IT General Controls: Computer Environment

Questions and Answers

The objective of this session is to define and explain ______ controls;

general

There are five categories of ______ controls discussed in this session;

general

[Blank] of responsibility is an important organisational control and personnel practice;

Delegation

A ______ committee is an example of organisational control and personnel practice;

Steering

[Blank] of duties is essential between development, operations, and security;

Segregation

Independent review of ______ is crucial in organisational controls and personnel practices;

logs

Personnel practices include issues such as Employing, ______, rotation of duties, training and dismissals/resignations.

leave

The ______ development life cycle includes request submission, needs assessment and selection, planning and design, systems development and testing, implementation, and post-implementation review.

Systems

Program ______ controls involve a process similar to the SDLC.

change

Access controls distinguish between ______ and logical access.

physical

Logical access controls involve ______, authentication, and authorization.

ID

Business continuity controls involve preventative measures such as security policy, ______ access, and logical access.

physical

Operating controls and maintenance are ______ in nature and involve scheduling, standards, and policies.

technical

Detective and corrective measures in business continuity controls include ______ and an emergency recovery plan.

back-ups

Study Notes

Topic 9: IT General Controls

Organisational Controls and Personnel Practices

• Delegation of responsibility involves a steering committee, CIO, and IT manager
• Segregation of duties is crucial, especially between development, operations, and security
• Reporting, supervision, and review are essential, with independent review of logs being extremely important
• Personnel practices involve considerations such as employing, leave, rotation of duties, training, and dismissals/resignations

Systems Development and Change Controls

• System Development Life Cycle (SDLC) consists of:
  • Request submission, needs assessment, and selection
  • Planning and design
  • Systems development and testing (5 types of testing)
  • Implementation
  • Post-implementation review
• Program change controls should follow a similar process to SDLC

Access Controls

• Distinguish between physical and logical access
• Preventative measures:
  • Security policy
  • Physical access
  • Logical access (ID, Authentication, and Authorisation)
• Detective and corrective measures:
  • Logs, registers, and reports
• Other security controls:
  • Library
  • Communication (Encryption, Firewalls, call-back, anti-virus, and independent certification)

Business Continuity Controls

• Risks can be physical or logical
• Preventative measures:
  • Security policy
  • Physical access
  • Logical access (ID, Authentication, and Authorisation)
• Detective and corrective measures:
  • Back-ups and an emergency recovery plan
  • Insurance

Operating Controls and Maintenance

• Operating controls are technical in nature
• Key aspects include:
  • Scheduling
  • Standards and policies
  • Managing data, programs, and documentation
  • Logs
  • Policies for users

Description

This quiz covers general controls related to the overall computer environment, including organisational controls, system development, business continuity, operating controls, and access controls.