REVIEWER-NG-MAKAKAPERPEK PDF

General Controls. These controls apply to information systems activities throughout an organization. The most important general controls are the measures that control access to computer systems and the information stored or transmitted over telecommunication networks. Application Controls. Application controls are specific to a given application and include measures as validating input data, regular archiving copies of various databases, and ensuring that information is disseminated only to authorized users. 1.Software Controls – Monitor the use of system software and prevent unauthorized access to software programs, system failure, and computer programs. 2.Hardware Controls – Ensure the computer hardware is physically secure and check for equipment malfunctions. Computer equipment should be specially protected against extreme temperatures and humidity 3.Computer Operations Controls – This includes controls over the setup of computer processing jobs and computer operations and backup and recovery procedures for processing that ends abnormally. 4.Data Security Controls – Ensures critical business data on disk and tapes are not subject to unauthorized access, change, or destruction while they are in use or storage. 5.Implementation Controls – Audit the system development process at various points to ensure that the process is properly controlled and managed. 6.Administrative Controls – Formalize standards, rules, procedures, and control discipline to ensure that the organization’s general and application controls are properly executed and enforced. 1. Input Controls – Input controls check data for accuracy and completeness when they enter the system. There are specific input controls for input authorization, data conversion, data editing, and error handling. 2. Processing Controls – Processing controls establish that data are complete and accurate during updating. Run control totals, computer matching, and programmed edit checks are used as processing controls. 3. Output Controls –Output controls to ensure that the results of computer processing are accurate, complete and properly distributed. A standard operating procedure (SOP) is a document that provides clear-cut directions and instructions as to how teams and members within an organization must go about completing certain processes. They were formerly called electronic data processing audits (EDP audits). An information technology audit, or information systems audit, is an examination of the management controls within an Information technology (IT) infrastructure. The evaluation of obtained evidence determines if the information systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve the organization’s goals or objectives. These reviews may be performed in conjunction with a financial statement audit, internal audit, or other forms of attestation engagement. End-user computing (EUC) – refers to systems in which non-programmers can create working applications. End-user computing – can range in complexity from users simply clicking a series of buttons, to writing scripts in a controlled scripting language, to being able to modify and execute code directly. End-User computing – is a system developed in such a way that it allows non- programmers to grasp basic technology concepts enabling them creates functional software applications. It comprises different approaches and methodologies that better integrate users and non-programmers into the world of information technology. End-User Computing (EUC) applications such as spreadsheets, some database tools, and more, continue to present challenges for organizations. Authorization - is official permission for something to happen or the act of giving someone official permission to do something. Authentication – verifies your identity and authentication enables authorization. An authorization policy dictates what your identity is allowed to do. Access Controls – Whereas authorization policies define what an individual identity or group may access, access controls – also called permissions or privileges – are the methods we use to enforce such policies. Enterprise resource planning (ERP) applications that facilitate the automated and integrated flow of transactions and data, EUCs are neither ponderous nor difficult to modify TYPES OF AUDIT Technological innovation process audit. – This audit constructs a risk profile for existing and new projects. The audit will assess the length and depth of the company’s experience in its chosen technologies, as well as its presence in relevant markets, the organization of each project, and the structure of the portion of the industry that deals with this project or product, organization, and industry structure. Innovative comparison audit -. This audit is an analysis of the innovative abilities of the company being audited, in comparison to its competitors. This requires examination of the company’s research and development facilities, as well as its track record in actually producing new products. Technological position audit – This audit reviews the technologies that the business currently has and that it needs to add. Technologies are characterized as being either “base”, “key”, “pacing” or “emerging”. Systems and Applications - An audit to verify that systems and applications are appropriate, are efficient and are adequately controlled to ensure valid, reliable, timely, and secure input, processing, and output at all levels of a system’s activity. System and process assurance audits form a subtype, focusing on business process-centric business IT systems. Such audits have the objective to assist financial auditors. CATEGORIES OF AUDIT Information Processing Facilities – An audit to verify that the processing facility is controlled to ensure timely, accurate, and efficient processing of applications under normal and potentially disruptive conditions. Systems Development – An audit to verify that the systems under development meet the objectives of the organization, and to ensure that the systems are developed in accordance with generally accepted standards for systems development. Management of IT and Enterprise Architecture – An audit to verify that IT management has developed an organizational structure and procedures to ensure a controlled and efficient environment for information processing. Client/Server, Telecommunications, Intranets, and Extranets – An audit to verify that telecommunications controls are in place on the client (computer receiving services), server, and on the network connecting the clients and servers. KEY TERMS Computer ethics- A part of practical philosophy which concerns how computing professionals should make decisions regarding professional and social conduct. Copyright – A legal right created by the law of a country that grants the creator of an original work exclusive rights for its use and distribution. Copyright infringement (piracy, theft) – The use of works protected by copyright law without permission, infringing certain exclusive rights granted to the copyright holder, such as the right to reproduce, distribute, display or perform the protected work, or to make derivative works. Cyberbullying – The act of harming or harassing via information technology networks in a repeated and deliberate manner. Cybercrime - Computer crime, or cybercrime, is a crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target Ethics – moral principles that govern a person’s behavior or the conducting of an activity. Globalization – The process of international integration arising from the interchange of world views, products, ideas, and other aspects of culture. Intellectual property rights – The legal rights to which creators of original creative works (such as artistic or literary works, inventions, corporate logos, and more) are entitled. Open-source software - Computer software with its source code made available with a license in which the copyright holder provides the rights to study, change, and distribute the software to anyone and for any purpose. Patent – A set of exclusive rights granted by a sovereign state to an inventor or assignee for a limited period of time in exchange for detailed public disclosure of an invention. Patent infringement – The commission of a prohibited act with respect to a patented invention without permission from the patent holder. Permission may typically be granted in the form of a license. Phishing – The attempt to obtain sensitive information such as user names, passwords, and credit card details, often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. Plagiarism – The “wrongful appropriation” and “stealing and publication” of another author’s “language, thoughts, ideas, or expressions” and the representation of them as one’s own original work. Right to privacy – A human right and an element of various legal traditions which may restrain both government and private party action that threatens the privacy of individuals. Trademark (trademark, trade-mark) – A recognizable sign, design, or expression which identifies products or services of a particular source from those of others, although trademarks used to identify services are usually called service marks. The trademark owner can be an individual, business organization, or any legal entity. Trade secret – A formula, practice, process, design, instrument, pattern, commercial method, or compilation of information not generally known or reasonably ascertainable by others by which a business can obtain an economic advantage over competitors or customers Virtual team – Refers to a group of individuals who work together from different geographic locations and rely on communication technology such as email, FAX, and video or voice conferencing services in order to collaborate.

REVIEWER-NG-MAKAKAPERPEK PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue