Information Technology Controls

ITTIHAD UNIVERSITY
College of Management & Information Systems

B.S. !rogram in B"siness Information Systems
Ao"nting Information Systems #$%$&'&%(
Assignment T)o
Information Te*nology Controls
S"+mitte, +y-
Zubaidah Abdul Rehman (20042080)
I declare that this assignment is my own work, in my own words and it
does not include any copy paste or plagiarism issues. I also confirm
that I did not copy it from others and I have included all the
references.
S".er/ise, +y-
Dr. Selma

Information Technolog !ontrol"
Table of !ontent"
Section 1) Introduction
1.1) Background 3
1.2) Purpose, Aim and Objectives 3
Section 2) I !ontro"s #iscussion and $indings
2.1) %e %ree !"asses o& I !ontro"s 3
2.2) In&ormation ec%no"og' !ontro" Activities and !ontro" !oncerns (
2.3) Interna" !ontro"s (
2.() 'pes o& !ontro"s
2.(.1. Input !ontro"s )
2.(.2. App"ication !ontro"s &or ransaction Processing )
2.(.3. Processing !ontro"s )
2.(.(. #ata*Access !ontro" ota"s +it%in Processing !ontro"s )
2.(.). #ata ,anipu"ation !ontro" -
2.(.-. Output !ontro" -
2.)) !ontro"s &or Persona" !omputers -
Section 3) !onc"usion -
Zubaidah Abdul Rehman, 20020!0 Page 2 of 8
.e&erences /
Section #) Introduction
#.#) $ac%ground
In&ormation tec%no"og' 0I) contro" is about a process t%at +i"" be providing
assurance &or in&ormation services and re"ated in&ormation. %is +i"" be a"so inc"uding
%e"ping to mitigate t%e potentia" risks t%at are associated +it% t%e tec%no"og' use. %e reason
t%at I contro"s are ver' important is because it enab"es assessment o& I contro"s suc% as
revie+ing t%e current s'stem securit' and revie+ing t%e app"ication contro". At t%e same
time, t%e auditors s%ou"d ensure t%at t%e data are re"iab"e in a computer s'stem be&ore actua""'
re"'ing on it. Some o& t%e organi1ations are depending on internationa""' deve"oped s'stems
so t%ere +i"" be need &or interna" audit or se"&*assessment t%at mig%t %e"p in reducing audit
&indings
1
.
#.2) &ur'o"e( Aim and )b*ecti+e"
%e purpose o& project is to identi&' I contro" and to ana"'1e t%eir actions in assisting
&or preventing or detecting errors and &rauds. %ere&ore, t%e aims are maintaining and
en&orcing code o& et%ics, maintaining a s'stem t%at is according to accounting interna"
contro"s, and maintaining a s'stem t%at is about I contro"s
2
. %e genera" purposes o& I
contro"s are app"'ing in a"" t%e in&ormation s'stems. %e major objectives are to make sure
t%at computer programs are approved, aut%ori1ed and tested be&ore usage, and to make sure
t%at access to suc% programs or data are +it% "imited accessibi"it' to aut%ori1ed users
3
. I
contro"s provides assurance suc% as c%anges or deve"opment o& computer programs,
restriction in access, accurac' and comp"eteness
4
.
Section 2) IT !ontrol" Di"cu""ion and ,inding"
2.#) The Three !la""e" of IT !ontrol"
%e t%ree c"asses o& I contro"s are preventive contro"s, detective contro"s, and
corrective contro"s as described be"o+2
1) Preventive contro"s are &or preventing securit', omissions and errors incidents to
%appen
)
3
2) #etective contro"s are &or detecting incidents or errors t%at mig%t e"ude
imp"emented preventive contro"s
6
3
1
e4as State Agenc' Interna" Audit $orum. 02556). Interna" !ontro" .e7uirements &or t%e American .ecover' and
.einvestment Act 0A..A). .etrieved 2) October 2556 &rom
%ttp288+++2.dir.state.t4.us8Site!o""ection#ocuments8SponsoredSites8StateAgenc'!oordinating!ommittee8StateAgenc'Inter
na"Audit$orum0SAIA$)8Overvie+*Interna"!ontro"s5/*2/*56.ppt
2
urner, 9. 0166/). Accounting In&ormation S'stems, !%apter 32 $raud, :t%ics, and Interna" !ontro". .etrieved 2) October
