SlideShare a Scribd company logo

CONTROL AND AUDIT

Download as PPTX, PDF
Ros Dina
Ros Dina

An IT audit evaluates an organization's IT systems, management, operations, and related controls. IT audits are important to ensure systems are reliable, secure, and properly managed. They help reduce risks like data tampering, loss, and service disruptions. An IT control is a procedure or policy that provides reasonable assurance that IT operates as intended, data is reliable, and the organization complies with laws and regulations. Controls can be general IT controls or application controls.

Education
1 of 49
CONTROL AND AUDIT Oleh : ROSDINA 11353200777 Information System| UIN SUSKA RIAU
Auditing and Internal Control
What is an IT Audit? An Information Technology (IT) audit is an audit of an organisation’s IT systems, management, operations and related processes. An IT audit may be carried out in connection with a financial regularity audit or selective audit. As the records, services and operations of many organisations are often highly computerised, there is a need to evaluate the IT controls in the course of an audit of these organisations.
Type of Audit
Why is IT Audit important? Many organisations are spending large amounts of money on IT because they recognise the tremendous benefits that IT can bring to their operations and services. However, they need to ensure that their IT systems are reliable, secure and not vulnerable to computer attacks.
IT audit is important because it gives assurance that the IT systems are adequately protected, provide reliable information to users and properly managed to achieve their intended benefits. Many users rely on IT without knowing how the computers work. A computer error could be repeated indefinitely, causing more extensive damage than a human mistake. IT audit could also help to reduce risks of data tampering, data loss or leakage, service disruption, and poor management of IT systems
An IT control is a procedure or policy that provides a reasonable assurance that the information technology (IT) used by an organization operates as intended, that data is reliable and that the organization is in compliance with applicable laws and regulations. IT Controls can be categorized as either general controls (ITGC) or application controls (ITAC).
Generally Accepted Auditing Standards General Standards Standards of Field Work Reporting Standards 1. The auditor must have adequate technical training and proficiency. 1. Audit work must be adequately planned. 1. The auditor must state in the report whether financial statements were prepared in accordance with generally accepted accounting principles. 2. The auditor must have independence of mental attitude. 2. The auditor must gain a sufficient understanding of the internal control structure. 2. The report must identify those circumstances in which generally accepted accounting principles were not applied. 3. The auditor must exercise due professional care in the performance of the audit and the preparation of the report. 3. The auditor must obtain sufficient, competent evidence. 3. The report must identify any items that do not have adequate informative disclosures.
Internal Control Internal control is a process designed to provide reasonable assurance regarding the achievement of objectives in the following areas: Effectiveness and efficiency of operations Reliability of financial reporting Compliance with applicable laws and regulations Safeguarding assets
Examples of Internal Control Think about what you do….. Lock your home and vehicle. Keep your ATM/debit card pin number separate from your card. Expect your children to ask permission before they can do certain things. Don’t leave blank checks or cash just lying around. Review bills and credit card statements before paying them. Reconcile your bank statement.
External vs. Internal Auditors External auditors represent outsiders while internal auditors represent organization’s interests. Internal auditors often cooperate with and assist external auditors in some aspects of financial audits. Extent of cooperation depends upon the independence and competence of the internal audit staff. External auditors can rely in part on evidence gathered by internal audit departments that are organizationally independent and report to the board of directors’ audit committee.
Internal Control 1. Preventive Control 2. Detective Control 3. Corrective Control Internal controls implemented three important functions. Broadly speaking, be explained that these three functions are mutually supportive so that existing systems obtain maximum results for the company. The function of the internal control are as follows:
Training on applicable policies, department policy/procedures; Review and approval process for purchase requisitions to make sure they are appropriate before the purchase; IT access authorizations to ensure access is appropriate; The use of passwords to stop unauthorized access to systems/applications; 1. Preventive Control Controlling for the prevention function is to prevent a problem before the problem arises. Employing highly qualified accounting personnel, employees of adequate segregation of duties, and effectively controlling physical access of the assets, facilities and information, an effective prevention control. Examples of Preventive Controls:
Cash counts; bank reconciliation; Review your payroll reports; Compare transactions on reports to source documents; Monitor actual expenditures against budget; Review logs for evidence of mischief; 2. Detective Control Needed to uncover the problem so the problem arose. An example of a detective control is the examination copies of calculations, prepare bank reconciliations and balance sheet every month. Examples of Detective Controls:
Submit corrective journal entries after discovering an error; Complete changes to IT access lists if individual’s role changes; 3. Corrective Control Serves to solve the problems found in the preventive and detective controls. These controls include procedures that are performed to identify the cause of the problem, fix errors or difficulties that have arisen, and change the system so that future problems can be minimized or eliminated. Examples of Corrective Controls:
Internal Control Pyramid Sumber : The Institute of Internal Auditors (IIA) Topeka Chapter, 2009
Risk is Anything that could negatively impact the organization’s ability to meet it’s operational objectives. The purpose behind controls Fraud is a common risk that should not be ignored. The incidence of fraud is now so common that its occurrence is no longer remarkable, only its scale.
Cause of Fraud Sumber : The Institute of Internal Auditors (IIA) Topeka Chapter, 2009
How to Mitigate Risk and Fraud Sumber : The Institute of Internal Auditors (IIA) Topeka Chapter, 2009
Purpose Of Control A system of internal control is necessary to help employees and other partners understand the attitude and objectives of the organization as a whole. Internal controls provide reasonable assurance to customers and other parties that transactions are recorded properly and in a timely manner. For instance, many consumers have a favorite store because the business is known for providing quality service in a timely manner. In other words, consumers choose to patronize businesses that have good systems of internal control.
Auditing Operating Systems and Networks
Operating Systems Security Log-On Procedure: First line of defense against unauthorized access consisting of user IDs and passwords. Access Token: Contains key information about the user which is used to approve actions attempted during the session. Access Control List: Assigned to each IT resource and used to control access to the resource. Discretionary Access Privileges: Allows user to grant access to another user.
Operating Systems Controls Access Privileges Verify that access privileges are consistent with separation of incompatible functions and organization policies. Viruses & Destructive Programs Verify effectiveness of procedures to protect against programs such as viruses, worms, back doors, logic bombs, and Trojan horses. Password Control Ensure adequacy and effectiveness of password policies for controlling access to the operating system.
Threats 1. Subversive Verify security and integrity of financial transactions. 2. Determine network controls (1) can prevent and detect illegal access; (2) will render captured data useless; and (3) are sufficient to preserve integrity and security of data.
Network Control Purpose of network control is to:  Establish communications sessions.  Manage the flow of data across the network.  Detect and resolve data collisions between nodes.  Detect line failure of signal degeneration errors  Two or more signals transmitted simultaneously will result in data collision which destroys messages.  Polling most popular technique for establishing a communication session in WANs.  Token passing involves transmitting special signal around the network. Only the node processing the token is allowed to transmit data.
