Add to collection(s) Add to saved
  1. Business

Pertemuan 20 Matakuliah : A0214/Audit Sistem Informasi Tahun : 2007

advertisement 
Matakuliah : A0214/Audit Sistem Informasi
Tahun
: 2007
Pertemuan 20
OPERATIONAL CONTROL ISSUES
Bina Nusantara
Organizational Policy and Organizational Controls
• Every computer installation should have specific standards and
procedures manuals covering operations.
• An important element of any set of standards or manuals should be
the requirement that operators maintain logs on which any unusual
events or failures are recorded, according to time an in detail.
Bina Nusantara
Data Files and Program Controls
•
•
•
•
Bina Nusantara
Data library
Procedures to access program, data files and documentation
Authorized person
Control is enhanced by the practice of maintaining an inventory of
file media within the data library.
Backup/Restart
•
•
•
•
Bina Nusantara
Control planning must be based on the assumption that any computer system is subject to
several different types of failures.
Procedures must exist and must be tested for recovery from failures or losses of
equipment , programs or data files.
Backup and restart capabilities for both programs and data files require specific retention
cycles and the storage of backup copies or programs and files at remote, protected
locations.
Copies of system documentation, standards, and procedure manuals also should be
protected through remote off-site storage.
Physical Security and Access Control
• To prevent or deter theft, damage, and unauthorized access, and to
control movement of network-related equipment and attached
device, also prevent unauthorized access to data and software.
Bina Nusantara
Environmental Controls
General Control
COBIT Control
Organizational policy and organizational controls
Manage third-party services
Manage operations
Data files and program controls
Manage performance and capacity
Ensure system security
Identify and allocate costs
Manage Data
Backup/restart and disaster recovery controls
Ensure continuous service
Environmental controls
Manage the configuration
Manage the facility
Physical security access controls
Bina Nusantara
Ensure systems security
Problem Management Auditing
• Is a process that is used to report, log, correct, track, and resolve problems
within the hardware, software, network, telecommunications, and computing
environment of an organization.
• Problem management provides the framework to open, transfer, escalate, close,
and report management.
• Effective problem management procedures are vital to the long term control over
the performance of a data processing organization.
Bina Nusantara
Example of Audit Steps
•
Bina Nusantara
Administration of IT Activities
– Review the organization chart and evaluate the established procedures for adequacy
in defining responsibilities in the security administration area.
– Determine who is responsible for control and administration of security. Verify that
adequate security exists in the security administration function.
– Determine whether adequate direction is maintained for each IT functional area within
a policy and procedures manual. Evaluate whether the manual is kept up to date by IT
management.
– Determine if written personnel policies for the IT administration personnel exist, and
if these policies stress adequate qualification and level of training and development
– Determine if long range (two to five) years’ system planning is maintained by IT
management and is adequately considered in the fiscal budgeting process.
– Assess the adequacy of inventory procurement and control pertaining to the
administration of the LAN environment. Review available inventory documentation to
determine if it is adequately maintained and complete in description and location.
Compare the serial numbers on the computer software with inventory records to
determine if illegal copies of system and application software are being supported.
Example of Audit Steps
•
Bina Nusantara
Operating System Software and Data
– Determine through interviews with data center personnel whether any significant
modifications or upgrades were implemented during this audit year. Review
authorization documentation to ensure that adequate IT management approval is
obtained prior to the implementation.
– Determine through interviews with the IT personnel the procedures implemented to
ensure that adequate IT management approval is obtained prior to the
implementation.
– Evaluate access restrictions over critical system operation areas.
Related documents
Document14457092 14457092
Document14457092 14457092
Matematika Pertemuan 24 Matakuliah : D0024/Matematika Industri II
Matematika Pertemuan 24 Matakuliah : D0024/Matematika Industri II
Matematika Pertemuan 11 Matakuliah : D0024/Matematika Industri II
Matematika Pertemuan 11 Matakuliah : D0024/Matematika Industri II
Matematika Pertemuan 13 Matakuliah : D0024/Matematika Industri II
Matematika Pertemuan 13 Matakuliah : D0024/Matematika Industri II
Pertemuan 19 Matakuliah : A0214/Audit Sistem Informasi Tahun : 2007
Pertemuan 19 Matakuliah : A0214/Audit Sistem Informasi Tahun : 2007
Download
advertisement