SlideShare a Scribd company logo

Information systems audit n control introduction.ppt

Download as PPT, PDF
R
r209777z

Information systems audit n control introduction.ppt

Technology
1 of 32
Information Systems Audit and Control: INFO438 Felex Madzikanda Department of Information and Marketing Science Midlands State University madzikandaf@msu.ac.zw 0774810683
Administration  lectures, assignments and tests worth 30%  Final examination, three hours worth 70%
Overview of EDP Auditing • EDP Auditing: Is the process of collecting and evaluating evidence to determine whether a computer system safeguards assets, maintains data integrity, achieves organizational goals effectively, and consumes resources efficiently.
Need for control and audit of computers • Organizational costs of data loss • Incorrect decision making • Computer abuse • Value of computer hardware, software and personnel • High costs of computer error • Privacy • Controlled evolution of computer use
Effects of EDP on Internal Controls • Seperation of duties • Delegation of authority and responsibility • Competent and trustworthy personnel • System authorizations • Adequate documents and records • Physical control of assets and records • Adequate management supervision • Independent checks on performance • Comparing recorded accountability with assets
Effects of EDP on Auditing Changes to evidence collection • Auditors confront a complex range of internal control technology • Auditors need EDP systems to collect evidence Changes to evidence evaluation • Due to complexity, there is difficulty to evaluate the consequences of a control strength and weakness • Auditors are much stressed in that errorneous programs will always execute incorrectly, errors are generated at high speed, and the costs to correct and rerun programs can be high
Effects of EDP on Auditing • Computer program errors can involve extensive redesign and reprogramming – auditors must ensure controls are sufficient
Foundations of EDP Auditing • Traditional auditing – (internal control techniques, control totals, philosophy) • Information systems mgt – (techniques of project mgt, documentation and standards, structured programming) • Computer science – (reliability theory and control theory have been the basis for designing secure systems) • Behavioral science
Foundations of EDP Auditing EDP AUDITING Information Systems management Computer Science Traditional Auditing Behavioural Science
Conducting an EDP Audit Dealing with complexity (1) Given the purpose of the edp audit, factor the system to be evaluated into subsystems(Management subsystems and application subsystems) (2) Identify the components that perform the basic activities in each subsystems(hardware, software, people, transmission media)
Conducting an EDP Audit (3) Evaluate the reliability with which each component executes its activities(archieved by several Controls: Below are some of the major classes of controls) • authenticity • accuracy – validation checks, overflow checks, financial controls • completenes – validation, record sequence #s
Conducting an EDP Audit • Redundancy – to ensure a data item is processed only once • Privacy – encryption, passwords, inference • Audit Trails – two types i.e. accounting and operations audit trail. • Existence – attempt to ensure the ongoing availability of all system resources
Conducting an EDP Audit • Asset safeguarding – ensure that resources within a system are protected from destruction or corruption • Effectiveness – to ensure that systems achieve their goals e.g. Post audits • Efficiency controls – to ensure a system uses minimum resources to achieve its goals e.g logs of resource consumption, perfomance monitoring using h/w and s/w monitors
Conducting an EDP Audit (4) Determine the reliability of each subsystem and the implications of each subsystem's level of reliability for the overall level of reliability in the system.
Conducting an EDP Audit Overview of steps in an EDP Audit (1)Preliminary review phase • the objective of the preliminary review is to obtain the information necessary for the auditor to make a decision on how to proceed with the audit. • Review of management and application controls
Conducting an EDP Audit • primary means of evidence collection are interviews, observations and reviews of documentations. • In conclusion the auditor will decide to: a) Withdraw from the audit
Conducting an EDP Audit b) Perform a detailed review of the internal control system with the expectation that reliance can be placed upon the internal control system and the scope and extent of substantive testing can be reduced as a consequence. c) Decide not to rely on the internal control s .
