SlideShare a Scribd company logo
1 of 18
IS Audit and
Internal Controls
BHARATH RAO
Professional

Audit

CA
blog.bharathraob.com

•
•
•
•
•

Audit
Tax
Company Matters
Legal Complicances
Accounts

• Statutory Audit
• Internal Audit
• Tax Audit
(44AB, VAT etc)
• Special Audits

2
10/19/2013
•
•
•
•
•
•

IS Audit
Design of Access, Process Controls
Implementation of ERP
Implementation of GRC
Forensic Audit
Legal Compliances and Frameworks for IT Governance:
•
•
•
•
•
•

Sarbanes - Oxley Act 2002 – Section 302 and 404
Companies Act 2013 – Section 134 and 143
ISO 27001
ISO 27002
ISO 27031
COBIT 5/COSO Framework

More work more pay
blog.bharathraob.com

3
10/19/2013
Risk

Terms
blog.bharathraob.com

4
10/19/2013
It means policies framed by the
management in order to have stronger
and adequate control within the
organization, which can be checked by
the internal or stat auditor in order to
ensure that the goals and objectives are
duly met.

Internal Controls
blog.bharathraob.com

5
10/19/2013
Control
Environment

Risk
Assessment

Information
and
Communication

Control
Activities

Monitoring

Components of Internal
Controls
blog.bharathraob.com

6
10/19/2013
General
Controls

IS
Controls

Formula of Internal
Control
blog.bharathraob.com

Internal
Controls

7
10/19/2013
IS Controls

Application
Controls
IS Controls
blog.bharathraob.com

IT General
Controls
8
10/19/2013
Maintaining Confidentiality
Preserving Integrity

Ensuring Availability

Objective of IS Controls
blog.bharathraob.com

9
10/19/2013
Application software is the software that processes
business transactions.

The application software could be a payroll system, a
retail banking system, an inventory system, a billing
system or, possibly, an integrated ERP.
Controls, which relate to the business applications
thereby leading to judicial use of the application and are
enforced through the application itself to the end user.

Applications Controls
blog.bharathraob.com

10
10/19/2013
•
•
•
•
•
•
•

General Ledger
Fixed Assets
Inventory Control
Sales
Manufacturing Resource Planning (MRP)
Human Resources
And, everyone’s favorite – Payroll…

Examples of Applications
blog.bharathraob.com

11
10/19/2013
Input
Controls

Processing
Controls

Output
Controls

Integrity
Controls

Management
Trail

Data
Checks
and
Validation
s

Duplicate
Checks,
File
Identificati
ons and
validations

Update
Authorizat
ion

Data
Encryptio
n, Input
Validation

Snapshots,
Time
Stamps

Types of Application
Controls
blog.bharathraob.com

12
10/19/2013
ITGCs may also be referred to as General Computer
Controls which are defined as: Controls, other than
application controls, which relate to the environment within
which computer-based application systems are developed,
maintained and operated, and which are therefore applicable
to all applications.

These are policies and procedures that relate to many
applications and support the effective functioning of
application controls by helping to ensure the continued
proper operation of information systems.

General Controls
blog.bharathraob.com

13
10/19/2013
Physical Access

Data Center

IS Security

SDLC and
Change
Management
(CM)

Logical Controls

Backup and
Recovery

End User
Computing

Areas of IT General
controls
blog.bharathraob.com

14
10/19/2013
Checking the
Documentation of
Policies, Processes

Reviewing Logs
that are generated
by applications

Understanding the
solutions that are
present other than
business
applications and
their role

The IS audit
blog.bharathraob.com

Testing and
gathering of
evidences based
on Sampling

• Screen
shots, Photos,
Email
Conversations,
Scans

15
10/19/2013
• Link

RCM – Risk control matrix
blog.bharathraob.com

16
10/19/2013
Suggested Sample Size
Frequency of Performance

Number of Items to Test per
Annual

Number of Items to Test per
Quarter

Manual General Controls

Many times per day

25

6-7

Manual General Controls

Daily

20

5

Manual General Controls

Weekly

10

2-3

Manual General Controls

Monthly

3

1

Manual General Controls

Quarterly

2

0-1

Manual General Controls

Annually

1

Nature of Control

Programmed General Controls

Test one instance of each programmed control activity.

Sampling
blog.bharathraob.com

17
10/19/2013
• BHARATH RAO B
• +91 96113 19421 | bharath@bharathraob.com
• www.bharathraob.com
blog.bharathraob.com
/bharathraob

Thank you
blog.bharathraob.com

18
10/19/2013

More Related Content

What's hot

ISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedureISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedure
Uppala Anand
 
Risk Assessment For Internal Auditors
Risk Assessment For Internal AuditorsRisk Assessment For Internal Auditors
Risk Assessment For Internal Auditors
minkhollow
 
Internal Control & Risk Management Framework
Internal Control & Risk Management FrameworkInternal Control & Risk Management Framework
Internal Control & Risk Management Framework
Treasury Consulting LLP
 
Governance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionGovernance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management Solution
Rishabh Software
 

What's hot (20)

Cisa domain 1
Cisa domain 1 Cisa domain 1
Cisa domain 1
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
 