Auditing Database Systems
Database Approach Access to the data resource is controlled by a database management system (DBMS). Centralizes organization’s data into a common database shared by the user community. All users have access to data they need which may overcome flat-file problems. 1. Elimination of data storage problem: No data redundancy. 2. Elimination of data updating problem: Single update procedure eliminates currency of information problem. 3. Elimination of task-data dependency problem: Users only constrained by legitimacy of access needs.
Audit Procedures for Testing Database Access Controls Backup policy should balance inconvenience of frequent activity against business disruption caused by system failure. Verify that automatic backup procedures are in place and functioning and that copies of the database are stored off-site. Verify backups are performed routinely and frequently.
The Systems Development Life Cycle
What is the SDLC: When developing a new information system, there are many, many steps that must be followed. The systems development life cycle (SDLC) is an attempt to structure these steps. From the perspective of a definition, the SDLC is a structured step- by-step approach for developing information systems. When developing a system, there are three primary choices you will make very early in the process:  Insourcing is how much will be done by your own IT specialists.  Selfsourcing is how much can be done by the end-users.  Outsourcing is how much will be done by a third-party outside the organization.
Phase 1: Planning: The planning phase of the SDLC involves determining a solid plan for developing your information system. A project manager is an individual who is an expert in project planning and management, defines and develops the project plan, and tracks the plan to ensure all key project milestones are completed on time.
• Define the system to be developed. • Identify and select the system for development or determine which system is required to support the strategic goals of your organization. • Set the project scope. • The project scope clearly defines the high-level system requirements and is the most basic definition of the system. • Define the project plan. • The project plan defines the what, when, and who questions of systems development activities including all activities to be performed, the individuals, or resources, who will perform the activities, and the time required to complete each activity. Three primary activities:
Phase 2: Analysis: The analysis phase of the SDLC involves end users and IT specialists working together to gather, understand, and document the business requirements for the proposed system. The primary activity of this phase is to gather business requirements. Business requirements are the detailed set of knowledge worker requests that the system must meet to be successful. One task to gather business requirements is to perform a joint application development (JAD) session, knowledge workers and IT specialists meet to define and review business requirements. Once all the business requirements are defined, the end-users sign off on them indicating that they approve of all the business requirements.
Phase 3: Design: The primary goal of the design phase is to build a technical blueprint of how the proposed system will work. Your point of view changes from a business perspective to a technical or physical perspective. The technical architecture defines the hardware, software, and telecommunications equipment to run the system. Modeling is the activity of drawing a graphical representation of the design.
Phase 4: Development: During the development phase of the SDLC, you take all your detailed design documents from the design phase and transform them into an actual system. In this phase, you build your technical architecture by buying and setting up the technical architecture during the design phase. Secondly, you create databases and write any necessary software programs. Computer technology advances very rapidly. Sometimes, systems can take several months to develop and the available technologies may change often.
Phase 5: Testing: The testing phase of the SDLC verifies that the system works and meets all the business requirements defined in the analysis phase. First, you develop detailed test conditions, which are the detailed steps the system must perform along with the expected results of each step. Secondly, you actually perform the test. It is important that you do not skip any steps.
Phase 6: Implementation: During the implementation phase of the SDLC, you distribute the system to all the knowledge workers and they begin using the system to perform their everyday jobs. First, you will provide user documentation to the knowledge workers which explain how to use the system. Secondly, provide training for the knowledge workers. You must ensure that all of the knowledge workers have the required training to use the system correctly.
Phase 7: Maintenance: During the maintenance phase of the SDLC, you monitor and support the new system to ensure it continues to meet the business goals. First, you will need to create a help desk to answer your worker’s questions. Secondly, you will need to change the system as your business changes.
Controlling and Auditing the SDLC System planning and analysis. Conceptual system design impacts auditability. Economic feasibility needs to be measured accurately. Systems implementation. Provide technical expertise with regard to accounting rules. Specify documentation standards. Verify control adequacy and compliance with SOX.
A Financial Transaction is..?? An economic event that affects the assets and equities of the firm, is reflected in its accounts, and is measured in monetary terms. Similar types of transactions are grouped together into three transaction cycles:  the expenditure cycle.  the conversion cycle.  the revenue cycle.
A transaction is an agreement between two entities to exchange goods or services OR any other event that can be measured in economic terms by an organization. Example: Sell goods to customers; depreciate equipment. The transaction cycle is a process that begins with capturing data about a transaction and ends with an information output, such as a set of financial statements.
Many business activities are paired in give-get exchanges. The basic exchanges can be grouped into five major transaction cycles. Revenue cycle—Interactions with customers. Give goods; get cash. Expenditure cycle—Interactions with suppliers. Give cash; get goods. Production cycle—Give labor and raw materials; get finished product. Human resources Management/payroll cycle—Give cash; get labor. Financing cycle—Give cash; get cash.
Auditing the Revenue Cycle Thousands of transactions can occur within any of these cycles, but there are relatively few types of transactions in a cycle. Every transaction cycle relates to other cycles and interfaces with the general ledger and reporting system, which generates information for management and external parties. The revenue cycle gets finished goods from the production cycle; provides funds to the financing cycle; and provides data to the general ledger and reporting system.
Auditing the Expenditure Cycle The expenditure cycle gets funds from the financing cycle; provides raw materials to the production cycle; and provides data to the general ledger and reporting system. The production cycle, Gets raw materials from the expenditure cycle; gets labor from the HR/payroll cycle; provides finished goods to the revenue cycle; and provides data to the general ledger and reporting system.
The HR/payroll cycle gets funds from the financing cycle; provides labor to the production cycle; and provides data to the general ledger and reporting system. The financing cycle gets funds from the revenue cycle; provides funds to the expenditure and HR/payroll cycles; and provides data to the general ledger and reporting system. The general ledger and reporting system gets data from all of the cycles and provides information for internal and external users.
Many Accounting software packages implement the different transaction cycles as separate modules. Not every module is needed in every organization, e.g., retail companies don’t have a production cycle. Some companies may need extra modules. So the implementation of each transaction cycle can differ significantly across companies. However the cycles are implemented, it is critical that the AIS be able to accommodate the information needs of managers and integrate financial and non-financial data.
Sumber : www.ago.gov.sg
Thank You… Thank You for Your Attention

Recommended

Internal audit ppt
Internal audit pptInternal audit ppt
Internal audit ppt
Ibrahim Jimalle
 
