Ittihad University: Assignment Two

ITTIHAD UNIVERSITY
College of Management & Information Systems

B.S. !rogram in B"siness Information Systems
Ao"nting Information Systems #$%$&'&%(
Assignment T)o
Information Te*nology Controls
S"+mitte, +y-
Zubaidah Abdul Rehman (20042080)
I declare that this assignment is my own work, in my own words and it
does not include any copy paste or plagiarism issues. I also confirm
that I did not copy it from others and I have included all the
references.
S".er/ise, +y-
Dr. Selma

Information Technolog !ontrol"
Table of !ontent"
Section 1) Introduction 1
Section 2) Role of the AIS 1
2.1) Role by Accountants in General 2
2.2) Role by Specific Accounting Professions 3
Section 3) Conclusion 3
References
Zubaidah Abdul Rehman, 20020!0 Page 2 of 12
Section #) Introduction
#.#) $ac%ground
Infor!ation technology pro"ides
I# control is a process that pro"ides assurance for infor!ation and infor!ation ser"ices$ and
helps !itigate ris%s associated &ith use of technology.
I!portance of I# Controls
An I# controls assess!ent includes a re"ie& of syste! security and an application
control re"ie&.
Auditors !ust ensure that the data in a co!puter syste! is reliable before they can
rely on the data.
If your agency relies on internally de"eloped syste!s$ a self'assess!ent or an internal
audit !ay reduce audit findings.
1
.
#.2) &ur'o"e( Aim and )b*ecti+e"
Actions to assist in pre"ention or detection of fraud and errors(
1. )aintain and enforce a code of ethics.
2. )aintain a syste! of accounting internal controls.
3. )aintain a syste! of infor!ation technology controls.
2
.
I# general controls apply to all infor!ation syste!s
)a*or +b*ecti"es
Co!puter progra!s are authori,ed$ tested$ and appro"ed before usage
1
#e-as State Agency Internal Audit .oru!. /2001). Internal Control Re2uire!ents for the A!erican Reco"ery and Rein"est!ent Act
/ARRA). Retrie"ed 23 +ctober 2001 fro!
http(44&&&2.dir.state.t-.us4SiteCollection5ocu!ents4SponsoredSites4StateAgencyCoordinatingCo!!ittee4StateAgencyInternalAudit.oru!
/SAIA.)4+"er"ie&'InternalControls06'26'01.ppt
2
#urner$ 7. /1116). Accounting Infor!ation Syste!s$ Chapter 3( .raud$ 8thics$ and Internal Control. Retrie"ed 23 +ctober 2001 fro!
http(44higheredbcs.&iley.co!4legacy4college4turner4061613114ppt4ch03.ppt
Access to progra!s and data is li!ited to authori,ed users
3
.
I9.+R)A#I+9 #8C:9+;+G<
G898RA; C+9#R+;S
#he ob*ecti"es of controls is to pro"ide
assurance that
the de"elop!ent of and changes to
co!puter progra!s are authori,ed$
tested$ and appro"ed before their usage
access to data files is restricted
processed accounting data are accurate
and co!plete
4
.
Section 2) The Three !la""e" of !ontrol"
&re+enti+e control"( #hese controls are first in line to pre"ent errors$ o!issions$ or
security incidents fro! occurring. 8-a!ples include controls that restrict access to syste!s to
authori,ed persons such as intrusion pre"ention syste!s and fire&alls$ and integrity
constraints that are e!bedded &ithin a 5atabase )anage!ent Syste!. ,o"t -fficient
5
.
Detecti+e control"( #hese controls detect errors or incidents that ha"e eluded the
pre"entati"e controls. 8-a!ples include controls that test &hether authori,ation li!its ha"e
been e-ceeded$ or an analysis of acti"ity in pre"iously dor!ant accounts. Im'ortant .hen
're+enti+e control" .ea%. 8-a!ples include situations &here the transactions are deri"ed
fro! third party reports such as sales reports fro! franchisees$ &arranty clai!s reported by
3
=radford$ ). /111>). Core Concepts of AIS. Retrie"ed 23 +ctober 2001 fro!
http(44&&&.ua!ont.edu4.aculty7eb4:a!!ett4ppt4AIS4ch12.ppt
=radford$ ). /111>). Chapter 1( Co!puter Controls for Accounting Infor!ation Syste!s. Retrie"ed 23 +ctober 2001 fro!
http(44&&&.cba.ua.edu4?*o!ason4ac3@143@1'Ch01.ppt
3
Cru!bley$ ;. /111>). .orensic Accounting( Strategies for 5etecting A Controlling .raud. Retrie"ed 23 +ctober 2001 fro!
http(44&&&.bus.lsu.edu4accounting4faculty4lcru!bley4)alaysiaBSpring2001B0202001.ppt
auto dealers$ baggage clai!s reported by passengers at airports$ and reports of coupons or
rebates redee!ed by rede!ption processors.
6
.
!orrecti+e control"( #hese controls correct errors$ o!issions$ or incidents after
detection. #hey "ary fro! si!ple correction of data'entry errors$ to identifying and re!o"ing
unauthori,ed users fro! syste!s or net&or%s. Correcti"e controls are the actions ta%en to
