Matakuliah : A0214/Audit Sistem Informasi Tahun : 2007 Pertemuan 17-18 APPLICATION RISK AND CONTROLS Bina Nusantara Application Risks • • • • • • • • • • • • Bina Nusantara Weak security Unauthorized access to data Unauthorized remote access Inaccurate information Erroneous or falsified data input Misuse by authorized end users Incomplete processing Duplicate transactions Untimely processing Communications system failure Inadequate training Inadequate support End User Computing (EUC) Application Risks • • • • • • • • Bina Nusantara Inefficient use of resources Incompatible systems Redundant systems Ineffective implementations Absence of separation of duties Unauthorized access to data or programs Copyright violations The destruction of information by computer viruses Electronic Data Interchange (EDI) Application Risks • • • • • • Bina Nusantara Loss of Business Continuity / Going Concern Problem Interdependence Loss of confidentiality or sensitive information Increased exposure to fraud Manipulation of payment Loss of transactions Electronic Data Interchange (EDI) Application Risks • • • • • • • • Bina Nusantara Errors in information and communication systems Loss of audit trail Concentration of control Application failure Potential legal liability Overcharging by third party service providers Manipulation of organization Not achieving anticipated cost savings Implications of risks in an EDI systems • • • • • • Bina Nusantara Potential loss of transaction audit trail Increased exposure to ransom, blackmail, or fraud Disruption of cash flows Loss of profitability Damage to reputation Financial collapse Application Controls • • • • • • Bina Nusantara Input Controls Interfaces Authenticity Accuracy Processing controls Completeness Application Controls • • • • • • • Bina Nusantara Error correction Output controls Reconciliation Distribution Retention Functional Testing and Acceptance Management Approval Documentation Requirements • • • • • • Bina Nusantara Standards and descriptions of procedures Instructions to personnel Flowcharts Data flow diagrams Display or report layout Other materials that describe the systems Application Software Life Cycle • System Development Methodology – An information systems strategy that guides developers in building systems that are consistent with the organization’s technical and operational goals – Standards that guide in selection of hardware, software, and in developing new systems – Policies and procedures that support the organization’s goals and objectives – Project management which ensures that project are completed on time and within budget • User Interface – Means by which the user interacts with the system. Bina Nusantara Application Maintenance • Corrective maintenance – Emergency program fixes and routine debugging • Adaptive maintenance – Accommodation of change • Perfective maintenance – User enhancements – Improve documentation – Recording for efficiency Bina Nusantara