Auditing In Computer Environment Presentation
Auditing In Computer Environment PresentationAuditing In Computer Environment Presentation
Auditing In Computer Environment Presentation
EMAC Consulting Group
 
Internal Financial Controls
Internal Financial ControlsInternal Financial Controls
Internal Financial Controls
tarunmallappa
 
Control and Audit Information System
Control and Audit Information SystemControl and Audit Information System
Control and Audit Information System
arif prasetyo
 
Internal Audit Methodology
Internal Audit MethodologyInternal Audit Methodology
Internal Audit Methodology
Manoj Agarwal
 
Internal audit ppt
Internal audit pptInternal audit ppt
Internal audit ppt
Letzconsult.com
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance
BOC Group
 
Internal Control
Internal ControlInternal Control
Internal Control
Salih Islam
 

Recommended

Internal audit ppt
Internal audit pptInternal audit ppt
Internal audit ppt
Ibrahim Jimalle
 
Auditing In Computer Environment Presentation
Auditing In Computer Environment PresentationAuditing In Computer Environment Presentation
Auditing In Computer Environment Presentation
EMAC Consulting Group
 
Internal Financial Controls
Internal Financial ControlsInternal Financial Controls
Internal Financial Controls
tarunmallappa
 
Control and Audit Information System
Control and Audit Information SystemControl and Audit Information System
Control and Audit Information System
arif prasetyo
 
Internal Audit Methodology
Internal Audit MethodologyInternal Audit Methodology
Internal Audit Methodology
Manoj Agarwal
 
Internal audit ppt
Internal audit pptInternal audit ppt
Internal audit ppt
Letzconsult.com
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance
BOC Group
 
Internal Control
Internal ControlInternal Control
Internal Control
Salih Islam
 
Standards of Internal Audit
Standards of Internal AuditStandards of Internal Audit
Standards of Internal Audit
Karan Puri
 
Model i best practice evaluation worksheet for ia
Model i best practice evaluation worksheet for iaModel i best practice evaluation worksheet for ia
Model i best practice evaluation worksheet for ia
Rajeswaran Muthu Venkatachalam
 
Risk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling TechniquesRisk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling Techniques
Manoj Agarwal
 
The Internal Audit Framework
The Internal Audit FrameworkThe Internal Audit Framework
The Internal Audit Framework
Ahmad Tariq Bhatti
 
IT Governance
IT GovernanceIT Governance
IT Governance
Carlos Chalico
 
Introduction to internal auditing
Introduction to internal auditingIntroduction to internal auditing
Introduction to internal auditing
David Griffiths
 
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesThird-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Corporater
 
IT Governance & ISO 38500
IT Governance & ISO 38500IT Governance & ISO 38500
IT Governance & ISO 38500
Ramiro Cid
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)
Hendri Eka Saputra
 
Internal audit
Internal auditInternal audit
Internal auditRahul Mithia
 
Internal Audit COSO Framework
Internal Audit COSO FrameworkInternal Audit COSO Framework
Internal Audit COSO Framework
Jesús Gándara
 
Common internal audit findings & how to avoid them
Common internal audit findings & how to avoid themCommon internal audit findings & how to avoid them
Common internal audit findings & how to avoid them
Surajit Datta
 
The role of internal audit department
The role of internal audit departmentThe role of internal audit department
The role of internal audit department
Salih Islam
 
Ch 9. Internal Audit
Ch 9. Internal AuditCh 9. Internal Audit
Ch 9. Internal Audit
Sazzad Hossain, ITP, MBA, CSCA™
 
Leveraging ISO 31000 for Effective Integration of Risk Management and Interna...
Leveraging ISO 31000 for Effective Integration of Risk Management and Interna...Leveraging ISO 31000 for Effective Integration of Risk Management and Interna...
Leveraging ISO 31000 for Effective Integration of Risk Management and Interna...
International Federation of Accountants
 
Internal controls
Internal controlsInternal controls
Internal controls
Geetali Tare
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit Club
Kaushal Trivedi
 
Internal Audit
Internal AuditInternal Audit
Internal Audit
Ahmad Tariq Bhatti
 
Internal audit report writing.pdf
Internal audit report writing.pdfInternal audit report writing.pdf
Internal audit report writing.pdf
kavyashree k
 
IT General Controls
IT General ControlsIT General Controls
IT General Controls
Cicero Ray Rufino
 
Inventory and manufacturing system migration - case study
Inventory and manufacturing system migration - case studyInventory and manufacturing system migration - case study
Inventory and manufacturing system migration - case study
Atul Singla
 
Business Intelligence Data Warehouse System
Business Intelligence Data Warehouse SystemBusiness Intelligence Data Warehouse System
Business Intelligence Data Warehouse System
Kiran kumar
 

More Related Content

What's hot

Standards of Internal Audit
Standards of Internal AuditStandards of Internal Audit
Standards of Internal Audit
Karan Puri
 
Model i best practice evaluation worksheet for ia
Model i best practice evaluation worksheet for iaModel i best practice evaluation worksheet for ia
Model i best practice evaluation worksheet for ia
Rajeswaran Muthu Venkatachalam
 
Risk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling TechniquesRisk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling Techniques
Manoj Agarwal
 
The Internal Audit Framework
The Internal Audit FrameworkThe Internal Audit Framework
The Internal Audit Framework
Ahmad Tariq Bhatti
 
IT Governance
IT GovernanceIT Governance
IT Governance
Carlos Chalico
 
Introduction to internal auditing
Introduction to internal auditingIntroduction to internal auditing
Introduction to internal auditing
David Griffiths
 
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesThird-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Corporater
 
IT Governance & ISO 38500
IT Governance & ISO 38500IT Governance & ISO 38500
IT Governance & ISO 38500
Ramiro Cid
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)
Hendri Eka Saputra
 
Internal Audit COSO Framework
Internal Audit COSO FrameworkInternal Audit COSO Framework
Internal Audit COSO Framework
Jesús Gándara
 
Common internal audit findings & how to avoid them
Common internal audit findings & how to avoid themCommon internal audit findings & how to avoid them
Common internal audit findings & how to avoid them
Surajit Datta
 
The role of internal audit department
The role of internal audit departmentThe role of internal audit department
The role of internal audit department
Salih Islam
 
Ch 9. Internal Audit
Ch 9. Internal AuditCh 9. Internal Audit
Ch 9. Internal Audit
Sazzad Hossain, ITP, MBA, CSCA™
 
Leveraging ISO 31000 for Effective Integration of Risk Management and Interna...
Leveraging ISO 31000 for Effective Integration of Risk Management and Interna...Leveraging ISO 31000 for Effective Integration of Risk Management and Interna...
Leveraging ISO 31000 for Effective Integration of Risk Management and Interna...
International Federation of Accountants
 
