Information Technology Controls
Section 1) Introduction
1.1) Background 3
1.2) Purpose, Aim and Objectives 3
Section 2) IT Controls Discussion and Findings
2.1) The Three Classes of IT Controls 3
2.2) Information Technology Control Activities and Control Concerns 4
2.3) Internal Controls 4
2.4) Types of Controls
2.4.1. Input Controls 5
2.4.2. Application Controls for Transaction Processing 5
2.4.3. Processing Controls 5
2.4.4. Data-Access Control Totals within Processing Controls 5
2.4.5. Data Manipulation Control 6
2.4.6. Output Control 6
2.5) Controls for Personal Computers 6
Section 3) Conclusion 6
References 7
Information Technology Controls
Section 1) Introduction
1.1) Background 3
1.2) Purpose, Aim and Objectives 3
Section 2) IT Controls Discussion and Findings
2.1) The Three Classes of IT Controls 3
2.2) Information Technology Control Activities and Control Concerns 4
2.3) Internal Controls 4
2.4) Types of Controls
2.4.1. Input Controls 5
2.4.2. Application Controls for Transaction Processing 5
2.4.3. Processing Controls 5
2.4.4. Data-Access Control Totals within Processing Controls 5
2.4.5. Data Manipulation Control 6
2.4.6. Output Control 6
2.5) Controls for Personal Computers 6
Section 3) Conclusion 6
References 7
Information Technology Controls
Section 1) Introduction
1.1) Background 3
1.2) Purpose, Aim and Objectives 3
Section 2) IT Controls Discussion and Findings
2.1) The Three Classes of IT Controls 3
2.2) Information Technology Control Activities and Control Concerns 4
2.3) Internal Controls 4
2.4) Types of Controls
2.4.1. Input Controls 5
2.4.2. Application Controls for Transaction Processing 5
2.4.3. Processing Controls 5
2.4.4. Data-Access Control Totals within Processing Controls 5
2.4.5. Data Manipulation Control 6
2.4.6. Output Control 6
2.5) Controls for Personal Computers 6
Section 3) Conclusion 6
References 7
B.S. !rogram in B"siness Information Systems Ao"nting Information Systems #$%$&'&%( Assignment T)o Information Te*nology Controls S"+mitte, +y- Zubaidah Abdul Rehman (20042080) I declare that this assignment is my own work, in my own words and it does not include any copy paste or plagiarism issues. I also confirm that I did not copy it from others and I have included all the references. S".er/ise, +y- Dr. Selma
Information Technolog !ontrol" Table of !ontent" Section 1) Introduction 1.1) Background 3 1.2) Purpose, Aim and Objectives 3 Section 2) I !ontro"s #iscussion and $indings 2.1) %e %ree !"asses o& I !ontro"s 3 2.2) In&ormation ec%no"og' !ontro" Activities and !ontro" !oncerns ( 2.3) Interna" !ontro"s ( 2.() 'pes o& !ontro"s 2.(.1. Input !ontro"s ) 2.(.2. App"ication !ontro"s &or ransaction Processing ) 2.(.3. Processing !ontro"s ) 2.(.(. #ata*Access !ontro" ota"s +it%in Processing !ontro"s ) 2.(.). #ata ,anipu"ation !ontro" - 2.(.-. Output !ontro" - 2.)) !ontro"s &or Persona" !omputers - Section 3) !onc"usion - Zubaidah Abdul Rehman, 20020!0 Page 2 of 8 Information Technolog !ontrol" .e&erences / Section #) Introduction #.