Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Project Management
Uploaded by pclmcessy112203

Auditing in CIS Environment: IT Controls & Risk

advertisement 
AUDITING IN CIS
ENVIRONMENT
INFORMATION
TECHNOLOGY AND AUDIT
PROCESS
How information technologies
enhance internal control
■ The use of technology in internal controls can help companies to identify and
prevent errors, fraud, and other irregularities.
■ Technology can help companies to streamline their internal control processes,
reducing the time taken to complete tasks and minimizing the risk of errors.
Impact of IT on client’s control risk
■ Consider their clients’ use of technology, the risks the use of technology
presents, and what, if any, controls the entity has in place to address these risks.
■ Auditors will identify which applications and other aspects of the entity’s IT
environment pose risks. Then, auditors will identify specific risks arising from the
use of IT and general IT controls to address these risks for each identified
application or aspect. Once auditors understand the risks, they identify controls
and perform procedures around those controls.
Internal controls specific to IT
a. Administration of the IT function
b. Segregation of IT duties
c. Systems Development
d. Backup and Contingency Planning
- Hardware Controls
- Input Controls
- Processing Controls
Characteristics of a CIS organizational
structure includes:
■ Concentration of functions and knowledge
■ Concentration of programs and data
Nature of Processing
■ The use of computers may result in the design of systems that provide less visible
evidence than those using manual procedures. In addition, these systems may be
accessible by a larger number of persons.
■ System characteristics that may result from the nature of CIS processing include:
- Absence of input documents
- Lack if visible audit trail
- Lack of visible output
- Ease of access to data and computer programs
Internal Controls in a CIS Environment General controls
■ To establish a framework of overall control over the CIS activities and to provide a
reasonable level of assurance that the overall objectives of internal control are
achieved.
■ General CIS controls may include
- Organization and management controls
- Development and maintenance controls
- Delivery and support controls
- Monitoring controls
Internal Controls in a CIS Environment Application controls
■ To establish specific control procedures over the application systems in order to
provide reasonable assurance that all transactions are authorized, recorded and are
processed completely, accurately and on a timely basis.
■ Application CIS control may include
- Control over input
- Controls over processing and computer data files
- Controls over output
ACTIVITY
GENERAL CONTROLS
STRATEGIC
INFORMATION
TECHNOLOGY PLAN
CIS POLICIES AND
PROCEDURES
SEGREGATION OF
INCOMPATIBLE
FUNCTIONS
MONITORING OF CIS
ACTIVITIES
PERFORMED BY THIRD
PARTY CONSULTANT
PROJECT INITIATION,
REQUIREMENT
DEFINITION, SYSTEM
DESIGN, ETC.
ACQUISITION AND
IMPLEMENTATION
OF OFF-THE-SHELF
PACKAGES
REQUEST FOR
CHANGES TO THE
EXISTING SYSTEMS
ACQUISITION,
IMPLEMENTATION,
AND MAINTENANCE OF
SYSTEM SOFTWARE
ESTABLISHMENT OF
SERVICE LEVEL
AGREEMENTS AGAINST
WHICH CIS SERVICES
ARE MEASURED
PERFORMANCE AND
CAPACITY
MANAGEMENT
CONTROLS
DRP AND FILE BACKUP
COMPUTER
OPERATIONS
CONTROLS
SYSTEMS SECURITY
PHYSICAL AND
ENVIRONMENT
CONTROLS
MONITORING OF KEY
CIS PERFORMANCE
INDICATORS
INTERNAL AND
EXTERNAL CIS AUDITS
APPLICATION
CONTROLS
DATA OBSERVATION
DATA TRANSCRIPTION
EDIT TEST OF
TRANSACTION DATA
TRANSMISSION OF
TRANSACTION DATA
MANUAL CROSS CHECK
PROCESSING LOGIC
CHECK
RUN-TO-RUN TOTAL
FILE AND PROGRAM
CHANGES
AUDIT TRAIL LINKAGES
CONTROL TOTAL
Impact of IT on the audit process
Systems Development
■ a. Auditing around the computer
■ b. Auditing through the computer
Test data approach
Parallel simulation
Integrated test facility
Embedded audit module approach
Issues for different IT environments,
including e-commerce systems
■ Issues for different IT environments, including e-commerce systems.
■ Auditing E-Business environment forces auditors to reevaluate the effectiveness of
traditional audit procedures, and to explore both the possibilities and opportunities
available to them using data analysis software.
Related documents
ServiceNow CMDB Implementation: Discovery & Service Mapping
ServiceNow CMDB Implementation: Discovery & Service Mapping
Complex Quiz Sec. 2
Complex Quiz Sec. 2
insert your school name here - College of Continuing Education
insert your school name here - College of Continuing Education
Download
advertisement