APPLICATION RISK AND CONTROLS
advertisement
APPLICATION RISK AND CONTROLS Application Risks • • • • • • • • • • • • Weak security Unauthorized access to data Unauthorized remote access Inaccurate information Erroneous or falsified data input Misuse by authorized end users Incomplete processing Duplicate transactions Untimely processing Communications system failure Inadequate training Inadequate support End User Computing (EUC) Application Risks • • • • • • • • Inefficient use of resources Incompatible systems Redundant systems Ineffective implementations Absence of separation of duties Unauthorized access to data or programs Copyright violations The destruction of information by computer viruses Electronic Data Interchange (EDI) Application Risks • Loss of Business Continuity / Going Concern Problem • Interdependence • Loss of confidentiality or sensitive information • Increased exposure to fraud • Manipulation of payment • Loss of transactions Electronic Data Interchange (EDI) Application Risks • Errors in information and communication systems • Loss of audit trail • Concentration of control • Application failure • Potential legal liability • Overcharging by third party service providers • Manipulation of organization • Not achieving anticipated cost savings Implications of risks in an EDI systems • Potential loss of transaction audit trail • Increased exposure to ransom, blackmail, or fraud • Disruption of cash flows • Loss of profitability • Damage to reputation • Financial collapse Application Controls • • • • • • Input Controls Interfaces Authenticity Accuracy Processing controls Completeness Application Controls • • • • • • • Error correction Output controls Reconciliation Distribution Retention Functional Testing and Acceptance Management Approval Documentation Requirements • • • • • • Standards and descriptions of procedures Instructions to personnel Flowcharts Data flow diagrams Display or report layout Other materials that describe the systems Application Software Life Cycle • System Development Methodology – An information systems strategy that guides developers in building systems that are consistent with the organization’s technical and operational goals – Standards that guide in selection of hardware, software, and in developing new systems – Policies and procedures that support the organization’s goals and objectives – Project management which ensures that project are completed on time and within budget • User Interface – Means by which the user interacts with the system. Application Maintenance • Corrective maintenance – Emergency program fixes and routine debugging • Adaptive maintenance – Accommodation of change • Perfective maintenance – User enhancements – Improve documentation – Recording for efficiency
