SlideShare a Scribd company logo
IS Audit and
Internal Controls
BHARATH RAO
Professional

Audit

CA
blog.bharathraob.com

•
•
•
•
•

Audit
Tax
Company Matters
Legal Complicances
Accounts

• Statutory Audit
• Internal Audit
• Tax Audit
(44AB, VAT etc)
• Special Audits

2
10/19/2013
•
•
•
•
•
•

IS Audit
Design of Access, Process Controls
Implementation of ERP
Implementation of GRC
Forensic Audit
Legal Compliances and Frameworks for IT Governance:
•
•
•
•
•
•

Sarbanes - Oxley Act 2002 – Section 302 and 404
Companies Act 2013 – Section 134 and 143
ISO 27001
ISO 27002
ISO 27031
COBIT 5/COSO Framework

More work more pay
blog.bharathraob.com

3
10/19/2013
Risk

Terms
blog.bharathraob.com

4
10/19/2013
It means policies framed by the
management in order to have stronger
and adequate control within the
organization, which can be checked by
the internal or stat auditor in order to
ensure that the goals and objectives are
duly met.

Internal Controls
blog.bharathraob.com

5
10/19/2013
Control
Environment

Risk
Assessment

Information
and
Communication

Control
Activities

Monitoring

Components of Internal
Controls
blog.bharathraob.com

6
10/19/2013
General
Controls

IS
Controls

Formula of Internal
Control
blog.bharathraob.com

Internal
Controls

7
10/19/2013
IS Controls

Application
Controls
IS Controls
blog.bharathraob.com

IT General
Controls
8
10/19/2013
Maintaining Confidentiality
Preserving Integrity

Ensuring Availability

Objective of IS Controls
blog.bharathraob.com

9
10/19/2013
Application software is the software that processes
business transactions.

The application software could be a payroll system, a
retail banking system, an inventory system, a billing
system or, possibly, an integrated ERP.
Controls, which relate to the business applications
thereby leading to judicial use of the application and are
enforced through the application itself to the end user.

Applications Controls
blog.bharathraob.com

10
10/19/2013
•
•
•
•
•
•
•

General Ledger
Fixed Assets
Inventory Control
Sales
Manufacturing Resource Planning (MRP)
Human Resources
And, everyone’s favorite – Payroll…

Examples of Applications
blog.bharathraob.com

11
10/19/2013
Input
Controls

Processing
Controls

Output
Controls

Integrity
Controls

Management
Trail

Data
Checks
and
Validation
s

Duplicate
Checks,
File
Identificati
ons and
validations

Update
Authorizat
ion

Data
Encryptio
n, Input
Validation

Snapshots,
Time
Stamps

Types of Application
Controls
blog.bharathraob.com

12
10/19/2013
ITGCs may also be referred to as General Computer
Controls which are defined as: Controls, other than
application controls, which relate to the environment within
which computer-based application systems are developed,
maintained and operated, and which are therefore applicable
to all applications.

These are policies and procedures that relate to many
applications and support the effective functioning of
application controls by helping to ensure the continued
proper operation of information systems.

General Controls
blog.bharathraob.com

13
10/19/2013
Physical Access

Data Center

IS Security

SDLC and
Change
Management
(CM)

Logical Controls

Backup and
Recovery

End User
Computing

Areas of IT General
controls
blog.bharathraob.com

14
10/19/2013
Checking the
Documentation of
Policies, Processes

Reviewing Logs
that are generated
by applications

Understanding the
solutions that are
present other than
business
applications and
their role

The IS audit
blog.bharathraob.com

Testing and
gathering of
evidences based
on Sampling

• Screen
shots, Photos,
Email
Conversations,
Scans

15
10/19/2013
• Link

RCM – Risk control matrix
blog.bharathraob.com

16
10/19/2013
Suggested Sample Size
Frequency of Performance

Number of Items to Test per
Annual

Number of Items to Test per
Quarter

Manual General Controls

Many times per day

25

6-7

Manual General Controls

Daily

20

5

Manual General Controls

Weekly

10

2-3

Manual General Controls

Monthly

3

1

Manual General Controls

Quarterly

2

0-1

Manual General Controls

Annually

1

Nature of Control

Programmed General Controls

Test one instance of each programmed control activity.

Sampling
blog.bharathraob.com

17
10/19/2013
• BHARATH RAO B
• +91 96113 19421 | bharath@bharathraob.com
• www.bharathraob.com
blog.bharathraob.com
/bharathraob

Thank you
blog.bharathraob.com

18
10/19/2013

More Related Content

What's hot

What is robotic process automation - a guide to RPA
What is robotic process automation - a guide to RPAWhat is robotic process automation - a guide to RPA
What is robotic process automation - a guide to RPA
Daniele Fittabile
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
Extentia Information Technology
 
Corporate Compliance Overview
Corporate Compliance OverviewCorporate Compliance Overview
Corporate Compliance Overview
Sam Carr
 
IT Revision and Auditing
IT Revision and AuditingIT Revision and Auditing
IT Revision and Auditing
Amith Reddy
 
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
CA CISA Jayjit Biswas
 
03.1 general control
03.1 general control03.1 general control
03.1 general control
Mulyadi Yusuf
 