Conducting an EDP Audit (2) Detailed Review Phase • Objective is to obtain the information necessary for the auditor to have an in-depth understanding of the controls used in the computer installation • Detailed review of management and application controls • Means of evidence are interviews, observations and reviews of documentations.
Conducting an EDP Audit • In conclusion the auditor must evaluate whether the controls established reduce the expected losses to an acceptable level. (3) Compliance Testing Phase • objective is to determine whether the or not the system of internal controls operates as it is purported to operate. • Use of computer-assisted evidence collection techniques to determine the existence and reliability of controls.
Conducting an EDP Audit • In conclusion, the auditor evaluates the internal control system in light of the evidence collected on the reliability of individual controls. (4) Review and Testing of User(compensating) Controls • Users may carefully reconcile their own control totals with those produced as output from application systems programs.
Conducting an EDP Audit • From external audit view point, evaluating compensating controls may be a more cost effective way of completing the audit. • Compensating controls may represent a duplication of controls (5) Substantive Testing Phase • Objective is to obtain sufficient evidence so the auditor can make a final judgment on whether or not material losses have occurred or could occur during computer data processing.
Conducting an EDP Audit • The five types of substantive tests are to identify erroneous processing, assess the quality of data, identify inconsistent data, tests to compare data with physical counts, confirmation of data with outside sources. • Much of these tests require computer support.
Conducting an EDP Audit Some Major Audit Decisions (1) Evaluation Judgement • it is made at the end of every phase. • Questions are what controls are critical to the audit and how they should be tested for compliance, what extent of substantive testing is needed and finally whether or not the system has satisfactorily safeguarded assets, maintained data integrity, archieved system effectiveness and efficiency.
Conducting an EDP Audit (2)Timing of Audit procedures • Some auditors argue that little change is needed to the traditional schedule of interim work, end of period work, and post-period- end work. • Some edp auditors argue both external and internal auditors should, at a minimum, review and evaluate the design of computer controls at various major check points in the system development process.
Conducting an EDP Audit • Some auditors emphasize audit participation in the design phase of the edp systems( with this approach,audits will be performed at 3 stages in the life cycle of a system) analysis Design implementation operation review
Conducting an EDP Audit Why the design phase?
Conducting an EDP Audit (3)Audit use of the computer • Brings in two approaches: auditing around the computer and auditing through the computer. (a)Auditing around the computer • It is arriving at an audit opinion through examining the internal control system for a computer installation and the input and output only for the application systems.
Conducting an EDP Audit Suitability • When system is simple • The system uses generalized software that is well tested and used widely by many installations • The system logic is straight forward • Controls can be mentained through the normal methods e.g. Seperation of duties and mgt supervision
Conducting an EDP Audit • The task environment is relatively constant and few stresses are placed on the system (b)Auditing through the computer • the auditor can use the computer to test: I. The logic and controls existing with in the system and II. The records produced by the system.
Conducting an EDP Audit Suitability • The application system processes large volumes of input and produces large volumes of output • The logic of the system is complex • Significant parts of the internal control system are embedded in the computer system • Cost-benefit considerations
Conducting an EDP Audit (4)Selecting Application Systems for Audit • as a general rule the auditor should select for audit those application systems most critical to the continued existence of the organization. (a)User audits as a selection basis • Control clerks in the user area responsible for gathering and batching source data, error correction, and error resubmission often know the fundamental weaknesses in an application system.
Conducting an EDP Audit (b)Application system characteristics • High risk system, technologically advanced systems, high cost systems • Auditors should also perform a cyclical review of systems that seem to function well. This review examines ways of improving these systems.