Internal controls
Internal controlsInternal controls
Internal controls
Geetali Tare
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit Club
Kaushal Trivedi
 
Internal Audit
Internal AuditInternal Audit
Internal Audit
Ahmad Tariq Bhatti
 
Internal audit report writing.pdf
Internal audit report writing.pdfInternal audit report writing.pdf
Internal audit report writing.pdf
kavyashree k
 
IT General Controls
IT General ControlsIT General Controls
IT General Controls
Cicero Ray Rufino
 

What's hot (20)

Standards of Internal Audit
Standards of Internal AuditStandards of Internal Audit
Standards of Internal Audit
 
Model i best practice evaluation worksheet for ia
Model i best practice evaluation worksheet for iaModel i best practice evaluation worksheet for ia
Model i best practice evaluation worksheet for ia
 
Risk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling TechniquesRisk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling Techniques
 
The Internal Audit Framework
The Internal Audit FrameworkThe Internal Audit Framework
The Internal Audit Framework
 
IT Governance
IT GovernanceIT Governance
IT Governance
 
Introduction to internal auditing
Introduction to internal auditingIntroduction to internal auditing
Introduction to internal auditing
 
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesThird-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
 
IT Governance & ISO 38500
IT Governance & ISO 38500IT Governance & ISO 38500
IT Governance & ISO 38500
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)
 
Internal audit
Internal auditInternal audit
Internal audit
 
Internal Audit COSO Framework
Internal Audit COSO FrameworkInternal Audit COSO Framework
Internal Audit COSO Framework
 
Common internal audit findings & how to avoid them
Common internal audit findings & how to avoid themCommon internal audit findings & how to avoid them
Common internal audit findings & how to avoid them
 
The role of internal audit department
The role of internal audit departmentThe role of internal audit department
The role of internal audit department
 
Ch 9. Internal Audit
Ch 9. Internal AuditCh 9. Internal Audit
Ch 9. Internal Audit
 
Leveraging ISO 31000 for Effective Integration of Risk Management and Interna...
Leveraging ISO 31000 for Effective Integration of Risk Management and Interna...Leveraging ISO 31000 for Effective Integration of Risk Management and Interna...
Leveraging ISO 31000 for Effective Integration of Risk Management and Interna...
 
Internal controls
Internal controlsInternal controls
Internal controls
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit Club
 
Internal Audit
Internal AuditInternal Audit
Internal Audit
 
Internal audit report writing.pdf
Internal audit report writing.pdfInternal audit report writing.pdf
Internal audit report writing.pdf
 
IT General Controls
IT General ControlsIT General Controls
IT General Controls
 

Viewers also liked

Inventory and manufacturing system migration - case study
Inventory and manufacturing system migration - case studyInventory and manufacturing system migration - case study
Inventory and manufacturing system migration - case study
Atul Singla
 
Business Intelligence Data Warehouse System
Business Intelligence Data Warehouse SystemBusiness Intelligence Data Warehouse System
Business Intelligence Data Warehouse System
Kiran kumar
 
Inventory & Manufacturing System Employing E-Business Suite
Inventory & Manufacturing System Employing E-Business SuiteInventory & Manufacturing System Employing E-Business Suite
Inventory & Manufacturing System Employing E-Business SuiteMd. Moktarul Islam
 
Computer Based Ordering System
Computer Based Ordering SystemComputer Based Ordering System
Computer Based Ordering System
Anna Catrina Cosejo
 
Procurement And Materials Management
Procurement And Materials ManagementProcurement And Materials Management
Procurement And Materials Management
pakreiki
 
Warehouse Management System
Warehouse Management SystemWarehouse Management System
Warehouse Management SystemRRChandran
 
Inventory system
Inventory systemInventory system
Inventory systemsai prakash
 
Top 10 Procurement KPI\'s
Top 10 Procurement KPI\'sTop 10 Procurement KPI\'s
Top 10 Procurement KPI\'samberkar
 
Managing warehouse operations. How to manage and run warehouse operations by ...
Managing warehouse operations. How to manage and run warehouse operations by ...Managing warehouse operations. How to manage and run warehouse operations by ...
Managing warehouse operations. How to manage and run warehouse operations by ...
Omar Youssef
 
Connecting With the Disconnected
Connecting With the DisconnectedConnecting With the Disconnected
Connecting With the Disconnected
Chris Wejr
 

Viewers also liked (11)

Inventory and manufacturing system migration - case study
Inventory and manufacturing system migration - case studyInventory and manufacturing system migration - case study
Inventory and manufacturing system migration - case study
 
Business Intelligence Data Warehouse System
Business Intelligence Data Warehouse SystemBusiness Intelligence Data Warehouse System
Business Intelligence Data Warehouse System
 
Inventory & Manufacturing System Employing E-Business Suite
Inventory & Manufacturing System Employing E-Business SuiteInventory & Manufacturing System Employing E-Business Suite
Inventory & Manufacturing System Employing E-Business Suite
 
Mrp 1
Mrp 1Mrp 1
Mrp 1
 
Computer Based Ordering System
Computer Based Ordering SystemComputer Based Ordering System
Computer Based Ordering System
 
Procurement And Materials Management
Procurement And Materials ManagementProcurement And Materials Management
Procurement And Materials Management
 
Warehouse Management System
Warehouse Management SystemWarehouse Management System
Warehouse Management System
 
Inventory system
Inventory systemInventory system
Inventory system
 
Top 10 Procurement KPI\'s
Top 10 Procurement KPI\'sTop 10 Procurement KPI\'s
Top 10 Procurement KPI\'s
 
Managing warehouse operations. How to manage and run warehouse operations by ...
Managing warehouse operations. How to manage and run warehouse operations by ...Managing warehouse operations. How to manage and run warehouse operations by ...
Managing warehouse operations. How to manage and run warehouse operations by ...
 