Software Asset Management
Software Asset ManagementSoftware Asset Management
Software Asset Management
sleterrier
 
Fraud Investigation Process And Procedures
Fraud Investigation Process And ProceduresFraud Investigation Process And Procedures
Fraud Investigation Process And Procedures
Veriti Consulting LLC
 
CAPA Pitfalls and Keys
CAPA Pitfalls and KeysCAPA Pitfalls and Keys
CAPA Pitfalls and Keys
Geoff Habiger
 
Internal Financial Controls
Internal Financial ControlsInternal Financial Controls
Internal Financial Controls
tarunmallappa
 
An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill
Komal Gadia
 
SOX & FCPA COSO 2013 COBIT SOX con el marco normativo Español Hernan Huwyler
SOX & FCPA COSO 2013 COBIT SOX con el marco normativo Español Hernan HuwylerSOX & FCPA COSO 2013 COBIT SOX con el marco normativo Español Hernan Huwyler
SOX & FCPA COSO 2013 COBIT SOX con el marco normativo Español Hernan Huwyler
Hernan Huwyler, MBA CPA
 
Segregation of Duties Solutions
Segregation of Duties SolutionsSegregation of Duties Solutions
Segregation of Duties Solutions
Ahmed Abdul Hamed
 
Computer Assisted Audit Tools and Techniques - the Force multiplier in the ba...
Computer Assisted Audit Tools and Techniques - the Force multiplier in the ba...Computer Assisted Audit Tools and Techniques - the Force multiplier in the ba...
Computer Assisted Audit Tools and Techniques - the Force multiplier in the ba...
Ee Chuan Yoong
 
Ramco Enterprise Asset Management (EAM) Solution - Overview
Ramco Enterprise Asset Management (EAM) Solution - OverviewRamco Enterprise Asset Management (EAM) Solution - Overview
Ramco Enterprise Asset Management (EAM) Solution - Overview
Ramco Systems
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protection
sp_krishna
 
Introduction to caat
Introduction to caatIntroduction to caat
Introduction to caat
Arti Parab Academics
 
Final presentation internal controls
Final presentation  internal controlsFinal presentation  internal controls
Final presentation internal controls
Rishab Nahata
 
Gdpr presentation
Gdpr presentationGdpr presentation
Gdpr presentation
Sudarsan Reddy
 
What is process automation robotics
What is process automation roboticsWhat is process automation robotics
What is process automation robotics
Saad Ehsan
 

What's hot (20)

What is robotic process automation - a guide to RPA
What is robotic process automation - a guide to RPAWhat is robotic process automation - a guide to RPA
What is robotic process automation - a guide to RPA
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
Corporate Compliance Overview
Corporate Compliance OverviewCorporate Compliance Overview
Corporate Compliance Overview
 
IT Revision and Auditing
IT Revision and AuditingIT Revision and Auditing
IT Revision and Auditing
 
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
 
03.1 general control
03.1 general control03.1 general control
03.1 general control
 
Software Asset Management
Software Asset ManagementSoftware Asset Management
Software Asset Management
 
Fraud Investigation Process And Procedures
Fraud Investigation Process And ProceduresFraud Investigation Process And Procedures
Fraud Investigation Process And Procedures
 
CAPA Pitfalls and Keys
CAPA Pitfalls and KeysCAPA Pitfalls and Keys
CAPA Pitfalls and Keys
 
Internal Financial Controls
Internal Financial ControlsInternal Financial Controls
Internal Financial Controls
 
An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill
 
SOX & FCPA COSO 2013 COBIT SOX con el marco normativo Español Hernan Huwyler
SOX & FCPA COSO 2013 COBIT SOX con el marco normativo Español Hernan HuwylerSOX & FCPA COSO 2013 COBIT SOX con el marco normativo Español Hernan Huwyler
SOX & FCPA COSO 2013 COBIT SOX con el marco normativo Español Hernan Huwyler
 
Segregation of Duties Solutions
Segregation of Duties SolutionsSegregation of Duties Solutions
Segregation of Duties Solutions
 
Computer Assisted Audit Tools and Techniques - the Force multiplier in the ba...
Computer Assisted Audit Tools and Techniques - the Force multiplier in the ba...Computer Assisted Audit Tools and Techniques - the Force multiplier in the ba...
Computer Assisted Audit Tools and Techniques - the Force multiplier in the ba...
 
Ramco Enterprise Asset Management (EAM) Solution - Overview
Ramco Enterprise Asset Management (EAM) Solution - OverviewRamco Enterprise Asset Management (EAM) Solution - Overview
Ramco Enterprise Asset Management (EAM) Solution - Overview
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protection
 
Introduction to caat
Introduction to caatIntroduction to caat
Introduction to caat
 
Final presentation internal controls
Final presentation  internal controlsFinal presentation  internal controls
Final presentation internal controls
 
Gdpr presentation
Gdpr presentationGdpr presentation
Gdpr presentation
 
What is process automation robotics
What is process automation roboticsWhat is process automation robotics
What is process automation robotics
 

Viewers also liked

Life of the software - SDLC
Life of the software - SDLCLife of the software - SDLC
Life of the software - SDLC
Bharath Rao
 