Recommended

Auditing in computerized environment.pptx
Auditing in computerized environment.pptxAuditing in computerized environment.pptx
Auditing in computerized environment.pptxinfantemiliya18
 
Software Engineering Introduction
Software Engineering IntroductionSoftware Engineering Introduction
Software Engineering IntroductionrajeswaricseAvinuty
 
Information system audit 2
Information system audit 2 Information system audit 2
Information system audit 2 Jayant Dalvi
 
Computerized Environment
Computerized EnvironmentComputerized Environment
Computerized EnvironmentVadivelM9
 
Computer-Assisted Audit Tools and Techniques
Computer-Assisted Audit Tools and TechniquesComputer-Assisted Audit Tools and Techniques
Computer-Assisted Audit Tools and Techniques_supriadi
 
auditing-190520092523.pdf
auditing-190520092523.pdfauditing-190520092523.pdf
auditing-190520092523.pdfchetanvchaudhari
 
Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1Sreekanth Narendran
 
Computer-Assisted Audit Tools and Techniques
Computer-Assisted Audit Tools and TechniquesComputer-Assisted Audit Tools and Techniques
Computer-Assisted Audit Tools and Techniques_supriadi
 

Recommended

Auditing in computerized environment.pptx
Auditing in computerized environment.pptxAuditing in computerized environment.pptx
Auditing in computerized environment.pptxinfantemiliya18
 
Software Engineering Introduction
Software Engineering IntroductionSoftware Engineering Introduction
Software Engineering IntroductionrajeswaricseAvinuty
 
Information system audit 2
Information system audit 2 Information system audit 2
Information system audit 2 Jayant Dalvi
 
Computerized Environment
Computerized EnvironmentComputerized Environment
Computerized EnvironmentVadivelM9
 
Computer-Assisted Audit Tools and Techniques
Computer-Assisted Audit Tools and TechniquesComputer-Assisted Audit Tools and Techniques
Computer-Assisted Audit Tools and Techniques_supriadi
 
auditing-190520092523.pdf
auditing-190520092523.pdfauditing-190520092523.pdf
auditing-190520092523.pdfchetanvchaudhari
 
Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1Sreekanth Narendran
 
Computer-Assisted Audit Tools and Techniques
Computer-Assisted Audit Tools and TechniquesComputer-Assisted Audit Tools and Techniques
Computer-Assisted Audit Tools and Techniques_supriadi
 
CISA_WK_4.pptx
CISA_WK_4.pptxCISA_WK_4.pptx
CISA_WK_4.pptxdotco
 
3.42211- CIS Audit.pdf
3.42211- CIS Audit.pdf3.42211- CIS Audit.pdf
3.42211- CIS Audit.pdfNehemiah27
 
Information system audit
Information system audit Information system audit
Information system audit Jayant Dalvi
 
Test Data Approach
Test Data ApproachTest Data Approach
Test Data Approachkzoe1996
 
CISA_WK_2.pptx
CISA_WK_2.pptxCISA_WK_2.pptx
CISA_WK_2.pptxdotco
 
Epitome Corporate PPT
Epitome Corporate PPTEpitome Corporate PPT
Epitome Corporate PPTEpitome Technologies Training
 
Value-added it auditing
Value-added it auditingValue-added it auditing
Value-added it auditingMarc Vael
 
The Importance of Security within the Computer Environment
The Importance of Security within the Computer EnvironmentThe Importance of Security within the Computer Environment
The Importance of Security within the Computer EnvironmentAdetula Bunmi
 
CISA_WK_1.pptx
CISA_WK_1.pptxCISA_WK_1.pptx
CISA_WK_1.pptxdotco
 
Audit and Assurance
Audit and AssuranceAudit and Assurance
Audit and AssuranceMuhamadSyawal7
 
Information system audit
Information system audit Information system audit
Information system audit Jayant Dalvi
 
Compliance
ComplianceCompliance
CompliancePriyank Hada
 
Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6Sharah Ayumi
 
Quality Assurance in Modern Software Development
Quality Assurance in Modern Software DevelopmentQuality Assurance in Modern Software Development
Quality Assurance in Modern Software DevelopmentZahra Sadeghi
 
Information system audit
Information system audit Information system audit
Information system audit Jayant Dalvi
 
22-REQUIREMENT.ppt
22-REQUIREMENT.ppt22-REQUIREMENT.ppt
22-REQUIREMENT.pptssuser5e271f1
 
Chapter 6
Chapter 6Chapter 6
Chapter 6Nur Dalila Zamri
 
Security Baselines and Risk Assessments
Security Baselines and Risk AssessmentsSecurity Baselines and Risk Assessments
Security Baselines and Risk AssessmentsPriyank Hada
 
Chapter 4 : Auditing and the information technology environment
Chapter 4 : Auditing and the information technology environmentChapter 4 : Auditing and the information technology environment
Chapter 4 : Auditing and the information technology environmentKugendranMani
 
Chapter 2 auditing it governance controls
Chapter 2 auditing it governance controlsChapter 2 auditing it governance controls
Chapter 2 auditing it governance controlsjayussuryawan
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 