#) $ac%ground In&ormation tec%no"og' 0I) contro" is about a process t%at +i"" be providing assurance &or in&ormation services and re"ated in&ormation. %is +i"" be a"so inc"uding %e"ping to mitigate t%e potentia" risks t%at are associated +it% t%e tec%no"og' use. %e reason t%at I contro"s are ver' important is because it enab"es assessment o& I contro"s suc% as revie+ing t%e current s'stem securit' and revie+ing t%e app"ication contro". At t%e same time, t%e auditors s%ou"d ensure t%at t%e data are re"iab"e in a computer s'stem be&ore actua""' re"'ing on it. Some o& t%e organi1ations are depending on internationa""' deve"oped s'stems so t%ere +i"" be need &or interna" audit or se"&*assessment t%at mig%t %e"p in reducing audit &indings 1 . #.2) &ur'o"e( Aim and )b*ecti+e" %e purpose o& project is to identi&' I contro" and to ana"'1e t%eir actions in assisting &or preventing or detecting errors and &rauds. %ere&ore, t%e aims are maintaining and en&orcing code o& et%ics, maintaining a s'stem t%at is according to accounting interna" contro"s, and maintaining a s'stem t%at is about I contro"s 2 . %e genera" purposes o& I contro"s are app"'ing in a"" t%e in&ormation s'stems. %e major objectives are to make sure t%at computer programs are approved, aut%ori1ed and tested be&ore usage, and to make sure t%at access to suc% programs or data are +it% "imited accessibi"it' to aut%ori1ed users 3 . I contro"s provides assurance suc% as c%anges or deve"opment o& computer programs, restriction in access, accurac' and comp"eteness 4 . Section 2) IT !ontrol" Di"cu""ion and ,inding" 2.#) The Three !la""e" of IT !ontrol" %e t%ree c"asses o& I contro"s are preventive contro"s, detective contro"s, and corrective contro"s as described be"o+2 1) Preventive contro"s are &or preventing securit', omissions and errors incidents to %appen ) 3 2) #etective contro"s are &or detecting incidents or errors t%at mig%t e"ude imp"emented preventive contro"s 6 3 1 e4as State Agenc' Interna" Audit $orum. 02556). Interna" !ontro" .e7uirements &or t%e American .ecover' and .einvestment Act 0A..A). .etrieved 2) October 2556 &rom %ttp288+++2.dir.state.t4.us8Site!o""ection#ocuments8SponsoredSites8StateAgenc'!oordinating!ommittee8StateAgenc'Inter na"Audit$orum0SAIA$)8Overvie+*Interna"!ontro"s5/*2/*56.ppt 2 urner, 9. 0166/). Accounting In&ormation S'stems, !%apter 32 $raud, :t%ics, and Interna" !ontro". .etrieved 2) October 2556 &rom %ttp288%ig%eredbcs.+i"e'.com8"egac'8co""ege8turner85(/1(/6)168ppt8c%53.ppt 3 Brad&ord, ,. 0166-). !ore !oncepts o& AIS. .etrieved 2) October 2556 &rom %ttp288+++.uamont.edu8$acu"t'9eb8;ammett8ppt8AIS8c%12.ppt ( Brad&ord, ,. 0166-). !%apter 62 !omputer !ontro"s &or Accounting In&ormation S'stems. .etrieved 2) October 2556 &rom %ttp288+++.cba.ua.edu8<jomason8ac3=683=6*!%56.ppt ) !rumb"e', >. 0166-). $orensic Accounting2 Strategies &or #etecting ? !ontro""ing $raud. .etrieved 2) October 2556 &rom %ttp288+++.bus."su.edu8accounting8&acu"t'8"crumb"e'8,a"a'sia@Spring2556@525(2556.ppt Zubaidah Abdul Rehman, 20020!0 Page 3 of 8 Information Technolog !ontrol" 3) !orrective contro"s are &or correcting incidents, omissions, and errors a&ter detecting it 7 . 2.2) Information Technolog !ontrol Acti+itie" and !ontrol !oncern" According to &igure 1, it s%o+s I contro" concerns and t%eir e4p"anation to be taken under consideration2 $igure12 I !ontro" !oncerns and t%eir :4p"anation 8 I contro" activities are genera" and app"ication contro"s, backup data, disaster recover', and business continuit' over in&ormation s'stems t%at +i"" be inc"uding end*user, main&rame and net+ork environments 9 . 