El-Paso SOX TestingTraining- June 2007
El-Paso SOX TestingTraining- June 2007El-Paso SOX TestingTraining- June 2007
El-Paso SOX TestingTraining- June 2007
Danial Khan
 
ICPAS Breakfast Talk Series - Maximising IT Audit 13 Mar 2013
ICPAS Breakfast Talk Series - Maximising IT Audit 13 Mar 2013ICPAS Breakfast Talk Series - Maximising IT Audit 13 Mar 2013
ICPAS Breakfast Talk Series - Maximising IT Audit 13 Mar 2013
Barun Kumar
 
Grc 10 eam
Grc 10   eam Grc 10   eam
Grc 10 eam
srinivas P
 
Internal Controls over Financial Reporting in the Indian Context
Internal Controls over Financial Reporting in the Indian Context Internal Controls over Financial Reporting in the Indian Context
Internal Controls over Financial Reporting in the Indian Context
Bharath Rao
 
Financial Management for Business Associations
Financial Management for Business AssociationsFinancial Management for Business Associations
Financial Management for Business Associations
Hammad Siddiqui
 
CISSPills #3.02
CISSPills #3.02CISSPills #3.02
AIS Lecture 1
AIS Lecture 1AIS Lecture 1
AIS Lecture 1
Cheng Olayvar
 
The Importance of Internal Controls in Fraud Prevention
The Importance of Internal Controls in Fraud Prevention The Importance of Internal Controls in Fraud Prevention
The Importance of Internal Controls in Fraud Prevention
Rea & Associates
 
Metodology Risk Assessment ISMS
Metodology Risk Assessment ISMSMetodology Risk Assessment ISMS
Metodology Risk Assessment ISMS
blodotaji
 
Iso27001 Audit Services
Iso27001   Audit ServicesIso27001   Audit Services
Iso27001 Audit Services
tschraider
 
Why ISO-27001 is a better choice?
Why ISO-27001 is a better choice? Why ISO-27001 is a better choice?
Why ISO-27001 is a better choice?
Patten John
 
CIS Audit Lecture # 1
CIS Audit Lecture # 1CIS Audit Lecture # 1
CIS Audit Lecture # 1
Cheng Olayvar
 
Rothke Patchlink
Rothke    PatchlinkRothke    Patchlink
Rothke Patchlink
Ben Rothke
 
Iso27001 Approach
Iso27001   ApproachIso27001   Approach
Iso27001 Approach
tschraider
 
Improving and Implementing Internal Controls
Improving and Implementing Internal ControlsImproving and Implementing Internal Controls
Improving and Implementing Internal Controls
Tommy Seah
 
Social Engineering Audit & Security Awareness
Social Engineering Audit & Security AwarenessSocial Engineering Audit & Security Awareness
Social Engineering Audit & Security Awareness
CBIZ, Inc.
 
Security and Audit Report Sign-Off—Made Easy
Security and Audit Report Sign-Off—Made EasySecurity and Audit Report Sign-Off—Made Easy
Security and Audit Report Sign-Off—Made Easy
HelpSystems
 
Securing your presence at the perimeter
Securing your presence at the perimeterSecuring your presence at the perimeter
Securing your presence at the perimeter
Ben Rothke
 
ISCA-CA Final
ISCA-CA FinalISCA-CA Final

Viewers also liked (20)

Life of the software - SDLC
Life of the software - SDLCLife of the software - SDLC
Life of the software - SDLC
 
El-Paso SOX TestingTraining- June 2007
El-Paso SOX TestingTraining- June 2007El-Paso SOX TestingTraining- June 2007
El-Paso SOX TestingTraining- June 2007
 
ICPAS Breakfast Talk Series - Maximising IT Audit 13 Mar 2013
ICPAS Breakfast Talk Series - Maximising IT Audit 13 Mar 2013ICPAS Breakfast Talk Series - Maximising IT Audit 13 Mar 2013
ICPAS Breakfast Talk Series - Maximising IT Audit 13 Mar 2013
 
Grc 10 eam
Grc 10   eam Grc 10   eam
Grc 10 eam
 
Internal Controls over Financial Reporting in the Indian Context
Internal Controls over Financial Reporting in the Indian Context Internal Controls over Financial Reporting in the Indian Context
Internal Controls over Financial Reporting in the Indian Context
 
Financial Management for Business Associations
Financial Management for Business AssociationsFinancial Management for Business Associations
Financial Management for Business Associations
 
CISSPills #3.02
CISSPills #3.02CISSPills #3.02
CISSPills #3.02
 
AIS Lecture 1
AIS Lecture 1AIS Lecture 1
AIS Lecture 1
 
The Importance of Internal Controls in Fraud Prevention
The Importance of Internal Controls in Fraud Prevention The Importance of Internal Controls in Fraud Prevention
The Importance of Internal Controls in Fraud Prevention
 
Metodology Risk Assessment ISMS
Metodology Risk Assessment ISMSMetodology Risk Assessment ISMS
Metodology Risk Assessment ISMS
 
Iso27001 Audit Services
Iso27001   Audit ServicesIso27001   Audit Services
Iso27001 Audit Services
 
Why ISO-27001 is a better choice?
Why ISO-27001 is a better choice? Why ISO-27001 is a better choice?
Why ISO-27001 is a better choice?
 
