Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
IT RISK AND AUDITTING ASSIGNMENT 2 JANUARY 2017
Transcript of IT RISK AND AUDITTING ASSIGNMENT 2 JANUARY 2017
design by Dóri Sirály for Prezi
These are the policies and procedures used to ensure that appropriate actions are taken to deal with the organization’s identified risks.
This control relates specifically to the computer environment.
Information Technology Control
These are policies and procedures that relate to many applications and support the effective functioning of application controls by helping to ensure the continued proper operation of information systems.
1. Controls Over Data Centre And Network Operations
It deals with the access of the main data storage of the systems.
2. Access Security
Controls that protect the computer from fraudulent actions.
3.Application System Acquisition, Development, And Maintenance
Types of General Control
1. Information Technology Control
2. Physical Control
1. General Control
2. Application Control
4. Physical Security of Assets, including Adequate Safeguards such as Secured Facilities over Access to Assets and Records
Controls that secure the efficiency of the equipment, asset, or property.
5. Authorization for Access to Computer Programs and Data Files
Controls on file security for the reliability of the file because there is a protection that the file is highly authenticated.
These are controls specific to a particular accounting application.
Application controls are to ensure the completeness and accuracy of all processing and the validity of the accounting entries made
Types of Application Control
1. INPUT CONTROLS
Controls over input are designed to assure that the information processed by the computer is valid, complete, and accurate.
2. PROCESSING CONTROLS
Controls over processing are designed to assure that data input into the system is accurately processed.
3. OUTPUT CONTROLS
Controls over output are designed to assure that data generated by the computer are valid, accurate, and complete.
4. CONTROLS OVER MASTER FILE INFORMATION
There should be procedures in place to verify that the correct version of the Master File is being used.
General controls apply to all areas of the organization including the IT infrastructure and support services.
Application controls refer to the transactions and data relating to each computer-based application system; therefore, they are specific to each application.
General Control VS. Application Control
In Accounting Information System (AIS) we perceive "Inward Control". In the realm of PC review they additionally have general control and application control as their inside control. General and Applications control fundamentally have similar purposes
Relationship between GC & AC
4 fundamental reason for control:
ensure that the control intention is dependably come to and fill the standard, nearby and global (COSO and COBIT)
minimalize hazard and dangers
to even out with the multifaceted nature of today's cybercrime
take care of the issue that created by the PC itself
As the pace of change assembles, structures end up being more perplexing, and associations depend progressively on programming to make wage, the potential for application threats flourishes.
Relationships of GC & AC to Risk management
These conditions through and through uplift the prerequisite for a convincing application hazard administration prepare:
Growing System Complexity
Accelerated Development Practices
Insufficient Testing Time and Resources