Académique Documents
Professionnel Documents
Culture Documents
RESPONSIBILTY as to:
MANAGEMENT & THOSE CHARGED
WITH
GOVERNACE
AUDITIORS
CHARACTERISTICS OF CIS
LACK OF VISIBLE TRANSACTION TRAILS
Transaction trail (or audit trail) refers to the successive
stages in the recording of a transaction in the books of
account through which an auditor may be able to trace
accounting entries in the backs back to their initiation and
vice versa.
some computer information systems are designed so that a
complete transaction trail that is useful for audit purposes
might exist for only short period of time or only in a
computer readable form.
Where a complex application system performs a large
number of processing steps, there may not be a complete
trail.
CONSISTENCY OF PERFORMANCE
Computer processing uniformly like transactions
with the same processing instructions. Thus, the
clerical errors ordinarily associated with manual
processing are virtually eliminated.
Conversely, programming errors (or other
systematic errors in hardware or software) will
ordinarily result in all transactions being
processed incorrectly.
CONCENTRATION OF DUTIES
Many control procedures that would ordinarily be performed by
separate individuals in manual systems may become
concentrated in a CIS environment.
Thus, an individual who has access to computer programs,
processing or data may be in a position to perform incompatible
functions.
GENERAL CONTROLS
Organizational controls
Systems development and documentation
controls
Access controls
Data recovery controls
Monitoring controls
APPLICATION CONTROLS
Controls over input
Controls over processing
Controls over output
GENERAL CONTROLS
These ensure that a companys control
environment is stable and well
managed in order to strengthen the
effectiveness of application controls.
Applies to all IT systems
Organizational controls
Systems development and
documentation controls
Access controls
Data recovery controls
Monitoring controls
ORGANIZATIONAL CONTROLS
Is a CIS function so organized that
incompatible functions are segregated to the
extent possible?
Segregation of Functions in a
Direct/Immediate Processing System
User DepartmentsComputer Operations
Data Inputs
Displayed Outputs
Printed or
Plotted Outputs
Figure 8-6
Process
Online
Files
ACCESS CONTROLS
How effective are the controls over
unauthorized use of programs and
data?
An effective access control is the use
of passwords. A password is a secret
code which is known only to the
computer user.
Monitoring controls
It is designed to ensure that CIS
controls are working effectively as
planned.
Periodic evaluation
GENERAL CONTROLS
Organizational controls
Systems development and documentation
controls
Access controls
Data recovery controls
Monitoring controls
APPLICATION CONTROLS
Controls over input
Controls over processing
Controls over output
APPLICATION CONTROLS
These are designed to prevent, detect, and
correct errors and irregularities in transactions
as they flow through the stages of data
processing.
Field check
Ensures that the input data agree with the required field
format.
Validity check
Information entered are compared with the valid information
in the master file to determine the authenticity of the input.
Self-checking digit
This is a mathematically calculated digit which is usually
added to a document number to detect common
transpositional errors in data submitted for processing.
Limit check
Also called reasonable check, is designed
to ensure that data submitted for
processing do not exceed a pre-determined
limit or reasonable amount.
Control totals
These are totals computes based on data
submitted for processing
Ensure the completeness of data before
and after they are processed
fin
Reference:
https://books.google.com.ph/books?
id=neDFWDyUWuQC&pg=PA196&lpg=PA1
96&dq=VULNERABILITY+OF+DATA+AND+P
ROGRAM+STORAGE+MEDIA+IN+CIS+AUDI
T&source=bl&ots=7bvmSmhr6L&sig=Xrwg
QSQ2uMQX5Xn6sYao10bXuKo&hl=en&sa=
X&ved=0ahUKEwiWkdvX_5TOAhULm5QKH
RV3AZoQ6AEIHDAA#v=onepage&q=VULNE
RABILITY%20OF%20DATA%20AND
%20PROGRAM%20STORAGE%20MEDIA
%20IN%20CIS%20AUDIT&f=true
Audit theory by Salosagcol, et al