CIS Audit Lecture # 1
CIS Audit Lecture # 1CIS Audit Lecture # 1
CIS Audit Lecture # 1
 
Rothke Patchlink
Rothke    PatchlinkRothke    Patchlink
Rothke Patchlink
 
Iso27001 Approach
Iso27001   ApproachIso27001   Approach
Iso27001 Approach
 
Improving and Implementing Internal Controls
Improving and Implementing Internal ControlsImproving and Implementing Internal Controls
Improving and Implementing Internal Controls
 
Social Engineering Audit & Security Awareness
Social Engineering Audit & Security AwarenessSocial Engineering Audit & Security Awareness
Social Engineering Audit & Security Awareness
 
Security and Audit Report Sign-Off—Made Easy
Security and Audit Report Sign-Off—Made EasySecurity and Audit Report Sign-Off—Made Easy
Security and Audit Report Sign-Off—Made Easy
 
Securing your presence at the perimeter
Securing your presence at the perimeterSecuring your presence at the perimeter
Securing your presence at the perimeter
 
ISCA-CA Final
ISCA-CA FinalISCA-CA Final
ISCA-CA Final
 

Similar to IS Audit and Internal Controls

James hall ch 15
James hall ch 15James hall ch 15
James hall ch 15
David Julian
 
Cisa 2013 ch4
Cisa 2013 ch4Cisa 2013 ch4
Cisa 2013 ch4
Aladdin Dandis
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit Club
Kaushal Trivedi
 
Sample audit plan
Sample audit planSample audit plan
Sample audit plan
Maher Manan
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security Audit
Mufaddal Nullwala
 
Information systems and its components iii
Information systems and its components   iiiInformation systems and its components   iii
Information systems and its components iii
Ashish Desai
 
gray_audit_presentation.ppt
gray_audit_presentation.pptgray_audit_presentation.ppt
gray_audit_presentation.ppt
KhalilIdhman
 
3 2006 06 cs6 4 gait principles v3a
3 2006 06 cs6 4 gait principles v3a3 2006 06 cs6 4 gait principles v3a
3 2006 06 cs6 4 gait principles v3a
Gene Kim
 
The Proposed Business Process Changes For The System In Riordan .docx
The Proposed Business Process Changes For The System In Riordan .docxThe Proposed Business Process Changes For The System In Riordan .docx
The Proposed Business Process Changes For The System In Riordan .docx
ssusera34210
 
Info Security & PCI(original)
Info Security & PCI(original)Info Security & PCI(original)
Info Security & PCI(original)
NCTechSymposium
 
FulcrumWay GRC Solutions
FulcrumWay GRC SolutionsFulcrumWay GRC Solutions
FulcrumWay GRC Solutions
Mantala
 
Security audit
Security auditSecurity audit
Security audit
Rosaria Dee
 
Control and Audit Information System
Control and Audit Information SystemControl and Audit Information System
Control and Audit Information System
arif prasetyo
 
Overview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptxOverview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptx
JoshJaro
 
Information Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your BusinessInformation Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your Business
Laura Perry
 
Government and SOX Compliance for ERP Systems
Government and SOX Compliance for ERP SystemsGovernment and SOX Compliance for ERP Systems
Government and SOX Compliance for ERP Systems
Dan Aldridge, ERP Software Evangelist, LION
 
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
Muhammad Azmy
 
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
LynellBull52
 
audit_it_250759.pdf
audit_it_250759.pdfaudit_it_250759.pdf
audit_it_250759.pdf
mabkhoutaliwi1
 
IS Audits and Internal Controls
IS Audits and Internal ControlsIS Audits and Internal Controls
IS Audits and Internal Controls
Bharath Rao
 

Similar to IS Audit and Internal Controls (20)

James hall ch 15
James hall ch 15James hall ch 15
James hall ch 15
 
Cisa 2013 ch4
Cisa 2013 ch4Cisa 2013 ch4
Cisa 2013 ch4
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit Club
 
Sample audit plan
Sample audit planSample audit plan
Sample audit plan
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security Audit
 
Information systems and its components iii
Information systems and its components   iiiInformation systems and its components   iii
Information systems and its components iii
 
gray_audit_presentation.ppt
gray_audit_presentation.pptgray_audit_presentation.ppt
gray_audit_presentation.ppt
 
3 2006 06 cs6 4 gait principles v3a
3 2006 06 cs6 4 gait principles v3a3 2006 06 cs6 4 gait principles v3a
3 2006 06 cs6 4 gait principles v3a
 
The Proposed Business Process Changes For The System In Riordan .docx
The Proposed Business Process Changes For The System In Riordan .docxThe Proposed Business Process Changes For The System In Riordan .docx
The Proposed Business Process Changes For The System In Riordan .docx
 
Info Security & PCI(original)
Info Security & PCI(original)Info Security & PCI(original)
Info Security & PCI(original)
 
FulcrumWay GRC Solutions
FulcrumWay GRC SolutionsFulcrumWay GRC Solutions
FulcrumWay GRC Solutions
 
Security audit
Security auditSecurity audit
Security audit
 
Control and Audit Information System
Control and Audit Information SystemControl and Audit Information System
Control and Audit Information System
 
Overview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptxOverview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptx
 
Information Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your BusinessInformation Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your Business
 