!ini!i,e further losses.
7
.
Section /) Information Technolog !ontrol Acti+itie" and !ontrol !oncern"
8
.
8-a!ples of Infor!ation #echnology /I#) control acti"ities include(
business continuity
disaster reco"ery
bac%up of data
general and application controls o"er infor!ation syste!s$
including !ainfra!e$ net&or%$ and end'user en"iron!ents.
>
6
@
9
.
Section 4) Internal !ontrol"
Internal Controls Specific to Infor!ation #echnology
Relationship =et&een General
and Application Controls
10
.
Categories of General and Application Controls
1
#e-as State Agency Internal Audit .oru!. /2001). Internal Control Re2uire!ents for the A!erican Reco"ery and Rein"est!ent Act
/ARRA). Retrie"ed 23 +ctober 2001 fro!
http(44&&&2.dir.state.t-.us4SiteCollection5ocu!ents4SponsoredSites4StateAgencyCoordinatingCo!!ittee4StateAgencyInternalAudit.oru!
/SAIA.)4+"er"ie&'InternalControls06'26'01.ppt
10
=easley$ 8lder$ A Arens. /2012). #he I!pact of Infor!ation #echnology on the Audit Process. Retrie"ed 23 +ctober 2001 fro!
http(44&&&.c&u.edu4?ruble!4acctB>0Po&erpointBfiles4PPC20>0C20Ch12.ppt
11
.
Section 0) T'e" of !ontrol"
0.#) In'ut !ontrol"
In'ut control" attem't to en"ure the
+alidit
accurac
com'letene"" of the data entered into an AIS
The categorie" of in'ut control" include
ob"er+ation( recording( and tran"cri'tion
of data
edit te"t"
additional in'ut control"
12
.
0.2) A''lication !ontrol" for Tran"action &roce""ing
A''lication control" are de"igned to
're+ent(
detect( and
correct error" and irregularitie"
11
=easley$ 8lder$ A Arens. /2012). #he I!pact of Infor!ation #echnology on the Audit Process. Retrie"ed 23 +ctober 2001 fro!
http(44&&&.c&u.edu4?ruble!4acctB>0Po&erpointBfiles4PPC20>0C20Ch12.ppt
12
in tran"action" in
the in'ut
'roce""ing
the out'ut "tage" of data 'roce""ing
13
.
0./) &roce""ing !ontrol"
"rocessing controls focu" on the mani'ulation of accounting data after the are
in'ut to the com'uter ""tem.
1e ob*ecti+e i" a clear audit trail
&roce""ing control" are of t.o %ind"2
Data3acce"" control"
Data mani'ulation control"
14
.
0.4) Data3Acce"" !ontrol Total"
Some common 'roce""ing control 'rocedure" are
batch control total
financial control total
nonfinancial control total
ha"h total
record count
15
.
0.0) Data ,ani'ulation !ontrol
13
1
13
Data ,ani'ulation !ontrol"
)nce data ha" been +alidated b earlier
'ortion" of data 'roce""ing( the u"uall mu"t
be mani'ulated in "ome .a to 'roduce u"eful
out'ut.
Data mani'ulation control" include2
Soft.are documentation( i.e.
flo. chart" and diagram"
!om'iler
Te"t Data
16
.
0.4) )ut'ut !ontrol
#he ob*ecti"es of output controls is to
ensure
"alidity
accuracy
co!pleteness
#&o !a*or types of output application
controls are
"alidating processing results by
Activity (or proof) listings
regulating the distribution and
use of printed output through
Forms
Prenumbered forms
authorized distribution list
Shredding sensiti"e docu!ents
17
.
1>
16
0.5) !ontrol" for 6et.or%"
Control Proble!s
8lectronic ea"esdropping
:ard&are or soft&are !alfunctions
8rrors in data trans!ission
Control Procedures
Chec%point control procedure
Routing "erification procedures
)essage ac%no&ledg!ent procedures
0.8) !ontrol" for &er"onal !om'uter"
#a%e an in"entory of personal co!puters
Applications utili,ed by each personal co!puter
Classify co!puters according to ris%s and e-posures
Physical security
18
.
Section 4) !onclu"ion
Policies and procedures that help ensure that the ris% responses$ as &ell as other entity
directi"es$ are carried out.
+ccur throughout the organi,ation$ at all le"els and in all functions.
Include application and general infor!ation technology controls.
1@
IT a''lication control"2
Apply to the processing of indi"idual applications
:elp ensure that transactions occurred$ are authori,ed$ and are
co!pletely and accurately recorded and processed
IT general control"2
Policies and procedures that relate to !any applications and support
the effecti"e functioning of application controls and !anual controls &ith an
I# co!ponent
Reference"

Ittihad University: Assignment Two

Enviado por

Dados do documento

Título original

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Ittihad University: Assignment Two

Enviado por

Direitos autorais:

Formatos disponíveis

ITTIHAD UNIVERSITY

College of Management & Information Systems

Você também pode gostar