2.-) Internal !ontrol" %e organi1ation s%ou"d %ave I interna" contro"s suc% as t%e re"ations%ip bet+een app"ication contro"s and genera" contro"s as s%o+n in &igure 2 and t%eir categories o& contro" t'pe e4p"ained in &igure 32 - !rumb"e', >. 0166-). $orensic Accounting2 Strategies &or #etecting ? !ontro""ing $raud. .etrieved 2) October 2556 &rom %ttp288+++.bus."su.edu8accounting8&acu"t'8"crumb"e'8,a"a'sia@Spring2556@525(2556.ppt / !rumb"e', >. 0166-). $orensic Accounting2 Strategies &or #etecting ? !ontro""ing $raud. .etrieved 2) October 2556 &rom %ttp288+++.bus."su.edu8accounting8&acu"t'8"crumb"e'8,a"a'sia@Spring2556@525(2556.ppt = Brad&ord, ,. 0166-). !ore !oncepts o& AIS. .etrieved 2) October 2556 &rom %ttp288+++.uamont.edu8$acu"t'9eb8;ammett8ppt8AIS8c%12.ppt 6 e4as State Agenc' Interna" Audit $orum. 02556). Interna" !ontro" .e7uirements &or t%e American .ecover' and .einvestment Act 0A..A). .etrieved 2) October 2556 &rom %ttp288+++2.dir.state.t4.us8Site!o""ection#ocuments8SponsoredSites8StateAgenc'!oordinating!ommittee8StateAgenc'Inter na"Audit$orum0SAIA$)8Overvie+*Interna"!ontro"s5/*2/*56.ppt Zubaidah Abdul Rehman, 20020!0 Page 4 of 8 Information Technolog !ontrol" $igure 22 I Interna" !ontro"s 10 $igure 32 !ontro" 'pe !ategories 11 2.4) T'e" of !ontrol" 2.4.#. In'ut !ontrol" %e input contro"s are attempting to ensure t%at t%ere is comp"eteness, accurac' and va"idit' o& t%e data as entered into an AIS. %e categories inc"ude additiona" input contro"s, edit tests, and transcription, observation and recording o& data 12 . 2.4.2. A''lication !ontrol" for Tran"action &roce""ing %e reason &or designing app"ication contro"s are &or correcting errors, correcting irregu"arities, a"ong +it% detecting and preventing t%em. %is +i"" be taking p"ace in transactions suc% as data processing stages o& input, processing and output 13 . 2.4.-. &roce""ing !ontrol" %e &ocus o& processing contro"s is on t%e accounting data manipu"ation a&ter t%e input event to t%e computer s'stem. %ere are t+o kinds o& processing contro"s2 data manipu"ation contro"s and data access contro"s 14 . 2.4.4. Data.Acce"" !ontrol Total" /ithin &roce""ing !ontrol" 15 Beas"e', :"der, ? Arens. 02512). %e Impact o& In&ormation ec%no"og' on t%e Audit Process. .etrieved 2) October 2556 &rom %ttp288+++.c+u.edu8<rub"em8acct@(-5Po+erpoint@&i"es8PPA25(-5A25!%12.ppt 11 Beas"e', :"der, ? Arens. 02512). %e Impact o& In&ormation ec%no"og' on t%e Audit Process. .etrieved 2) October 2556 &rom %ttp288+++.c+u.edu8<rub"em8acct@(-5Po+erpoint@&i"es8PPA25(-5A25!%12.ppt 12 Brad&ord, ,. 0166-). !%apter 62 !omputer !ontro"s &or Accounting In&ormation S'stems. .etrieved 2) October 2556 &rom %ttp288+++.cba.ua.edu8<jomason8ac3=683=6*!%56.ppt 13 Brad&ord, ,. 0166-). !%apter 62 !omputer !ontro"s &or Accounting In&ormation S'stems. .etrieved 2) October 2556 &rom %ttp288+++.cba.ua.edu8<jomason8ac3=683=6*!%56.ppt 1( Brad&ord, ,. 0166-). !%apter 62 !omputer !ontro"s &or Accounting In&ormation S'stems. .etrieved 2) October 2556 &rom %ttp288+++.cba.ua.edu8<jomason8ac3=683=6*!