Government and SOX Compliance for ERP Systems
Government and SOX Compliance for ERP SystemsGovernment and SOX Compliance for ERP Systems
Government and SOX Compliance for ERP Systems
 
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
 
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
 
audit_it_250759.pdf
audit_it_250759.pdfaudit_it_250759.pdf
audit_it_250759.pdf
 
IS Audits and Internal Controls
IS Audits and Internal ControlsIS Audits and Internal Controls
IS Audits and Internal Controls
 

More from Bharath Rao

Let the games begin - Insights into the Gaming Industry
Let the games begin - Insights into the Gaming IndustryLet the games begin - Insights into the Gaming Industry
Let the games begin - Insights into the Gaming Industry
Bharath Rao
 
Internal Controls for Indian Financial Reporting using COBIT 5 based Guidance
Internal Controls for Indian Financial Reporting using COBIT 5 based GuidanceInternal Controls for Indian Financial Reporting using COBIT 5 based Guidance
Internal Controls for Indian Financial Reporting using COBIT 5 based Guidance
Bharath Rao
 
Going global while being local
Going global while being localGoing global while being local
Going global while being local
Bharath Rao
 
The Next Gen Auditor - Auditing through technological disruptions
The Next Gen Auditor - Auditing through technological disruptionsThe Next Gen Auditor - Auditing through technological disruptions
The Next Gen Auditor - Auditing through technological disruptions
Bharath Rao
 
Big data, Machine learning and the Auditor
Big data, Machine learning and the AuditorBig data, Machine learning and the Auditor
Big data, Machine learning and the Auditor
Bharath Rao
 
Base Erosion and Profit Shifting
Base Erosion and Profit ShiftingBase Erosion and Profit Shifting
Base Erosion and Profit Shifting
Bharath Rao
 
Chartered Accountant going Global
Chartered Accountant going GlobalChartered Accountant going Global
Chartered Accountant going Global
Bharath Rao
 
Forex markets
Forex marketsForex markets
Forex markets
Bharath Rao
 
Big Data Analytics and a Chartered Accountant
Big Data Analytics and a Chartered AccountantBig Data Analytics and a Chartered Accountant
Big Data Analytics and a Chartered Accountant
Bharath Rao
 
Cloud Computing - Emerging Opportunities in the CA Profession
Cloud Computing - Emerging Opportunities in the CA ProfessionCloud Computing - Emerging Opportunities in the CA Profession
Cloud Computing - Emerging Opportunities in the CA Profession
Bharath Rao
 
Internal Controls over Indian Financial Reporting
Internal Controls over Indian Financial ReportingInternal Controls over Indian Financial Reporting
Internal Controls over Indian Financial Reporting
Bharath Rao
 
Big data - The next best thing
Big data - The next best thingBig data - The next best thing
Big data - The next best thing
Bharath Rao
 
Physical and logical access controls - A pre-requsite for Internal Controls
Physical and logical access controls - A pre-requsite for Internal ControlsPhysical and logical access controls - A pre-requsite for Internal Controls
Physical and logical access controls - A pre-requsite for Internal Controls
Bharath Rao
 
Standards of Auditing - Introduction and Application in the Indian Context
Standards of Auditing - Introduction and Application in the Indian ContextStandards of Auditing - Introduction and Application in the Indian Context
Standards of Auditing - Introduction and Application in the Indian Context
Bharath Rao
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information Security
Bharath Rao
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planning
Bharath Rao
 

More from Bharath Rao (16)

Let the games begin - Insights into the Gaming Industry
Let the games begin - Insights into the Gaming IndustryLet the games begin - Insights into the Gaming Industry
Let the games begin - Insights into the Gaming Industry
 
Internal Controls for Indian Financial Reporting using COBIT 5 based Guidance
Internal Controls for Indian Financial Reporting using COBIT 5 based GuidanceInternal Controls for Indian Financial Reporting using COBIT 5 based Guidance
Internal Controls for Indian Financial Reporting using COBIT 5 based Guidance
 
Going global while being local
Going global while being localGoing global while being local
Going global while being local
 
The Next Gen Auditor - Auditing through technological disruptions
The Next Gen Auditor - Auditing through technological disruptionsThe Next Gen Auditor - Auditing through technological disruptions
The Next Gen Auditor - Auditing through technological disruptions
 
Big data, Machine learning and the Auditor
Big data, Machine learning and the AuditorBig data, Machine learning and the Auditor
Big data, Machine learning and the Auditor
 
Base Erosion and Profit Shifting
Base Erosion and Profit ShiftingBase Erosion and Profit Shifting
Base Erosion and Profit Shifting
 
Chartered Accountant going Global
Chartered Accountant going GlobalChartered Accountant going Global
Chartered Accountant going Global
 
Forex markets
Forex marketsForex markets
Forex markets
 
Big Data Analytics and a Chartered Accountant
Big Data Analytics and a Chartered AccountantBig Data Analytics and a Chartered Accountant
Big Data Analytics and a Chartered Accountant
 
Cloud Computing - Emerging Opportunities in the CA Profession
Cloud Computing - Emerging Opportunities in the CA ProfessionCloud Computing - Emerging Opportunities in the CA Profession
Cloud Computing - Emerging Opportunities in the CA Profession
 