Connecting With the Disconnected
Connecting With the DisconnectedConnecting With the Disconnected
Connecting With the Disconnected
 

Similar to CONTROL AND AUDIT

Overview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptxOverview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptx
JoshJaro
 
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
Muhammad Azmy
 
Information systems and its components iii
Information systems and its components iiiInformation systems and its components iii
Information systems and its components iii
Ashish Desai
 
𝐇𝐨𝐰 𝐭𝐨 𝐁𝐞𝐜𝐨𝐦𝐞 𝐚𝐧 𝐈𝐓 𝐀𝐮𝐝𝐢𝐭𝐨𝐫: 𝐀 𝐒𝐭𝐞𝐩-𝐛𝐲-𝐒𝐭𝐞𝐩 𝐆𝐮𝐢𝐝𝐞
𝐇𝐨𝐰 𝐭𝐨 𝐁𝐞𝐜𝐨𝐦𝐞 𝐚𝐧 𝐈𝐓 𝐀𝐮𝐝𝐢𝐭𝐨𝐫: 𝐀 𝐒𝐭𝐞𝐩-𝐛𝐲-𝐒𝐭𝐞𝐩 𝐆𝐮𝐢𝐝𝐞𝐇𝐨𝐰 𝐭𝐨 𝐁𝐞𝐜𝐨𝐦𝐞 𝐚𝐧 𝐈𝐓 𝐀𝐮𝐝𝐢𝐭𝐨𝐫: 𝐀 𝐒𝐭𝐞𝐩-𝐛𝐲-𝐒𝐭𝐞𝐩 𝐆𝐮𝐢𝐝𝐞
𝐇𝐨𝐰 𝐭𝐨 𝐁𝐞𝐜𝐨𝐦𝐞 𝐚𝐧 𝐈𝐓 𝐀𝐮𝐝𝐢𝐭𝐨𝐫: 𝐀 𝐒𝐭𝐞𝐩-𝐛𝐲-𝐒𝐭𝐞𝐩 𝐆𝐮𝐢𝐝𝐞
Infosec train
 
𝐇𝐨𝐰 𝐭𝐨 𝐁𝐞𝐜𝐨𝐦𝐞 𝐚𝐧 𝐈𝐓 𝐀𝐮𝐝𝐢𝐭𝐨𝐫: 𝐀 𝐒𝐭𝐞𝐩-𝐛𝐲-𝐒𝐭𝐞𝐩 𝐆𝐮𝐢𝐝𝐞
𝐇𝐨𝐰 𝐭𝐨 𝐁𝐞𝐜𝐨𝐦𝐞 𝐚𝐧 𝐈𝐓 𝐀𝐮𝐝𝐢𝐭𝐨𝐫: 𝐀 𝐒𝐭𝐞𝐩-𝐛𝐲-𝐒𝐭𝐞𝐩 𝐆𝐮𝐢𝐝𝐞𝐇𝐨𝐰 𝐭𝐨 𝐁𝐞𝐜𝐨𝐦𝐞 𝐚𝐧 𝐈𝐓 𝐀𝐮𝐝𝐢𝐭𝐨𝐫: 𝐀 𝐒𝐭𝐞𝐩-𝐛𝐲-𝐒𝐭𝐞𝐩 𝐆𝐮𝐢𝐝𝐞
𝐇𝐨𝐰 𝐭𝐨 𝐁𝐞𝐜𝐨𝐦𝐞 𝐚𝐧 𝐈𝐓 𝐀𝐮𝐝𝐢𝐭𝐨𝐫: 𝐀 𝐒𝐭𝐞𝐩-𝐛𝐲-𝐒𝐭𝐞𝐩 𝐆𝐮𝐢𝐝𝐞
priyanshamadhwal2
 
How to Become an IT Auditor.: A Step-by-Step Guide
How to Become an IT Auditor.: A Step-by-Step GuideHow to Become an IT Auditor.: A Step-by-Step Guide
How to Become an IT Auditor.: A Step-by-Step Guide
infosecTrain
 
CAAT ppt.pptx (Computer Asstt. Technique)
CAAT ppt.pptx (Computer Asstt. Technique)CAAT ppt.pptx (Computer Asstt. Technique)
CAAT ppt.pptx (Computer Asstt. Technique)
rkhasua004
 
Audit presentation
Audit presentationAudit presentation
Audit presentation
Metafrique group
 
Core Areas of a CA- Interlinked with computers
Core Areas of a CA- Interlinked with computersCore Areas of a CA- Interlinked with computers
Core Areas of a CA- Interlinked with computersShikha Gupta
 
Computerized Environment
Computerized EnvironmentComputerized Environment
Computerized Environment
VadivelM9
 
ETHICS FRAUD AND INTERNAL CONTROL AND AUDITING COMPUTERIZED FINANCIAL SYSSTEM...
ETHICS FRAUD AND INTERNAL CONTROL AND AUDITING COMPUTERIZED FINANCIAL SYSSTEM...ETHICS FRAUD AND INTERNAL CONTROL AND AUDITING COMPUTERIZED FINANCIAL SYSSTEM...
ETHICS FRAUD AND INTERNAL CONTROL AND AUDITING COMPUTERIZED FINANCIAL SYSSTEM...
PascalOtieno
 
Information 2nd lesson
Information 2nd lessonInformation 2nd lesson
Information 2nd lesson
Anne ndolo
 
Auditing concept
Auditing conceptAuditing concept
Auditing concept
Ganesh Sharma
 
Chapter 6
Chapter 6Chapter 6
Chapter 6
Nur Dalila Zamri
 
Information systems and its components ii
Information systems and its components iiInformation systems and its components ii
Information systems and its components ii
Ashish Desai
 
Tugas control & audit sistem informasi
Tugas control & audit sistem informasiTugas control & audit sistem informasi
Tugas control & audit sistem informasi
Nur Fatrianti
 
Value-added it auditing
Value-added it auditingValue-added it auditing
Value-added it auditing
Marc Vael
 

Similar to CONTROL AND AUDIT (20)

Overview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptxOverview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptx
 
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
 
Information systems and its components iii
Information systems and its components iiiInformation systems and its components iii
Information systems and its components iii
 
𝐇𝐨𝐰 𝐭𝐨 𝐁𝐞𝐜𝐨𝐦𝐞 𝐚𝐧 𝐈𝐓 𝐀𝐮𝐝𝐢𝐭𝐨𝐫: 𝐀 𝐒𝐭𝐞𝐩-𝐛𝐲-𝐒𝐭𝐞𝐩 𝐆𝐮𝐢𝐝𝐞
𝐇𝐨𝐰 𝐭𝐨 𝐁𝐞𝐜𝐨𝐦𝐞 𝐚𝐧 𝐈𝐓 𝐀𝐮𝐝𝐢𝐭𝐨𝐫: 𝐀 𝐒𝐭𝐞𝐩-𝐛𝐲-𝐒𝐭𝐞𝐩 𝐆𝐮𝐢𝐝𝐞𝐇𝐨𝐰 𝐭𝐨 𝐁𝐞𝐜𝐨𝐦𝐞 𝐚𝐧 𝐈𝐓 𝐀𝐮𝐝𝐢𝐭𝐨𝐫: 𝐀 𝐒𝐭𝐞𝐩-𝐛𝐲-𝐒𝐭𝐞𝐩 𝐆𝐮𝐢𝐝𝐞
𝐇𝐨𝐰 𝐭𝐨 𝐁𝐞𝐜𝐨𝐦𝐞 𝐚𝐧 𝐈𝐓 𝐀𝐮𝐝𝐢𝐭𝐨𝐫: 𝐀 𝐒𝐭𝐞𝐩-𝐛𝐲-𝐒𝐭𝐞𝐩 𝐆𝐮𝐢𝐝𝐞
 