%56.ppt Zubaidah Abdul Rehman, 20020!0 Page 5 of 8 Information Technolog !ontrol" #ata access contro"s inc"ude contro" procedures suc% as record count, %as% tota", &inancia" and non&inancia" contro" tota", and batc% contro" tota" 15 . 2.4.0. Data 1ani'ulation !ontrol In order to produce use&u" output, t%e data t%at +as va"idated s%ou"d be manipu"ated in some +a'. %e data manipu"ation contro"s inc"ude test data, compi"er, &"o+ c%arts and diagrams, and so&t+are documentation 16 . 2.4.2. )ut'ut !ontrol %e output contro" ensures 17 2 !omp"eteness, Accurac', and Ba"idit'. 2.0) !ontrol" for &er"onal !om'uter" %e contro"s &or persona" computers invo"ves ana"'1ing p%'sica" securit', computers c"assi&ication according to e4posures and risks, uti"i1ing app"ications, taking an inventor' o& persona" computers 18 . Section -) !onclu"ion In conc"usion, I contro"s %ave severa" areas as discussed ear"ier. %ere&ore, t%e organi1ation s%ou"d determine t%e speci&ic areas t%e' need to imp"ement I contro"s. According"', t%e' s%ou"d set procedures and po"icies supporting t%ose I contro" measures. 9e %ave a"so discussed I contro"s in genera" and app"ication. 1) Brad&ord, ,. 0166-). !%apter 62 !omputer !ontro"s &or Accounting In&ormation S'stems. .etrieved 2) October 2556 &rom %ttp288+++.cba.ua.edu8<jomason8ac3=683=6*!%56.ppt 1- Brad&ord, ,. 0166-). !%apter 62 !omputer !ontro"s &or Accounting In&ormation S'stems. .etrieved 2) October 2556 &rom %ttp288+++.cba.ua.edu8<jomason8ac3=683=6*!%56.ppt 1/ Brad&ord, ,. 0166-). !%apter 62 !omputer !ontro"s &or Accounting In&ormation S'stems. .etrieved 2) October 2556 &rom %ttp288+++.cba.ua.edu8<jomason8ac3=683=6*!%56.ppt 1= Brad&ord, ,. 0166-). !ore !oncepts o& AIS. .etrieved 2) October 2556 &rom %ttp288+++.uamont.edu8$acu"t'9eb8;ammett8ppt8AIS8c%12.ppt Zubaidah Abdul Rehman, 20020!0 Page 6 of 8 Information Technolog !ontrol" Reference" 1) e4as State Agenc' Interna" Audit $orum. 02556). Interna" !ontro" .e7uirements &or t%e American .ecover' and .einvestment Act 0A..A). .etrieved 2) October 2556 &rom %ttp288+++2.dir.state.t4.us8Site!o""ection#ocuments8SponsoredSites8StateAgenc'!oordi nating!ommittee8StateAgenc'Interna"Audit$orum0SAIA$)8Overvie+* Interna"!ontro"s5/*2/*56.ppt 2) urner, 9. 0166/). Accounting In&ormation S'stems, !%apter 32 $raud, :t%ics, and Interna" !ontro". .etrieved 2) October 2556 &rom %ttp288%ig%eredbcs.+i"e'.com8"egac'8co""ege8turner85(/1(/6)168ppt8c%53.ppt 3) Brad&ord, ,. 0166-). !ore !oncepts o& AIS. .etrieved 2) October 2556 &rom %ttp288+++.uamont.edu8$acu"t'9eb8;ammett8ppt8AIS8c%12.ppt () Brad&ord, ,. 0166-). !%apter 62 !omputer !ontro"s &or Accounting In&ormation S'stems. .etrieved 2) October 2556 &rom %ttp288+++.cba.ua.edu8<jomason8ac3=683=6*!%56.ppt )) !rumb"e', >. 0166-). $orensic Accounting2 Strategies &or #etecting ? !ontro""ing $raud. .etrieved 2) October 2556 &rom %ttp288+++.bus."su.edu8accounting8&acu"t'8"crumb"e'8,a"a'sia@Spring2556@525(2556.p pt -) !rumb"e', >. 0166-). $orensic Accounting2 Strategies &or #etecting ? !ontro""ing $raud. .etrieved 2) October 2556 &rom %ttp288+++.bus."su.edu8accounting8&acu"t'8"crumb"e'8,a"a'sia@Spring2556@525(2556.p pt /) !rumb"e', >. 