Scribd Logo
Importer

Bienvenue sur Scribd !

  • Management Information System: Aneesh Thomas 3 Semester Mba Pims Munnad

    Transféré par

    jineshshaji
    9 vues13 pages
    This document discusses controls for end user computing and auditing information systems. It outlines various controls that can be built into critical end user applications to avoid errors, fraud, and other issues. These include testing applications for compliance, notifying users of changes, thorough documentation, training backup users, and access security controls. The document also describes two approaches for auditing information systems - auditing around the computer by checking inputs/outputs without evaluating programs, and auditing through the computer by verifying program accuracy and integrity. Specialized EDP auditors may use audit software packages to test computer processing.

    Description originale:

    mis

    Titre original

    Mis Anneesh

    Copyright

    © © All Rights Reserved

    Formats disponibles

    PPTX, PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    This document discusses controls for end user computing and auditing information systems. It outlines various controls that can be built into critical end user applications to avoid errors, fraud, and other issues. These include testing applications for compliance, notifying users of changes, thorough documentation, training backup users, and access security controls. The document also describes two approaches for auditing information systems - auditing around the computer by checking inputs/outputs without evaluating programs, and auditing through the computer by verifying program accuracy and integrity. Specialized EDP auditors may use audit software packages to test computer processing.

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PPTX, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    9 vues13 pages

    Management Information System: Aneesh Thomas 3 Semester Mba Pims Munnad

    Transféré par

    jineshshaji
    This document discusses controls for end user computing and auditing information systems. It outlines various controls that can be built into critical end user applications to avoid errors, fraud, and other issues. These include testing applications for compliance, notifying users of changes, thorough documentation, training backup users, and access security controls. The document also describes two approaches for auditing information systems - auditing around the computer by checking inputs/outputs without evaluating programs, and auditing through the computer by verifying program accuracy and integrity. Specialized EDP auditors may use audit software packages to test computer processing.

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PPTX, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 13

    MANAGEMENT

    INFORMATION
    SYSTEM

    ANEESH THOMAS
    3RD SEMESTER MBA
    PIMS MUNNAD

    TOPICS
    1.

    Controls for end using computing

    2.

    Auditing information system

    I. Controls for end user computing

    Many firms are beginning to realize that in many


    cases, end user developed applications are
    performing extremely important business
    functions.

    Instead of merely systems for personal


    productivity or decision support, these applications
    are supporting the accomplishment of important
    business activities that are critical to the success
    and survival of the firm.

    Thus they can be called company critical end user


    applications.

    These are the controls that can be build in all


    companies important end user applications.

    These controls help the company in avoiding


    misinterpretation, fraud, errors, destruction
    and other cause to these critical applications
    and thus to the company itself.

    Controls are developed by professionals.

    Some of the controls were ignored by end


    users.

    Criteria and controls for company


    critical end user application
    1.

    2.
    3.
    4.
    5.
    6.
    7.

    Methods for testing user-developed systems for


    compliance with company policies and work
    procedures.
    Methods for notifying other users when changes in
    mission-critical user-developed systems are planned.
    Thorough documentation of user-developed systems.
    Training several people in the operation and
    maintenance of a system.
    A formal process for evaluating and acquiring new
    hardware and software.
    Formal backup and recovery procedures for all user
    systems.
    Security controls for access to user and company
    computer systems, networks and databases.

    2. Auditing information systems

    As like any other department, information service


    department should be audited with the help of an
    internal auditor.
    Periodical audits has to be conducted with the help of
    external auditors from professional accounting firms.
    Such auditors should review and evaluate whether
    any of the controls (information system control,
    procedural control, facility control and other
    managerial control) have been developed and
    implemented.
    There are two basic approaches for auditing
    information system.
    a. auditing around the computer
    b. auditing through the computer

    a. Auditing around the computer


    o

    Involves verifying the accuracy of computer


    input and output without evaluating
    computer programs used to process the data.

    Simpler and easier method that does not


    require auditors with programming
    experience.

    It will not trace the accuracy and integrity of


    computer programs.

    Therefore, it is one of the supplement to


    other auditing methods.

    b. Auditing through the computer

    Involves verifying the accuracy and integrity of the


    computer program that process the data as well as
    the input and output of the computer program.

    Auditing through the computer requires a


    knowledge of computer operations and
    programming.

    Some firms employ special EDP auditors for this


    assignment.

    They may use special test data to test processing


    accuracy and control procedures built into computer
    programs or use audit software packages.

    An eg: of the capabilities of an audit


    software packages.

    Online
    reports

    Online
    query

    Interactive
    programming

    Documentation
    facilities

    Database
    facilities
    Information
    directory

    Audit
    information
    retrieval
    system

    Report
    generator

    EDP auditors use such programs to process


    their test data.
    Audit results will be compared with the
    computer generated results.
    Such a test aims at detection of
    unauthorized changes or patches of
    computer program.
    Unauthorized changes will lead to
    unexplained errors and further fraudulent
    practices.
    As the auditing through computer
    application is costly. So combination of both
    auditing approaches is usually employed.
    However, both auditing approaches must

    An AUDIT TRAIL can be defined as the


    presence of documentation that allows a
    transaction to be traced through all stages
    of its information processing.
    This journey begins with the transactions
    appearance on a source document and
    ends with its transformation into
    information on a final output document.
    Audit trail of manual information system
    are quite visible and easy to trace.
    Information is recorded in media that can
    be interpreted only by machine.

    For example, real time transactions


    processing systems have increased the
    invisibility of the traditional audit trail. Paper
    documents and historical files are frequently
    eliminated when remote terminals and direct
    access files are used.

    Vous aimerez peut-être aussi