𝐇𝐨𝐰 𝐭𝐨 𝐁𝐞𝐜𝐨𝐦𝐞 𝐚𝐧 𝐈𝐓 𝐀𝐮𝐝𝐢𝐭𝐨𝐫: 𝐀 𝐒𝐭𝐞𝐩-𝐛𝐲-𝐒𝐭𝐞𝐩 𝐆𝐮𝐢𝐝𝐞
𝐇𝐨𝐰 𝐭𝐨 𝐁𝐞𝐜𝐨𝐦𝐞 𝐚𝐧 𝐈𝐓 𝐀𝐮𝐝𝐢𝐭𝐨𝐫: 𝐀 𝐒𝐭𝐞𝐩-𝐛𝐲-𝐒𝐭𝐞𝐩 𝐆𝐮𝐢𝐝𝐞𝐇𝐨𝐰 𝐭𝐨 𝐁𝐞𝐜𝐨𝐦𝐞 𝐚𝐧 𝐈𝐓 𝐀𝐮𝐝𝐢𝐭𝐨𝐫: 𝐀 𝐒𝐭𝐞𝐩-𝐛𝐲-𝐒𝐭𝐞𝐩 𝐆𝐮𝐢𝐝𝐞
𝐇𝐨𝐰 𝐭𝐨 𝐁𝐞𝐜𝐨𝐦𝐞 𝐚𝐧 𝐈𝐓 𝐀𝐮𝐝𝐢𝐭𝐨𝐫: 𝐀 𝐒𝐭𝐞𝐩-𝐛𝐲-𝐒𝐭𝐞𝐩 𝐆𝐮𝐢𝐝𝐞
 
How to Become an IT Auditor.: A Step-by-Step Guide
How to Become an IT Auditor.: A Step-by-Step GuideHow to Become an IT Auditor.: A Step-by-Step Guide
How to Become an IT Auditor.: A Step-by-Step Guide
 
CAAT ppt.pptx (Computer Asstt. Technique)
CAAT ppt.pptx (Computer Asstt. Technique)CAAT ppt.pptx (Computer Asstt. Technique)
CAAT ppt.pptx (Computer Asstt. Technique)
 
Audit presentation
Audit presentationAudit presentation
Audit presentation
 
Core Areas of a CA- Interlinked with computers
Core Areas of a CA- Interlinked with computersCore Areas of a CA- Interlinked with computers
Core Areas of a CA- Interlinked with computers
 
Bankauditin it env
Bankauditin it envBankauditin it env
Bankauditin it env
 
Computerized Environment
Computerized EnvironmentComputerized Environment
Computerized Environment
 
bankauditinITEnv
bankauditinITEnvbankauditinITEnv
bankauditinITEnv
 
bankauditinITEnv
bankauditinITEnvbankauditinITEnv
bankauditinITEnv
 
ETHICS FRAUD AND INTERNAL CONTROL AND AUDITING COMPUTERIZED FINANCIAL SYSSTEM...
ETHICS FRAUD AND INTERNAL CONTROL AND AUDITING COMPUTERIZED FINANCIAL SYSSTEM...ETHICS FRAUD AND INTERNAL CONTROL AND AUDITING COMPUTERIZED FINANCIAL SYSSTEM...
ETHICS FRAUD AND INTERNAL CONTROL AND AUDITING COMPUTERIZED FINANCIAL SYSSTEM...
 
Information 2nd lesson
Information 2nd lessonInformation 2nd lesson
Information 2nd lesson
 
Auditing concept
Auditing conceptAuditing concept
Auditing concept
 
Chapter 6
Chapter 6Chapter 6
Chapter 6
 
Information systems and its components ii
Information systems and its components iiInformation systems and its components ii
Information systems and its components ii
 
Tugas control & audit sistem informasi
Tugas control & audit sistem informasiTugas control & audit sistem informasi
Tugas control & audit sistem informasi
 
Value-added it auditing
Value-added it auditingValue-added it auditing
Value-added it auditing
 

Recently uploaded

PIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf IslamabadPIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf Islamabad
AyyanKhan40
 
CACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdfCACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdf
camakaiclarkmusic
 
Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
David Douglas School District
 
Lapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdfLapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdf
Jean Carlos Nunes Paixão
 
"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
SACHIN R KONDAGURI
 
MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...
MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...
MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...
NelTorrente
 
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptxChapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
Mohd Adib Abd Muin, Senior Lecturer at Universiti Utara Malaysia
 
DRUGS AND ITS classification slide share
DRUGS AND ITS classification slide shareDRUGS AND ITS classification slide share
DRUGS AND ITS classification slide share
taiba qazi
 
RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3
RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3
RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3
IreneSebastianRueco1
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
Levi Shapiro
 
A Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in EducationA Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in Education
Peter Windle
 
World environment day ppt For 5 June 2024
World environment day ppt For 5 June 2024World environment day ppt For 5 June 2024
World environment day ppt For 5 June 2024
ak6969907
 
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdfMASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
goswamiyash170123
 
Introduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp NetworkIntroduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp Network
TechSoup
 
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
Nguyen Thanh Tu Collection
 
The basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptxThe basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptx
heathfieldcps1
 
Executive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
Executive Directors Chat Leveraging AI for Diversity, Equity, and InclusionExecutive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
Executive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
TechSoup
 
Digital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental DesignDigital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental Design
amberjdewit93
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
EugeneSaldivar
 
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Dr. Vinod Kumar Kanvaria
 

Recently uploaded (20)

PIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf IslamabadPIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf Islamabad
 
CACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdfCACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdf
 
Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
 
Lapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdfLapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdf
 
"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
 
MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...
MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...
MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...
 