2556 &rom %ttp288%ig%eredbcs.+i"e'.com8"egac'8co""ege8turner85(/1(/6)168ppt8c%53.ppt
3
Brad&ord, ,. 0166-). !ore !oncepts o& AIS. .etrieved 2) October 2556 &rom
%ttp288+++.uamont.edu8$acu"t'9eb8;ammett8ppt8AIS8c%12.ppt
(
Brad&ord, ,. 0166-). !%apter 62 !omputer !ontro"s &or Accounting In&ormation S'stems. .etrieved 2) October 2556 &rom
%ttp288+++.cba.ua.edu8<jomason8ac3=683=6*!%56.ppt
)
!rumb"e', >. 0166-). $orensic Accounting2 Strategies &or #etecting ? !ontro""ing $raud. .etrieved 2) October 2556 &rom
%ttp288+++.bus."su.edu8accounting8&acu"t'8"crumb"e'8,a"a'sia@Spring2556@525(2556.ppt
3) !orrective contro"s are &or correcting incidents, omissions, and errors a&ter
detecting it
7
.
2.2) Information Technolog !ontrol Acti+itie" and !ontrol !oncern"
According to &igure 1, it s%o+s I contro" concerns and t%eir e4p"anation to be taken
under consideration2
$igure12 I !ontro" !oncerns and t%eir :4p"anation
8
I contro" activities are genera" and app"ication contro"s, backup data, disaster
recover', and business continuit' over in&ormation s'stems t%at +i"" be inc"uding end*user,
main&rame and net+ork environments
9
.
2.-) Internal !ontrol"
%e organi1ation s%ou"d %ave I interna" contro"s suc% as t%e re"ations%ip bet+een
app"ication contro"s and genera" contro"s as s%o+n in &igure 2 and t%eir categories o& contro"
t'pe e4p"ained in &igure 32
-
/
=
6
e4as State Agenc' Interna" Audit $orum. 02556). Interna" !ontro" .e7uirements &or t%e American .ecover' and
.einvestment Act 0A..A). .etrieved 2) October 2556 &rom
%ttp288+++2.dir.state.t4.us8Site!o""ection#ocuments8SponsoredSites8StateAgenc'!oordinating!ommittee8StateAgenc'Inter
na"Audit$orum0SAIA$)8Overvie+*Interna"!ontro"s5/*2/*56.ppt
$igure 22 I Interna" !ontro"s
10
$igure 32 !ontro" 'pe !ategories
11
2.4) T'e" of !ontrol"
2.4.#. In'ut !ontrol"
%e input contro"s are attempting to ensure t%at t%ere is comp"eteness, accurac' and
va"idit' o& t%e data as entered into an AIS. %e categories inc"ude additiona" input contro"s,
edit tests, and transcription, observation and recording o& data
12
.
2.4.2. A''lication !ontrol" for Tran"action &roce""ing
%e reason &or designing app"ication contro"s are &or correcting errors, correcting
irregu"arities, a"ong +it% detecting and preventing t%em. %is +i"" be taking p"ace in
transactions suc% as data processing stages o& input, processing and output
13
.
2.4.-. &roce""ing !ontrol"
%e &ocus o& processing contro"s is on t%e accounting data manipu"ation a&ter t%e
input event to t%e computer s'stem. %ere are t+o kinds o& processing contro"s2 data
manipu"ation contro"s and data access contro"s
14
.
2.4.4. Data.Acce"" !ontrol Total" /ithin &roce""ing !ontrol"
15
Beas"e', :"der, ? Arens. 02512). %e Impact o& In&ormation ec%no"og' on t%e Audit Process. .etrieved 2) October 2556
&rom %ttp288+++.c+u.edu8<rub"em8acct@(-5Po+erpoint@&i"es8PPA25(-5A25!%12.ppt
11
Beas"e', :"der, ? Arens. 02512). %e Impact o& In&ormation ec%no"og' on t%e Audit Process. .etrieved 2) October 2556
&rom %ttp288+++.c+u.edu8<rub"em8acct@(-5Po+erpoint@&i"es8PPA25(-5A25!%12.ppt
12
13
1(
#ata access contro"s inc"ude contro" procedures suc% as record count, %as% tota",
&inancia" and non&inancia" contro" tota", and batc% contro" tota"
15
.
2.4.0. Data 1ani'ulation !ontrol
In order to produce use&u" output, t%e data t%at +as va"idated s%ou"d be manipu"ated
in some +a'. %e data manipu"ation contro"s inc"ude test data, compi"er, &"o+ c%arts and
diagrams, and so&t+are documentation
16
.
2.4.2. )ut'ut !ontrol
%e output contro" ensures