0166-). $orensic Accounting2 Strategies &or #etecting ? !ontro""ing $raud. .etrieved 2) October 2556 &rom %ttp288+++.bus."su.edu8accounting8&acu"t'8"crumb"e'8,a"a'sia@Spring2556@525(2556.p pt =) Brad&ord, ,. 0166-). !ore !oncepts o& AIS. .etrieved 2) October 2556 &rom %ttp288+++.uamont.edu8$acu"t'9eb8;ammett8ppt8AIS8c%12.ppt 6) e4as State Agenc' Interna" Audit $orum. 02556). Interna" !ontro" .e7uirements &or t%e American .ecover' and .einvestment Act 0A..A). .etrieved 2) October 2556 &rom %ttp288+++2.dir.state.t4.us8Site!o""ection#ocuments8SponsoredSites8StateAgenc'!oordi nating!ommittee8StateAgenc'Interna"Audit$orum0SAIA$)8Overvie+* Interna"!ontro"s5/*2/*56.ppt Zubaidah Abdul Rehman, 20020!0 Page 7 of 8 Information Technolog !ontrol" 15) Beas"e', :"der, ? Arens. 02512). %e Impact o& In&ormation ec%no"og' on t%e Audit Process. .etrieved 2) October 2556 &rom %ttp288+++.c+u.edu8<rub"em8acct@(-5Po+erpoint@&i"es8PPA25(-5A25!%12.ppt 11) Beas"e', :"der, ? Arens. 02512). %e Impact o& In&ormation ec%no"og' on t%e Audit Process. .etrieved 2) October 2556 &rom %ttp288+++.c+u.edu8<rub"em8acct@(-5Po+erpoint@&i"es8PPA25(-5A25!%12.ppt 12) Brad&ord, ,. 0166-). !%apter 62 !omputer !ontro"s &or Accounting In&ormation S'stems. .etrieved 2) October 2556 &rom %ttp288+++.cba.ua.edu8<jomason8ac3=683=6*!%56.ppt 13) Brad&ord, ,. 0166-). !%apter 62 !omputer !ontro"s &or Accounting In&ormation S'stems. .etrieved 2) October 2556 &rom %ttp288+++.cba.ua.edu8<jomason8ac3=683=6*!%56.ppt 1() Brad&ord, ,. 0166-). !%apter 62 !omputer !ontro"s &or Accounting In&ormation S'stems. .etrieved 2) October 2556 &rom %ttp288+++.cba.ua.edu8<jomason8ac3=683=6*!%56.ppt 1)) Brad&ord, ,. 0166-). !%apter 62 !omputer !ontro"s &or Accounting In&ormation S'stems. .etrieved 2) October 2556 &rom %ttp288+++.cba.ua.edu8<jomason8ac3=683=6*!%56.ppt 1-) Brad&ord, ,. 0166-). !%apter 62 !omputer !ontro"s &or Accounting In&ormation S'stems. .etrieved 2) October 2556 &rom %ttp288+++.cba.ua.edu8<jomason8ac3=683=6*!%56.ppt 1/) Brad&ord, ,. 0166-). !%apter 62 !omputer !ontro"s &or Accounting In&ormation S'stems. .etrieved 2) October 2556 &rom %ttp288+++.cba.ua.edu8<jomason8ac3=683=6*!%56.ppt 1=) Brad&ord, ,. 0166-). !ore !oncepts o& AIS. .etrieved 2) October 2556 &rom %ttp288+++.uamont.edu8$acu"t'9eb8;ammett8ppt8AIS8c%12.ppt Zubaidah Abdul Rehman, 20020!0 Page 8 of 8
In what ways might OD and Training collaborate to maximize the effectiveness of the strategy? What forces are currently operating that drive or act to restrain the new strategy? Which of those needs to change?
Given The Facts of The Case, What Would You Suggest As An HRD Strategy? Provide Specific Tactics That Can Be Used by HRD To Support The Competitive Strategy.
What Sources of Support and Residence Are Likely To Exist in Creating and Implementing The New HRPS? What Tactics Could Be Used To Reduce or Eliminate The Resistance?
Given The Strategy, How Can HR Be Supportive With Tactical Actions? What Type of Structure Should The Corporate HR Function Adopt To Match The Competitive Strategy?
How Would You Characterize The Fit Between MHC's Environment, Competitive Strategy, Structure, and Technology? Indicate Any Issues With This Fit That Might Influence The Success of The Strategy.