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptxChapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
 
DRUGS AND ITS classification slide share
DRUGS AND ITS classification slide shareDRUGS AND ITS classification slide share
DRUGS AND ITS classification slide share
 
RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3
RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3
RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
 
A Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in EducationA Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in Education
 
World environment day ppt For 5 June 2024
World environment day ppt For 5 June 2024World environment day ppt For 5 June 2024
World environment day ppt For 5 June 2024
 
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdfMASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
 
Introduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp NetworkIntroduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp Network
 
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
 
The basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptxThe basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptx
 
Executive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
Executive Directors Chat Leveraging AI for Diversity, Equity, and InclusionExecutive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
Executive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
 
Digital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental DesignDigital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental Design
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
 
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
 

CONTROL AND AUDIT

  • 1. CONTROL AND AUDIT Oleh : ROSDINA 11353200777 Information System| UIN SUSKA RIAU
  • 3. What is an IT Audit? An Information Technology (IT) audit is an audit of an organisation’s IT systems, management, operations and related processes. An IT audit may be carried out in connection with a financial regularity audit or selective audit. As the records, services and operations of many organisations are often highly computerised, there is a need to evaluate the IT controls in the course of an audit of these organisations.
  • 5. Why is IT Audit important? Many organisations are spending large amounts of money on IT because they recognise the tremendous benefits that IT can bring to their operations and services. However, they need to ensure that their IT systems are reliable, secure and not vulnerable to computer attacks.
  • 6. IT audit is important because it gives assurance that the IT systems are adequately protected, provide reliable information to users and properly managed to achieve their intended benefits. Many users rely on IT without knowing how the computers work. A computer error could be repeated indefinitely, causing more extensive damage than a human mistake. IT audit could also help to reduce risks of data tampering, data loss or leakage, service disruption, and poor management of IT systems
  • 7. An IT control is a procedure or policy that provides a reasonable assurance that the information technology (IT) used by an organization operates as intended, that data is reliable and that the organization is in compliance with applicable laws and regulations. IT Controls can be categorized as either general controls (ITGC) or application controls (ITAC).
  • 8. Generally Accepted Auditing Standards General Standards Standards of Field Work Reporting Standards 1. The auditor must have adequate technical training and proficiency. 1. Audit work must be adequately planned. 1. The auditor must state in the report whether financial statements were prepared in accordance with generally accepted accounting principles. 2. The auditor must have independence of mental attitude. 2. The auditor must gain a sufficient understanding of the internal control structure. 2. The report must identify those circumstances in which generally accepted accounting principles were not applied. 3. The auditor must exercise due professional care in the performance of the audit and the preparation of the report. 3. The auditor must obtain sufficient, competent evidence. 3. The report must identify any items that do not have adequate informative disclosures.
  • 9. Internal Control Internal control is a process designed to provide reasonable assurance regarding the achievement of objectives in the following areas: Effectiveness and efficiency of operations Reliability of financial reporting Compliance with applicable laws and regulations Safeguarding assets
  • 10. Examples of Internal Control Think about what you do….. Lock your home and vehicle. Keep your ATM/debit card pin number separate from your card. Expect your children to ask permission before they can do certain things. Don’t leave blank checks or cash just lying around. Review bills and credit card statements before paying them. Reconcile your bank statement.
  • 11. External vs. Internal Auditors External auditors represent outsiders while internal auditors represent organization’s interests. Internal auditors often cooperate with and assist external auditors in some aspects of financial audits. Extent of cooperation depends upon the independence and competence of the internal audit staff. External auditors can rely in part on evidence gathered by internal audit departments that are organizationally independent and report to the board of directors’ audit committee.
  • 12. Internal Control 1. Preventive Control 2. Detective Control 3. Corrective Control Internal controls implemented three important functions. Broadly speaking, be explained that these three functions are mutually supportive so that existing systems obtain maximum results for the company. The function of the internal control are as follows:
  • 13. Training on applicable policies, department policy/procedures; Review and approval process for purchase requisitions to make sure they are appropriate before the purchase; IT access authorizations to ensure access is appropriate; The use of passwords to stop unauthorized access to systems/applications; 1. Preventive Control Controlling for the prevention function is to prevent a problem before the problem arises. Employing highly qualified accounting personnel, employees of adequate segregation of duties, and effectively controlling physical access of the assets, facilities and information, an effective prevention control. Examples of Preventive Controls:
  • 14. Cash counts; bank reconciliation; Review your payroll reports; Compare transactions on reports to source documents; Monitor actual expenditures against budget; Review logs for evidence of mischief; 2. Detective Control Needed to uncover the problem so the problem arose. An example of a detective control is the examination copies of calculations, prepare bank reconciliations and balance sheet every month. Examples of Detective Controls:
  • 15. Submit corrective journal entries after discovering an error; Complete changes to IT access lists if individual’s role changes; 3. Corrective Control Serves to solve the problems found in the preventive and detective controls. These controls include procedures that are performed to identify the cause of the problem, fix errors or difficulties that have arisen, and change the system so that future problems can be minimized or eliminated. Examples of Corrective Controls:
  • 16. Internal Control Pyramid Sumber : The Institute of Internal Auditors (IIA) Topeka Chapter, 2009
  • 17. Risk is Anything that could negatively impact the organization’s ability to meet it’s operational objectives. The purpose behind controls Fraud is a common risk that should not be ignored. The incidence of fraud is now so common that its occurrence is no longer remarkable, only its scale.
  • 18. Cause of Fraud Sumber : The Institute of Internal Auditors (IIA) Topeka Chapter, 2009
  • 19. How to Mitigate Risk and Fraud Sumber : The Institute of Internal Auditors (IIA) Topeka Chapter, 2009
  • 20. Purpose Of Control A system of internal control is necessary to help employees and other partners understand the attitude and objectives of the organization as a whole. Internal controls provide reasonable assurance to customers and other parties that transactions are recorded properly and in a timely manner. For instance, many consumers have a favorite store because the business is known for providing quality service in a timely manner. In other words, consumers choose to patronize businesses that have good systems of internal control.
  • 22. Operating Systems Security Log-On Procedure: First line of defense against unauthorized access consisting of user IDs and passwords. Access Token: Contains key information about the user which is used to approve actions attempted during the session. Access Control List: Assigned to each IT resource and used to control access to the resource. Discretionary Access Privileges: Allows user to grant access to another user.
  • 23. Operating Systems Controls Access Privileges Verify that access privileges are consistent with separation of incompatible functions and organization policies. Viruses & Destructive Programs Verify effectiveness of procedures to protect against programs such as viruses, worms, back doors, logic bombs, and Trojan horses. Password Control Ensure adequacy and effectiveness of password policies for controlling access to the operating system.