More Related Content

Similar to Information systems audit n control introduction.ppt

CISA_WK_4.pptx
CISA_WK_4.pptxCISA_WK_4.pptx
CISA_WK_4.pptxdotco
 
3.42211- CIS Audit.pdf
3.42211- CIS Audit.pdf3.42211- CIS Audit.pdf
3.42211- CIS Audit.pdfNehemiah27
 
Information system audit
Information system audit Information system audit
Information system audit Jayant Dalvi
 
Test Data Approach
Test Data ApproachTest Data Approach
Test Data Approachkzoe1996
 
CISA_WK_2.pptx
CISA_WK_2.pptxCISA_WK_2.pptx
CISA_WK_2.pptxdotco
 
Value-added it auditing
Value-added it auditingValue-added it auditing
Value-added it auditingMarc Vael
 
The Importance of Security within the Computer Environment
The Importance of Security within the Computer EnvironmentThe Importance of Security within the Computer Environment
The Importance of Security within the Computer EnvironmentAdetula Bunmi
 
CISA_WK_1.pptx
CISA_WK_1.pptxCISA_WK_1.pptx
CISA_WK_1.pptxdotco
 
Information system audit
Information system audit Information system audit
Information system audit Jayant Dalvi
 
Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6Sharah Ayumi
 
Quality Assurance in Modern Software Development
Quality Assurance in Modern Software DevelopmentQuality Assurance in Modern Software Development
Quality Assurance in Modern Software DevelopmentZahra Sadeghi
 
Information system audit
Information system audit Information system audit
Information system audit Jayant Dalvi
 
Security Baselines and Risk Assessments
Security Baselines and Risk AssessmentsSecurity Baselines and Risk Assessments
Security Baselines and Risk AssessmentsPriyank Hada
 
Chapter 4 : Auditing and the information technology environment
Chapter 4 : Auditing and the information technology environmentChapter 4 : Auditing and the information technology environment
Chapter 4 : Auditing and the information technology environmentKugendranMani
 
Chapter 2 auditing it governance controls
Chapter 2 auditing it governance controlsChapter 2 auditing it governance controls
Chapter 2 auditing it governance controlsjayussuryawan
 

Similar to Information systems audit n control introduction.ppt (20)

CISA_WK_4.pptx
CISA_WK_4.pptxCISA_WK_4.pptx
CISA_WK_4.pptx
 
3.42211- CIS Audit.pdf
3.42211- CIS Audit.pdf3.42211- CIS Audit.pdf
3.42211- CIS Audit.pdf
 
Information system audit
Information system audit Information system audit
Information system audit
 
Test Data Approach
Test Data ApproachTest Data Approach
Test Data Approach
 
CISA_WK_2.pptx
CISA_WK_2.pptxCISA_WK_2.pptx
CISA_WK_2.pptx
 
Epitome Corporate PPT
Epitome Corporate PPTEpitome Corporate PPT
Epitome Corporate PPT
 
Value-added it auditing
Value-added it auditingValue-added it auditing
Value-added it auditing
 
The Importance of Security within the Computer Environment
The Importance of Security within the Computer EnvironmentThe Importance of Security within the Computer Environment
The Importance of Security within the Computer Environment
 
CISA_WK_1.pptx
CISA_WK_1.pptxCISA_WK_1.pptx
CISA_WK_1.pptx
 
Audit and Assurance
Audit and AssuranceAudit and Assurance
Audit and Assurance
 
Information system audit
Information system audit Information system audit
Information system audit
 
Compliance
ComplianceCompliance
Compliance
 
Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6
 
Quality Assurance in Modern Software Development
Quality Assurance in Modern Software DevelopmentQuality Assurance in Modern Software Development
Quality Assurance in Modern Software Development
 
Information system audit
Information system audit Information system audit
Information system audit
 
22-REQUIREMENT.ppt
22-REQUIREMENT.ppt22-REQUIREMENT.ppt
22-REQUIREMENT.ppt
 
Chapter 6
Chapter 6Chapter 6
Chapter 6
 
Security Baselines and Risk Assessments
Security Baselines and Risk AssessmentsSecurity Baselines and Risk Assessments
Security Baselines and Risk Assessments
 