Internal Controls over Indian Financial Reporting
Internal Controls over Indian Financial ReportingInternal Controls over Indian Financial Reporting
Internal Controls over Indian Financial Reporting
 
Big data - The next best thing
Big data - The next best thingBig data - The next best thing
Big data - The next best thing
 
Physical and logical access controls - A pre-requsite for Internal Controls
Physical and logical access controls - A pre-requsite for Internal ControlsPhysical and logical access controls - A pre-requsite for Internal Controls
Physical and logical access controls - A pre-requsite for Internal Controls
 
Standards of Auditing - Introduction and Application in the Indian Context
Standards of Auditing - Introduction and Application in the Indian ContextStandards of Auditing - Introduction and Application in the Indian Context
Standards of Auditing - Introduction and Application in the Indian Context
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information Security
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planning
 

Recently uploaded

TechnoXander Confirmation of Payee Product Pack 1.pdf
TechnoXander Confirmation of Payee Product Pack 1.pdfTechnoXander Confirmation of Payee Product Pack 1.pdf
TechnoXander Confirmation of Payee Product Pack 1.pdf
richardwellington119
 
The Rise and Fall of Ponzi Schemes in America.pptx
The Rise and Fall of Ponzi Schemes in America.pptxThe Rise and Fall of Ponzi Schemes in America.pptx
The Rise and Fall of Ponzi Schemes in America.pptx
Diana Rose
 
Seven Camp April 2024 Cohort Booklet.pdf
Seven Camp April 2024 Cohort Booklet.pdfSeven Camp April 2024 Cohort Booklet.pdf
Seven Camp April 2024 Cohort Booklet.pdf
FinTech Belgium
 
The state of welfare Resolution Foundation Event
The state of welfare Resolution Foundation EventThe state of welfare Resolution Foundation Event
The state of welfare Resolution Foundation Event
ResolutionFoundation
 
Singapore Event 2024 State of Play Slides
Singapore Event 2024 State of Play SlidesSingapore Event 2024 State of Play Slides
Singapore Event 2024 State of Play Slides
International Federation of Accountants
 
Singapore Event 2024 IPSASB Update Slides
Singapore Event 2024 IPSASB Update SlidesSingapore Event 2024 IPSASB Update Slides
Singapore Event 2024 IPSASB Update Slides
International Federation of Accountants
 
一比一原版宾夕法尼亚大学毕业证(UPenn毕业证书)学历如何办理
一比一原版宾夕法尼亚大学毕业证(UPenn毕业证书)学历如何办理一比一原版宾夕法尼亚大学毕业证(UPenn毕业证书)学历如何办理
一比一原版宾夕法尼亚大学毕业证(UPenn毕业证书)学历如何办理
vpqasyb
 
Budgeting as a Control Tool in Govt Accounting in Nigeria Prof Oyedokun.pptx
Budgeting as a Control Tool in Govt Accounting in Nigeria Prof Oyedokun.pptxBudgeting as a Control Tool in Govt Accounting in Nigeria Prof Oyedokun.pptx
Budgeting as a Control Tool in Govt Accounting in Nigeria Prof Oyedokun.pptx
Godwin Emmanuel Oyedokun MBA MSc PhD FCA FCTI FCNA CFE FFAR
 
真实可查(nwu毕业证书)美国西北大学毕业证学位证书范本原版一模一样
真实可查(nwu毕业证书)美国西北大学毕业证学位证书范本原版一模一样真实可查(nwu毕业证书)美国西北大学毕业证学位证书范本原版一模一样
真实可查(nwu毕业证书)美国西北大学毕业证学位证书范本原版一模一样
28xo7hf
 
Tdasx: Interpreting the 2024 Cryptocurrency Market Funding Trends and Technol...
Tdasx: Interpreting the 2024 Cryptocurrency Market Funding Trends and Technol...Tdasx: Interpreting the 2024 Cryptocurrency Market Funding Trends and Technol...
Tdasx: Interpreting the 2024 Cryptocurrency Market Funding Trends and Technol...
nimaruinazawa258
 
Navigating Your Financial Future: Comprehensive Planning with Mike Baumann
Navigating Your Financial Future: Comprehensive Planning with Mike BaumannNavigating Your Financial Future: Comprehensive Planning with Mike Baumann
Navigating Your Financial Future: Comprehensive Planning with Mike Baumann
mikebaumannfinancial
 
Ending stagnation: How to boost prosperity across Scotland
Ending stagnation: How to boost prosperity across ScotlandEnding stagnation: How to boost prosperity across Scotland
Ending stagnation: How to boost prosperity across Scotland
ResolutionFoundation
 
Tiểu luận: PURPOSE OF BUDGETING IN SME.docx
Tiểu luận: PURPOSE OF BUDGETING IN SME.docxTiểu luận: PURPOSE OF BUDGETING IN SME.docx
Tiểu luận: PURPOSE OF BUDGETING IN SME.docx
lamluanvan.net Viết thuê luận văn
 
How to Invest in Cryptocurrency for Beginners: A Complete Guide
How to Invest in Cryptocurrency for Beginners: A Complete GuideHow to Invest in Cryptocurrency for Beginners: A Complete Guide
How to Invest in Cryptocurrency for Beginners: A Complete Guide
Daniel
 
