Pertemuan 17-18 Matakuliah : A0214/Audit Sistem Informasi Tahun : 2007

advertisement
Matakuliah : A0214/Audit Sistem Informasi
Tahun
: 2007
Pertemuan 17-18
APPLICATION RISK AND CONTROLS
Bina Nusantara
Application Risks
•
•
•
•
•
•
•
•
•
•
•
•
Bina Nusantara
Weak security
Unauthorized access to data
Unauthorized remote access
Inaccurate information
Erroneous or falsified data input
Misuse by authorized end users
Incomplete processing
Duplicate transactions
Untimely processing
Communications system failure
Inadequate training
Inadequate support
End User Computing (EUC) Application Risks
•
•
•
•
•
•
•
•
Bina Nusantara
Inefficient use of resources
Incompatible systems
Redundant systems
Ineffective implementations
Absence of separation of duties
Unauthorized access to data or programs
Copyright violations
The destruction of information by computer viruses
Electronic Data Interchange (EDI)
Application Risks
•
•
•
•
•
•
Bina Nusantara
Loss of Business Continuity / Going Concern Problem
Interdependence
Loss of confidentiality or sensitive information
Increased exposure to fraud
Manipulation of payment
Loss of transactions
Electronic Data Interchange (EDI)
Application Risks
•
•
•
•
•
•
•
•
Bina Nusantara
Errors in information and communication systems
Loss of audit trail
Concentration of control
Application failure
Potential legal liability
Overcharging by third party service providers
Manipulation of organization
Not achieving anticipated cost savings
Implications of risks in an EDI systems
•
•
•
•
•
•
Bina Nusantara
Potential loss of transaction audit trail
Increased exposure to ransom, blackmail, or fraud
Disruption of cash flows
Loss of profitability
Damage to reputation
Financial collapse
Application Controls
•
•
•
•
•
•
Bina Nusantara
Input Controls
Interfaces
Authenticity
Accuracy
Processing controls
Completeness
Application Controls
•
•
•
•
•
•
•
Bina Nusantara
Error correction
Output controls
Reconciliation
Distribution
Retention
Functional Testing and Acceptance
Management Approval
Documentation Requirements
•
•
•
•
•
•
Bina Nusantara
Standards and descriptions of procedures
Instructions to personnel
Flowcharts
Data flow diagrams
Display or report layout
Other materials that describe the systems
Application Software Life Cycle
• System Development Methodology
– An information systems strategy that guides developers in building systems that are
consistent with the organization’s technical and operational goals
– Standards that guide in selection of hardware, software, and in developing new
systems
– Policies and procedures that support the organization’s goals and objectives
– Project management which ensures that project are completed on time and within
budget
• User Interface
– Means by which the user interacts with the system.
Bina Nusantara
Application Maintenance
• Corrective maintenance
– Emergency program fixes and routine debugging
• Adaptive maintenance
– Accommodation of change
• Perfective maintenance
– User enhancements
– Improve documentation
– Recording for efficiency
Bina Nusantara
Download