Chapter 4 : Auditing and the information technology environment
Chapter 4 : Auditing and the information technology environmentChapter 4 : Auditing and the information technology environment
Chapter 4 : Auditing and the information technology environment
 
Chapter 2 auditing it governance controls
Chapter 2 auditing it governance controlsChapter 2 auditing it governance controls
Chapter 2 auditing it governance controls
 

Recently uploaded

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 

Information systems audit n control introduction.ppt

  • 1. Information Systems Audit and Control: INFO438 Felex Madzikanda Department of Information and Marketing Science Midlands State University madzikandaf@msu.ac.zw 0774810683
  • 2. Administration  lectures, assignments and tests worth 30%  Final examination, three hours worth 70%
  • 3. Overview of EDP Auditing • EDP Auditing: Is the process of collecting and evaluating evidence to determine whether a computer system safeguards assets, maintains data integrity, achieves organizational goals effectively, and consumes resources efficiently.
  • 4. Need for control and audit of computers • Organizational costs of data loss • Incorrect decision making • Computer abuse • Value of computer hardware, software and personnel • High costs of computer error • Privacy • Controlled evolution of computer use
  • 5. Effects of EDP on Internal Controls • Seperation of duties • Delegation of authority and responsibility • Competent and trustworthy personnel • System authorizations • Adequate documents and records • Physical control of assets and records • Adequate management supervision • Independent checks on performance • Comparing recorded accountability with assets
  • 6. Effects of EDP on Auditing Changes to evidence collection • Auditors confront a complex range of internal control technology • Auditors need EDP systems to collect evidence Changes to evidence evaluation • Due to complexity, there is difficulty to evaluate the consequences of a control strength and weakness • Auditors are much stressed in that errorneous programs will always execute incorrectly, errors are generated at high speed, and the costs to correct and rerun programs can be high
  • 7. Effects of EDP on Auditing • Computer program errors can involve extensive redesign and reprogramming – auditors must ensure controls are sufficient
  • 8. Foundations of EDP Auditing • Traditional auditing – (internal control techniques, control totals, philosophy) • Information systems mgt – (techniques of project mgt, documentation and standards, structured programming) • Computer science – (reliability theory and control theory have been the basis for designing secure systems) • Behavioral science
  • 9. Foundations of EDP Auditing EDP AUDITING Information Systems management Computer Science Traditional Auditing Behavioural Science
  • 10. Conducting an EDP Audit Dealing with complexity (1) Given the purpose of the edp audit, factor the system to be evaluated into subsystems(Management subsystems and application subsystems) (2) Identify the components that perform the basic activities in each subsystems(hardware, software, people, transmission media)
  • 11. Conducting an EDP Audit (3) Evaluate the reliability with which each component executes its activities(archieved by several Controls: Below are some of the major classes of controls) • authenticity • accuracy – validation checks, overflow checks, financial controls • completenes – validation, record sequence #s
  • 12. Conducting an EDP Audit • Redundancy – to ensure a data item is processed only once • Privacy – encryption, passwords, inference • Audit Trails – two types i.e. accounting and operations audit trail. • Existence – attempt to ensure the ongoing availability of all system resources
  • 13. Conducting an EDP Audit • Asset safeguarding – ensure that resources within a system are protected from destruction or corruption • Effectiveness – to ensure that systems achieve their goals e.g. Post audits • Efficiency controls – to ensure a system uses minimum resources to achieve its goals e.g logs of resource consumption, perfomance monitoring using h/w and s/w monitors
  • 14. Conducting an EDP Audit (4) Determine the reliability of each subsystem and the implications of each subsystem's level of reliability for the overall level of reliability in the system.
  • 15. Conducting an EDP Audit Overview of steps in an EDP Audit (1)Preliminary review phase • the objective of the preliminary review is to obtain the information necessary for the auditor to make a decision on how to proceed with the audit. • Review of management and application controls
  • 16. Conducting an EDP Audit • primary means of evidence collection are interviews, observations and reviews of documentations. • In conclusion the auditor will decide to: a) Withdraw from the audit
  • 17. Conducting an EDP Audit b) Perform a detailed review of the internal control system with the expectation that reliance can be placed upon the internal control system and the scope and extent of substantive testing can be reduced as a consequence. c) Decide not to rely on the internal control s .