Chapter 25: Economic Growth Summary from Samuelson and Nordhaus
Chapter 25: Economic Growth Summary from Samuelson and NordhausChapter 25: Economic Growth Summary from Samuelson and Nordhaus
Chapter 25: Economic Growth Summary from Samuelson and Nordhaus
iraangeles4
 
Singapore 2024 Sustainability Reporting and Accountancy Education Slides
Singapore 2024 Sustainability Reporting and Accountancy Education SlidesSingapore 2024 Sustainability Reporting and Accountancy Education Slides
Singapore 2024 Sustainability Reporting and Accountancy Education Slides
International Federation of Accountants
 
China's Investment Leader - Dr. Alyce SU
China's Investment Leader - Dr. Alyce SUChina's Investment Leader - Dr. Alyce SU
China's Investment Leader - Dr. Alyce SU
msthrill
 
Calculation of compliance cost: Veterinary and sanitary control of aquatic bi...
Calculation of compliance cost: Veterinary and sanitary control of aquatic bi...Calculation of compliance cost: Veterinary and sanitary control of aquatic bi...
Calculation of compliance cost: Veterinary and sanitary control of aquatic bi...
Alexander Belyaev
 
Fabular Frames and the Four Ratio Problem
Fabular Frames and the Four Ratio ProblemFabular Frames and the Four Ratio Problem
Fabular Frames and the Four Ratio Problem
Majid Iqbal
 
PM pre reads for the product manager framework
PM pre reads for the product manager frameworkPM pre reads for the product manager framework
PM pre reads for the product manager framework
KishoreKatta6
 

Recently uploaded (20)

TechnoXander Confirmation of Payee Product Pack 1.pdf
TechnoXander Confirmation of Payee Product Pack 1.pdfTechnoXander Confirmation of Payee Product Pack 1.pdf
TechnoXander Confirmation of Payee Product Pack 1.pdf
 
The Rise and Fall of Ponzi Schemes in America.pptx
The Rise and Fall of Ponzi Schemes in America.pptxThe Rise and Fall of Ponzi Schemes in America.pptx
The Rise and Fall of Ponzi Schemes in America.pptx
 
Seven Camp April 2024 Cohort Booklet.pdf
Seven Camp April 2024 Cohort Booklet.pdfSeven Camp April 2024 Cohort Booklet.pdf
Seven Camp April 2024 Cohort Booklet.pdf
 
The state of welfare Resolution Foundation Event
The state of welfare Resolution Foundation EventThe state of welfare Resolution Foundation Event
The state of welfare Resolution Foundation Event
 
Singapore Event 2024 State of Play Slides
Singapore Event 2024 State of Play SlidesSingapore Event 2024 State of Play Slides
Singapore Event 2024 State of Play Slides
 
Singapore Event 2024 IPSASB Update Slides
Singapore Event 2024 IPSASB Update SlidesSingapore Event 2024 IPSASB Update Slides
Singapore Event 2024 IPSASB Update Slides
 
一比一原版宾夕法尼亚大学毕业证(UPenn毕业证书)学历如何办理
一比一原版宾夕法尼亚大学毕业证(UPenn毕业证书)学历如何办理一比一原版宾夕法尼亚大学毕业证(UPenn毕业证书)学历如何办理
一比一原版宾夕法尼亚大学毕业证(UPenn毕业证书)学历如何办理
 
Budgeting as a Control Tool in Govt Accounting in Nigeria Prof Oyedokun.pptx
Budgeting as a Control Tool in Govt Accounting in Nigeria Prof Oyedokun.pptxBudgeting as a Control Tool in Govt Accounting in Nigeria Prof Oyedokun.pptx
Budgeting as a Control Tool in Govt Accounting in Nigeria Prof Oyedokun.pptx
 
真实可查(nwu毕业证书)美国西北大学毕业证学位证书范本原版一模一样
真实可查(nwu毕业证书)美国西北大学毕业证学位证书范本原版一模一样真实可查(nwu毕业证书)美国西北大学毕业证学位证书范本原版一模一样
真实可查(nwu毕业证书)美国西北大学毕业证学位证书范本原版一模一样
 
Tdasx: Interpreting the 2024 Cryptocurrency Market Funding Trends and Technol...
Tdasx: Interpreting the 2024 Cryptocurrency Market Funding Trends and Technol...Tdasx: Interpreting the 2024 Cryptocurrency Market Funding Trends and Technol...
Tdasx: Interpreting the 2024 Cryptocurrency Market Funding Trends and Technol...
 