17
2
!omp"eteness,
Accurac', and
Ba"idit'.
2.0) !ontrol" for &er"onal !om'uter"
%e contro"s &or persona" computers invo"ves ana"'1ing p%'sica" securit', computers
c"assi&ication according to e4posures and risks, uti"i1ing app"ications, taking an inventor' o&
persona" computers
18
.
Section -) !onclu"ion
In conc"usion, I contro"s %ave severa" areas as discussed ear"ier. %ere&ore, t%e
organi1ation s%ou"d determine t%e speci&ic areas t%e' need to imp"ement I contro"s.
According"', t%e' s%ou"d set procedures and po"icies supporting t%ose I contro" measures.
9e %ave a"so discussed I contro"s in genera" and app"ication.
1)
1-
1/
1=
Reference"
1) e4as State Agenc' Interna" Audit $orum. 02556). Interna" !ontro" .e7uirements &or t%e
American .ecover' and .einvestment Act 0A..A). .etrieved 2) October 2556 &rom
%ttp288+++2.dir.state.t4.us8Site!o""ection#ocuments8SponsoredSites8StateAgenc'!oordi
nating!ommittee8StateAgenc'Interna"Audit$orum0SAIA$)8Overvie+*
Interna"!ontro"s5/*2/*56.ppt
2) urner, 9. 0166/). Accounting In&ormation S'stems, !%apter 32 $raud, :t%ics, and
Interna" !ontro". .etrieved 2) October 2556 &rom
%ttp288%ig%eredbcs.+i"e'.com8"egac'8co""ege8turner85(/1(/6)168ppt8c%53.ppt
3) Brad&ord, ,. 0166-). !ore !oncepts o& AIS. .etrieved 2) October 2556 &rom
() Brad&ord, ,. 0166-). !%apter 62 !omputer !ontro"s &or Accounting In&ormation S'stems.
.etrieved 2) October 2556 &rom %ttp288+++.cba.ua.edu8<jomason8ac3=683=6*!%56.ppt
)) !rumb"e', >. 0166-). $orensic Accounting2 Strategies &or #etecting ? !ontro""ing $raud.
.etrieved 2) October 2556 &rom
%ttp288+++.bus."su.edu8accounting8&acu"t'8"crumb"e'8,a"a'sia@Spring2556@525(2556.p
pt
-) !rumb"e', >. 0166-). $orensic Accounting2 Strategies &or #etecting ? !ontro""ing $raud.
pt
/) !rumb"e', >. 0166-). $orensic Accounting2 Strategies &or #etecting ? !ontro""ing $raud.
pt
=) Brad&ord, ,. 0166-). !ore !oncepts o& AIS. .etrieved 2) October 2556 &rom
6) e4as State Agenc' Interna" Audit $orum. 02556). Interna" !ontro" .e7uirements &or t%e
American .ecover' and .einvestment Act 0A..A). .etrieved 2) October 2556 &rom
%ttp288+++2.dir.state.t4.us8Site!o""ection#ocuments8SponsoredSites8StateAgenc'!oordi
nating!ommittee8StateAgenc'Interna"Audit$orum0SAIA$)8Overvie+*
Interna"!ontro"s5/*2/*56.ppt
15) Beas"e', :"der, ? Arens. 02512). %e Impact o& In&ormation ec%no"og' on t%e Audit
Process. .etrieved 2) October 2556 &rom
%ttp288+++.c+u.edu8<rub"em8acct@(-5Po+erpoint@&i"es8PPA25(-5A25!%12.ppt
11) Beas"e', :"der, ? Arens. 02512). %e Impact o& In&ormation ec%no"og' on t%e Audit
Process. .etrieved 2) October 2556 &rom
%ttp288+++.c+u.edu8<rub"em8acct@(-5Po+erpoint@&i"es8PPA25(-5A25!%12.ppt
12) Brad&ord, ,. 0166-). !%apter 62 !omputer !ontro"s &or Accounting In&ormation S'stems.
13) Brad&ord, ,. 0166-). !%apter 62 !omputer !ontro"s &or Accounting In&ormation S'stems.
1() Brad&ord, ,. 0166-). !%apter 62 !omputer !ontro"s &or Accounting In&ormation S'stems.
1)) Brad&ord, ,. 0166-). !%apter 62 !omputer !ontro"s &or Accounting In&ormation S'stems.
1-) Brad&ord, ,. 0166-). !%apter 62 !omputer !ontro"s &or Accounting In&ormation S'stems.
1/) Brad&ord, ,. 0166-). !%apter 62 !omputer !ontro"s &or Accounting In&ormation S'stems.
1=) Brad&ord, ,. 0166-). !ore !oncepts o& AIS. .etrieved 2) October 2556 &rom

Information Technology Controls

Enviado por

Dados do documento

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Information Technology Controls

Enviado por

Direitos autorais:

Formatos disponíveis

ITTIHAD UNIVERSITY

College of Management & Information Systems

Você também pode gostar