  • 18. Conducting an EDP Audit (2) Detailed Review Phase • Objective is to obtain the information necessary for the auditor to have an in-depth understanding of the controls used in the computer installation • Detailed review of management and application controls • Means of evidence are interviews, observations and reviews of documentations.
  • 19. Conducting an EDP Audit • In conclusion the auditor must evaluate whether the controls established reduce the expected losses to an acceptable level. (3) Compliance Testing Phase • objective is to determine whether the or not the system of internal controls operates as it is purported to operate. • Use of computer-assisted evidence collection techniques to determine the existence and reliability of controls.
  • 20. Conducting an EDP Audit • In conclusion, the auditor evaluates the internal control system in light of the evidence collected on the reliability of individual controls. (4) Review and Testing of User(compensating) Controls • Users may carefully reconcile their own control totals with those produced as output from application systems programs.
  • 21. Conducting an EDP Audit • From external audit view point, evaluating compensating controls may be a more cost effective way of completing the audit. • Compensating controls may represent a duplication of controls (5) Substantive Testing Phase • Objective is to obtain sufficient evidence so the auditor can make a final judgment on whether or not material losses have occurred or could occur during computer data processing.
  • 22. Conducting an EDP Audit • The five types of substantive tests are to identify erroneous processing, assess the quality of data, identify inconsistent data, tests to compare data with physical counts, confirmation of data with outside sources. • Much of these tests require computer support.
  • 23. Conducting an EDP Audit Some Major Audit Decisions (1) Evaluation Judgement • it is made at the end of every phase. • Questions are what controls are critical to the audit and how they should be tested for compliance, what extent of substantive testing is needed and finally whether or not the system has satisfactorily safeguarded assets, maintained data integrity, archieved system effectiveness and efficiency.
  • 24. Conducting an EDP Audit (2)Timing of Audit procedures • Some auditors argue that little change is needed to the traditional schedule of interim work, end of period work, and post-period- end work. • Some edp auditors argue both external and internal auditors should, at a minimum, review and evaluate the design of computer controls at various major check points in the system development process.
  • 25. Conducting an EDP Audit • Some auditors emphasize audit participation in the design phase of the edp systems( with this approach,audits will be performed at 3 stages in the life cycle of a system) analysis Design implementation operation review
  • 26. Conducting an EDP Audit Why the design phase?
  • 27. Conducting an EDP Audit (3)Audit use of the computer • Brings in two approaches: auditing around the computer and auditing through the computer. (a)Auditing around the computer • It is arriving at an audit opinion through examining the internal control system for a computer installation and the input and output only for the application systems.
  • 28. Conducting an EDP Audit Suitability • When system is simple • The system uses generalized software that is well tested and used widely by many installations • The system logic is straight forward • Controls can be mentained through the normal methods e.g. Seperation of duties and mgt supervision
  • 29. Conducting an EDP Audit • The task environment is relatively constant and few stresses are placed on the system (b)Auditing through the computer • the auditor can use the computer to test: I. The logic and controls existing with in the system and II. The records produced by the system.
  • 30. Conducting an EDP Audit Suitability • The application system processes large volumes of input and produces large volumes of output • The logic of the system is complex • Significant parts of the internal control system are embedded in the computer system • Cost-benefit considerations
  • 31. Conducting an EDP Audit (4)Selecting Application Systems for Audit • as a general rule the auditor should select for audit those application systems most critical to the continued existence of the organization. (a)User audits as a selection basis • Control clerks in the user area responsible for gathering and batching source data, error correction, and error resubmission often know the fundamental weaknesses in an application system.
  • 32. Conducting an EDP Audit (b)Application system characteristics • High risk system, technologically advanced systems, high cost systems • Auditors should also perform a cyclical review of systems that seem to function well. This review examines ways of improving these systems.

Editor's Notes

  1. Regular monitoring of user satisfaction, periodic cost/benefit analysis, monitoring of frequency of use – system effectiveness System efficiency – regular interviews with system users.