Summary of IT Controls Part II,Security and Access.

By -

Summary

This chapter continues the discussion of IT general controls and audit tests begun in Chapter 15. It examined the risks and controls over operating systems, database management systems, networks, and EDI systems. The principal threats to the operating system are (1) unauthorized access, (2) intentional or unintentional insertion of viruses, and (3) loss of data due to system malfunctions.

Unauthorized access to the database can be effectively con- trolled through the use of well-designed user views, authorization rules, user-defined procedures, and data encryption. Backup and recovery techniques can be used to safeguard data against system malfunctions. Networks and communication links are susceptible to exposures from both criminal subversion and equipment failure. Subversive threats can be minimized through a variety of security and access control measures including firewalls, IPS, DPI, data encryption, and call- back devices. Equipment failure usually takes the form of line errors, which noise in communications lines causes. These can be effectively reduced through echo checks and parity checks.

The discussion then turned to EDI, where firms are faced with a variety of exposures that arise in connection with an environment void of human intermediaries to authorize or review transactions. Controls in an EDI environment are achieved primarily through programmed procedures to authorize transactions, limit access to data files, and ensure that transactions the system processes are valid.

Comments

Post a Comment

Popular posts from this blog

The Conversion Cycle:The Traditional Manufacturing Environment

By -
Image
The Traditional Manufacturing Environment The conversion cycle consists of both physical and information activities related to manufacturing products for sale. The context-level data flow diagram (DFD) in Figure 7-1 illustrates the central role of the conversion cycle and its interactions with other business cycles. Production is triggered by customer orders from the revenue cycle and/or by sales forecasts from marketing. These inputs are used to set a production target and prepare a production plan, which drives production activities. Purchase requisitions for the raw materials needed to meet production objectives are sent to the purchases procedures (expenditure cycle), which prepares purchase orders for vendors. Labor used in production is transmitted to the payroll system (expenditure cycle) for payroll processing. Manufacturing costs associated with intermediate work-in-process and finished goods (FG) are sent to the general ledger (GL) and financial reporting system. Dependin
Read more

The Revenue Cycle:Manual Systems

By -
Image
Manual Systems The purpose of this section is to support the system concepts presented in the previous section with models depicting people, organizational units, and physical documents and files. This section should help you envision the segregation of duties and independent verifications, which are essential to effective internal control regardless of the technology in place. In addition, we highlight inefficiencies intrinsic to manual systems, which gave rise to modern systems using improved technologies. SALES ORDER PROCESSING The system flowchart in Figure 4-12 shows the procedures and the documents typical to a manual sales order system. In manual systems, maintaining physical files of source documents is critical to the audit trail. As we walk through the flowchart, notice that in each department, after completion of the assigned task, one or more documents are filed as evidence that the task was completed. Sales Department The sales process begins with a customer cont
Read more

HIPO (hierarchy plus input-process-output)

By -
Image
HIPO (hierarchy plus input-process-output) 64.1 Purpose The HIPO (Hierarchy plus Input-Process-Output) technique is a tool for planning and/or documenting a computer program. A HIPO model consists of a hierarchy chart that graphically represents the program’s control structure and a set of IPO (Input-Process-Output) charts that describe the inputs to, the outputs from, and the functions (or processes) performed by each module on the hierarchy chart. 64.2 Strengths, weaknesses, and limitations Using the HIPO technique, designers can evaluate and refine a program’s design, and correct flaws prior to implementation. Given the graphic nature of HIPO, users and managers can easily follow a program’s structure. The hierarchy chart serves as a useful planning and visualization document for managing the program development process. The IPO charts define for the programmer each module’s inputs, outputs, and algorithms. In theory, HIPO provides valuable long-term documentation. However
Read more