  • 24. Threats 1. Subversive Verify security and integrity of financial transactions. 2. Determine network controls (1) can prevent and detect illegal access; (2) will render captured data useless; and (3) are sufficient to preserve integrity and security of data.
  • 25. Network Control Purpose of network control is to:  Establish communications sessions.  Manage the flow of data across the network.  Detect and resolve data collisions between nodes.  Detect line failure of signal degeneration errors  Two or more signals transmitted simultaneously will result in data collision which destroys messages.  Polling most popular technique for establishing a communication session in WANs.  Token passing involves transmitting special signal around the network. Only the node processing the token is allowed to transmit data.
  • 27. Database Approach Access to the data resource is controlled by a database management system (DBMS). Centralizes organization’s data into a common database shared by the user community. All users have access to data they need which may overcome flat-file problems. 1. Elimination of data storage problem: No data redundancy. 2. Elimination of data updating problem: Single update procedure eliminates currency of information problem. 3. Elimination of task-data dependency problem: Users only constrained by legitimacy of access needs.
  • 28. Audit Procedures for Testing Database Access Controls Backup policy should balance inconvenience of frequent activity against business disruption caused by system failure. Verify that automatic backup procedures are in place and functioning and that copies of the database are stored off-site. Verify backups are performed routinely and frequently.
  • 30. What is the SDLC: When developing a new information system, there are many, many steps that must be followed. The systems development life cycle (SDLC) is an attempt to structure these steps. From the perspective of a definition, the SDLC is a structured step- by-step approach for developing information systems. When developing a system, there are three primary choices you will make very early in the process:  Insourcing is how much will be done by your own IT specialists.  Selfsourcing is how much can be done by the end-users.  Outsourcing is how much will be done by a third-party outside the organization.
  • 31.
  • 32. Phase 1: Planning: The planning phase of the SDLC involves determining a solid plan for developing your information system. A project manager is an individual who is an expert in project planning and management, defines and develops the project plan, and tracks the plan to ensure all key project milestones are completed on time.
  • 33. • Define the system to be developed. • Identify and select the system for development or determine which system is required to support the strategic goals of your organization. • Set the project scope. • The project scope clearly defines the high-level system requirements and is the most basic definition of the system. • Define the project plan. • The project plan defines the what, when, and who questions of systems development activities including all activities to be performed, the individuals, or resources, who will perform the activities, and the time required to complete each activity. Three primary activities:
  • 34. Phase 2: Analysis: The analysis phase of the SDLC involves end users and IT specialists working together to gather, understand, and document the business requirements for the proposed system. The primary activity of this phase is to gather business requirements. Business requirements are the detailed set of knowledge worker requests that the system must meet to be successful. One task to gather business requirements is to perform a joint application development (JAD) session, knowledge workers and IT specialists meet to define and review business requirements. Once all the business requirements are defined, the end-users sign off on them indicating that they approve of all the business requirements.
  • 35. Phase 3: Design: The primary goal of the design phase is to build a technical blueprint of how the proposed system will work. Your point of view changes from a business perspective to a technical or physical perspective. The technical architecture defines the hardware, software, and telecommunications equipment to run the system. Modeling is the activity of drawing a graphical representation of the design.
  • 36. Phase 4: Development: During the development phase of the SDLC, you take all your detailed design documents from the design phase and transform them into an actual system. In this phase, you build your technical architecture by buying and setting up the technical architecture during the design phase. Secondly, you create databases and write any necessary software programs. Computer technology advances very rapidly. Sometimes, systems can take several months to develop and the available technologies may change often.
  • 37. Phase 5: Testing: The testing phase of the SDLC verifies that the system works and meets all the business requirements defined in the analysis phase. First, you develop detailed test conditions, which are the detailed steps the system must perform along with the expected results of each step. Secondly, you actually perform the test. It is important that you do not skip any steps.
  • 38. Phase 6: Implementation: During the implementation phase of the SDLC, you distribute the system to all the knowledge workers and they begin using the system to perform their everyday jobs. First, you will provide user documentation to the knowledge workers which explain how to use the system. Secondly, provide training for the knowledge workers. You must ensure that all of the knowledge workers have the required training to use the system correctly.
  • 39. Phase 7: Maintenance: During the maintenance phase of the SDLC, you monitor and support the new system to ensure it continues to meet the business goals. First, you will need to create a help desk to answer your worker’s questions. Secondly, you will need to change the system as your business changes.
  • 40. Controlling and Auditing the SDLC System planning and analysis. Conceptual system design impacts auditability. Economic feasibility needs to be measured accurately. Systems implementation. Provide technical expertise with regard to accounting rules. Specify documentation standards. Verify control adequacy and compliance with SOX.
  • 41. A Financial Transaction is..?? An economic event that affects the assets and equities of the firm, is reflected in its accounts, and is measured in monetary terms. Similar types of transactions are grouped together into three transaction cycles:  the expenditure cycle.  the conversion cycle.  the revenue cycle.
  • 42. A transaction is an agreement between two entities to exchange goods or services OR any other event that can be measured in economic terms by an organization. Example: Sell goods to customers; depreciate equipment. The transaction cycle is a process that begins with capturing data about a transaction and ends with an information output, such as a set of financial statements.
  • 43. Many business activities are paired in give-get exchanges. The basic exchanges can be grouped into five major transaction cycles. Revenue cycle—Interactions with customers. Give goods; get cash. Expenditure cycle—Interactions with suppliers. Give cash; get goods. Production cycle—Give labor and raw materials; get finished product. Human resources Management/payroll cycle—Give cash; get labor. Financing cycle—Give cash; get cash.
  • 44. Auditing the Revenue Cycle Thousands of transactions can occur within any of these cycles, but there are relatively few types of transactions in a cycle. Every transaction cycle relates to other cycles and interfaces with the general ledger and reporting system, which generates information for management and external parties. The revenue cycle gets finished goods from the production cycle; provides funds to the financing cycle; and provides data to the general ledger and reporting system.
  • 45. Auditing the Expenditure Cycle The expenditure cycle gets funds from the financing cycle; provides raw materials to the production cycle; and provides data to the general ledger and reporting system. The production cycle, Gets raw materials from the expenditure cycle; gets labor from the HR/payroll cycle; provides finished goods to the revenue cycle; and provides data to the general ledger and reporting system.
  • 46. The HR/payroll cycle gets funds from the financing cycle; provides labor to the production cycle; and provides data to the general ledger and reporting system. The financing cycle gets funds from the revenue cycle; provides funds to the expenditure and HR/payroll cycles; and provides data to the general ledger and reporting system. The general ledger and reporting system gets data from all of the cycles and provides information for internal and external users.
  • 47. Many Accounting software packages implement the different transaction cycles as separate modules. Not every module is needed in every organization, e.g., retail companies don’t have a production cycle. Some companies may need extra modules. So the implementation of each transaction cycle can differ significantly across companies. However the cycles are implemented, it is critical that the AIS be able to accommodate the information needs of managers and integrate financial and non-financial data.
  • 49. Thank You… Thank You for Your Attention