, and its future.  If image is accurate – organization increases its ability to adapt and survive in a changing environment, otherwise the organization can incur substantial losses.  Losses of data can occur when existing controls over computers are lax.  E.g. inadequate backup for computer files.  E.g. The lost of file via computer error, sabotage, natural disaster and cannot be recovered. 6

7 Factors influencing an organization toward control and audit of computers. Organization costs of data loss  Data make up a critical resource necessary for an organization’s continuing operations.  Data provides the organization with an image to itself, its environment, its history, and its future.  If image is accurate – organization increases its ability to adapt and survive in a changing environment, otherwise the organization can incur substantial losses.  Losses of data can occur when existing controls over computers are lax – e.g. inadequate backup for computer files.  E.g. The lost of file via computer error, sabotage, natural disaster and cannot be recovered. 7

8 Factors influencing an organization toward control and audit of computers. Incorrect Decision Making Incorrect Decision Making  High-quality decisions depends in part on the quality of the data and the quality of the decision rules that exist within computer-based information systems.  The importance of accurate data in a computer system depends on the types of decisions made by persons having some interest in an organization.  Inaccurate data can cause costly, unnecessary investigations to be undertaken or out-of-control processes to remain undetected. 8

9 Factors influencing an organization toward control and audit of computers. Incorrect Decision Making Incorrect Decision Making  Have impact on other Parties who have interest in an organization.  Stakeholders might make poor investment if they are provided with inaccurate financial information.  The importance of having accurate decision rules in a computer system also depends on the types of decisions made by persons having some interest in a organization.  In some cases, incorrect decision rules have minor consequences – depreciation calculation  In some other cases, incorrect decision rules have major consequences – incorrect decision rules in medical expert system. 9

10 Factors influencing an organization toward control and audit of computers. Cost of computer abuse. Cost of computer abuse.  The major stimulus for development of the information systems audit function within organization often seems to have been computer abuse.  Computer abuse  Any incident associated with computer technology in which a victim suffered or could have suffered loss and a perpetrator by intention made or could have made gain. 10

11 Factors influencing an organization toward control and audit of computers. Types of abuse Types of abuse  Hacking  Viruses  Illegal physical access  Abuse of privileges Consequences of abuse Consequences of abuse  Destruction of assets  Theft of assets  Modification of assets  Privacy violations  Disruption of operations  Unauthorized use of assets  Physical harm to personnel 11

12 Factors influencing an organization toward control and audit of computers. Value of computer Hardware, software, and Personnel Value of computer Hardware, software, and Personnel  Computer hardware, software and personnel are critical organizational resources.  Organization have multimillion dollar investments in hardware – if loss hard (either deliberately or unintentionally) – can cause considerable disruption.  Software constitutes considerable investment of an organization.  if corrupted or destroyed – unable to continue operations.  If software is stolen – confidential information could be disclosed to competitor.  If the software is a proprietary package – lost of revenue or lawsuits could arise 12

13 Factors influencing an organization toward control and audit of computers. Personnel are always a valuable resource, particularly in light of an ongoing scarcity of well-trained computer professionals in many countries. Personnel are always a valuable resource, particularly in light of an ongoing scarcity of well-trained computer professionals in many countries. 13

14 Factors influencing an organization toward control and audit of computers. High costs of computer error. High costs of computer error.  Computers now automatically perform many critical functions within our society  Monitor the condition of patients during surgery  Direct the flight of a missile  Control nuclear reactor  Steer a ship  Monitor the country financial performance.  The cost of computer error in terms of loss of life, deprivation of liberty, or damage to the environment ca be high.  Due to the error in the computer systems design, jobs are carried out in accurately. 14

15 Factors influencing an organization toward control and audit of computers. Maintenance of Privacy Maintenance of Privacy  Much data is now collected about us as individuals.  The powerful data processing capabilities of computers, particularly their rapid throughput, integration and retrieval capabilities, cause many people to wonder whether the privacy of individual and organizations has now been eroded beyond acceptable levels.  E.g. personal information, human genetic data.  There are now many instances in which computer have been use to abuse the privacy of an individual. 15

16 Factors influencing an organization toward control and audit of computers. Control evolution of computer use. Control evolution of computer use.  From time to time, major conflicts arise over how computer technology should be use in our society.  E.g. use of computer to control nuclear weapons  People are concerned about the effects that use of computer can have on a person’s working life.  Should computer technology be allowed to displace people from workforce or to stultify jobs?  What effects do computers have on the physical and mental well-being of their users? 16

17 17

Download ppt "Module 6 – Part 1 An Overview of Information Systems Audit 1."

Similar presentations

OCTAVESM Process 4 Create Threat Profiles

OCTAVESM Process 4 Create Threat Profiles
Computer Fraud Chapter 5.

Computer Fraud Chapter 5.
Computer Fraud Chapter 5.

Computer Fraud Chapter 5.
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
AUP Acceptable Use Policy Summarized by Mr. Kirsch from the Sioux Falls School District Technology Plan.

AUP Acceptable Use Policy Summarized by Mr. Kirsch from the Sioux Falls School District Technology Plan.
Information Technology Control Day IV Afternoon Sessions.

Information Technology Control Day IV Afternoon Sessions.
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
Chapter 1: The Context of SA&D Methods

Chapter 1: The Context of SA&D Methods
Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.

Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.
Auditing Computer Systems

Auditing Computer Systems
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
Information systems Integrity Protection. Facts on fraud  UK computer fraud 400 Million £  17 000 on 136 000 companies  avg case 46 000 £  France.

Information systems Integrity Protection. Facts on fraud  UK computer fraud 400 Million £  on companies  avg case £  France.
IS Security Control & Management. Overview n Why worry? n Sources, frequency and severity of problems n Risks to computerized vs. manual systems n Purpose.

IS Security Control & Management. Overview n Why worry? n Sources, frequency and severity of problems n Risks to computerized vs. manual systems n Purpose.
INFORMATION WARFARE Written by: Larry Druffel Presented by: Frank Dang TCOM 614 Introduction to Telecommunication University of Redlands.

INFORMATION WARFARE Written by: Larry Druffel Presented by: Frank Dang TCOM 614 Introduction to Telecommunication University of Redlands.
Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.

Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.
Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.

Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.
Overview of IS Auditing n Need for control and Audit of Computers –Org cost of data loss –cost of incorrect decision –Value of hardware, software, personnel.

Overview of IS Auditing n Need for control and Audit of Computers –Org cost of data loss –cost of incorrect decision –Value of hardware, software, personnel.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
PROJECT ON information system audit

PROJECT ON information system audit

Similar presentations

Ads by Google