Navigating Your Financial Future: Comprehensive Planning with Mike Baumann
Navigating Your Financial Future: Comprehensive Planning with Mike BaumannNavigating Your Financial Future: Comprehensive Planning with Mike Baumann
Navigating Your Financial Future: Comprehensive Planning with Mike Baumann
 
Ending stagnation: How to boost prosperity across Scotland
Ending stagnation: How to boost prosperity across ScotlandEnding stagnation: How to boost prosperity across Scotland
Ending stagnation: How to boost prosperity across Scotland
 
Tiểu luận: PURPOSE OF BUDGETING IN SME.docx
Tiểu luận: PURPOSE OF BUDGETING IN SME.docxTiểu luận: PURPOSE OF BUDGETING IN SME.docx
Tiểu luận: PURPOSE OF BUDGETING IN SME.docx
 
How to Invest in Cryptocurrency for Beginners: A Complete Guide
How to Invest in Cryptocurrency for Beginners: A Complete GuideHow to Invest in Cryptocurrency for Beginners: A Complete Guide
How to Invest in Cryptocurrency for Beginners: A Complete Guide
 
Chapter 25: Economic Growth Summary from Samuelson and Nordhaus
Chapter 25: Economic Growth Summary from Samuelson and NordhausChapter 25: Economic Growth Summary from Samuelson and Nordhaus
Chapter 25: Economic Growth Summary from Samuelson and Nordhaus
 
Singapore 2024 Sustainability Reporting and Accountancy Education Slides
Singapore 2024 Sustainability Reporting and Accountancy Education SlidesSingapore 2024 Sustainability Reporting and Accountancy Education Slides
Singapore 2024 Sustainability Reporting and Accountancy Education Slides
 
China's Investment Leader - Dr. Alyce SU
China's Investment Leader - Dr. Alyce SUChina's Investment Leader - Dr. Alyce SU
China's Investment Leader - Dr. Alyce SU
 
Calculation of compliance cost: Veterinary and sanitary control of aquatic bi...
Calculation of compliance cost: Veterinary and sanitary control of aquatic bi...Calculation of compliance cost: Veterinary and sanitary control of aquatic bi...
Calculation of compliance cost: Veterinary and sanitary control of aquatic bi...
 
Fabular Frames and the Four Ratio Problem
Fabular Frames and the Four Ratio ProblemFabular Frames and the Four Ratio Problem
Fabular Frames and the Four Ratio Problem
 
PM pre reads for the product manager framework
PM pre reads for the product manager frameworkPM pre reads for the product manager framework
PM pre reads for the product manager framework
 

IS Audit and Internal Controls

Editor's Notes

  1. Control: It literally means Internal Controls that is present in an business environment. It can be IT Controls or non IT Controls.Design: It refers to the working part of the control which is a summary on paper/blue print. Basically a working model of the control on paper.Operation: Actual performance of the Control is assessed here.Risk: It is the rate at which there is a threat to the business which has arisen from a specific happening/non happening.Process: A set of tasks make a work flow. A set of work flows make a process. A process is controlled by a “Process owner” or “ Function head”. Eg. HR Process, Procurement Process
  2. Control Environment The control environment sets the tone of an organization, influencing the control consciousness of its people. It is the foundation for all other components of internal control, providing discipline and structure. Control environment factors include the integrity, ethical values and competence of the entity's people; management's philosophy and operating style; the way management assigns authority and responsibility, and organizes and develops its people; and the attention and direction provided by the board of directors. Risk Assessment Every entity faces a variety of risks from external and internal sources that must be assessed. A precondition to risk assessment is establishment of objectives, linked at different levels and internally consistent. Risk assessment is the identification and analysis of relevant risks to achievement of the objectives, forming a basis for determining how the risks should be managed. Because economic, industry, regulatory and operating conditions will continue to change, mechanisms are needed to identify and deal with the special risks associated with change. Control Activities Control activities are the policies and procedures that help ensure management directives are carried out. They help ensure that necessary actions are taken to address risks to achievement of the entity's objectives. Control activities occur throughout the organization, at all levels and in all functions. They include a range of activities as diverse as approvals, authorizations, verifications, reconciliations, reviews of operating performance, security of assets and segregation of duties. Information and Communication Pertinent information must be identified, captured and communicated in a form and timeframe that enable people to carry out their responsibilities. Information systems produce reports, containing operational, financial and compliance-related information, that make it possible to run and control the business. They deal not only with internally generated data, but also information about external events, activities and conditions necessary to informed business decision-making and external reporting. Effective communication also must occur in a broader sense, flowing down, across and up the organization. All personnel must receive a clear message from top management that control responsibilities must be taken seriously. They must understand their own role in the internal control system, as well as how individual activities relate to the work of others. They must have a means of communicating significant information upstream. There also needs to be effective communication with external parties, such as customers, suppliers, regulators and shareholders.Monitoring Internal control systems need to be monitored--a process that assesses the quality of the system's performance over time. This is accomplished through ongoing monitoring activities, separate evaluations or a combination of the two. Ongoing monitoring occurs in the course of operations. It includes regular management and supervisory activities, and other actions personnel take in performing their duties. The scope and frequency of separate evaluations will depend primarily on an assessment of risks and the effectiveness of ongoing monitoring procedures. Internal control deficiencies should be reported upstream, with serious matters reported to top management and the board.
  3. Examples of controls in the areas:Physical Access – Security Personnel, Physical Locks, Bio Metric LocksData Center – Biometric locks, Presence of server racks, Presence of AC, Fire ExtinguishersIS Security – Firewall, Antivirus, Anti Spyware, Timely Updataion of patches and updates of AV and other softwaresSDLC and CM – Documetned Process for procuring software. Documented Process of incorporating changes to the acquired software.Logical Controls – Disabling of USB Ports, Automatic screen lockBackup and Recovery – Daily Backup of data and environment (OS), Restoration Practice trialEnd User computing – Logging of user activity, Review