IT General Controls
IT General ControlsIT General Controls
IT General Controls
 
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMSCISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
 
ISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedureISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedure
 
Internal Audit And Internal Control Presentation Leo Wachira
Internal Audit And Internal Control Presentation   Leo WachiraInternal Audit And Internal Control Presentation   Leo Wachira
Internal Audit And Internal Control Presentation Leo Wachira
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit Club
 
CISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | InfosectrainCISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | Infosectrain
 
Risk Assessment For Internal Auditors
Risk Assessment For Internal AuditorsRisk Assessment For Internal Auditors
Risk Assessment For Internal Auditors
 
IT Control Objectives for SOX
IT Control Objectives for SOXIT Control Objectives for SOX
IT Control Objectives for SOX
 
Internal Control & Risk Management Framework
Internal Control & Risk Management FrameworkInternal Control & Risk Management Framework
Internal Control & Risk Management Framework
 
CISA Training - Chapter 1 - 2016
CISA Training - Chapter 1 - 2016CISA Training - Chapter 1 - 2016
CISA Training - Chapter 1 - 2016
 
ISO_ 27001:2022 Controls & Clauses.pptx
ISO_ 27001:2022 Controls & Clauses.pptxISO_ 27001:2022 Controls & Clauses.pptx
ISO_ 27001:2022 Controls & Clauses.pptx
 
SOX- IT Perspective
SOX- IT PerspectiveSOX- IT Perspective
SOX- IT Perspective
 
Governance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionGovernance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management Solution
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
 
What is iso iec 20000
What is iso iec 20000What is iso iec 20000
What is iso iec 20000
 
Internal auditing for “one & all” (second edition)
Internal auditing for “one & all” (second edition)Internal auditing for “one & all” (second edition)
Internal auditing for “one & all” (second edition)
 
Risk based internal auditing
 Risk based internal auditing Risk based internal auditing
Risk based internal auditing
 
Auditing SOX ITGC Compliance
Auditing SOX ITGC ComplianceAuditing SOX ITGC Compliance
Auditing SOX ITGC Compliance
 

Viewers also liked

El-Paso SOX TestingTraining- June 2007
El-Paso SOX TestingTraining- June 2007El-Paso SOX TestingTraining- June 2007
El-Paso SOX TestingTraining- June 2007
Danial Khan
 
ICPAS Breakfast Talk Series - Maximising IT Audit 13 Mar 2013
ICPAS Breakfast Talk Series - Maximising IT Audit 13 Mar 2013ICPAS Breakfast Talk Series - Maximising IT Audit 13 Mar 2013
ICPAS Breakfast Talk Series - Maximising IT Audit 13 Mar 2013
Barun Kumar
 
Iso27001 Audit Services
Iso27001   Audit ServicesIso27001   Audit Services
Iso27001 Audit Services
tschraider
 
CIS Audit Lecture # 1
CIS Audit Lecture # 1CIS Audit Lecture # 1
CIS Audit Lecture # 1
Cheng Olayvar
 
Iso27001 Approach
Iso27001   ApproachIso27001   Approach
Iso27001 Approach
tschraider
 

Viewers also liked (20)

Life of the software - SDLC
Life of the software - SDLCLife of the software - SDLC
Life of the software - SDLC
 
El-Paso SOX TestingTraining- June 2007
El-Paso SOX TestingTraining- June 2007El-Paso SOX TestingTraining- June 2007
El-Paso SOX TestingTraining- June 2007
 
ICPAS Breakfast Talk Series - Maximising IT Audit 13 Mar 2013
ICPAS Breakfast Talk Series - Maximising IT Audit 13 Mar 2013ICPAS Breakfast Talk Series - Maximising IT Audit 13 Mar 2013
ICPAS Breakfast Talk Series - Maximising IT Audit 13 Mar 2013
 
Grc 10 eam
Grc 10   eam Grc 10   eam
Grc 10 eam
 
Internal Controls over Financial Reporting in the Indian Context
Internal Controls over Financial Reporting in the Indian Context Internal Controls over Financial Reporting in the Indian Context
Internal Controls over Financial Reporting in the Indian Context
 
Financial Management for Business Associations
Financial Management for Business AssociationsFinancial Management for Business Associations
Financial Management for Business Associations
 
CISSPills #3.02
CISSPills #3.02CISSPills #3.02
CISSPills #3.02
 
AIS Lecture 1
AIS Lecture 1AIS Lecture 1
AIS Lecture 1
 
The Importance of Internal Controls in Fraud Prevention
The Importance of Internal Controls in Fraud Prevention The Importance of Internal Controls in Fraud Prevention
The Importance of Internal Controls in Fraud Prevention
 
Metodology Risk Assessment ISMS
Metodology Risk Assessment ISMSMetodology Risk Assessment ISMS
Metodology Risk Assessment ISMS
 
Iso27001 Audit Services
Iso27001   Audit ServicesIso27001   Audit Services
Iso27001 Audit Services
 
Why ISO-27001 is a better choice?
Why ISO-27001 is a better choice? Why ISO-27001 is a better choice?
Why ISO-27001 is a better choice?
 
CIS Audit Lecture # 1
CIS Audit Lecture # 1CIS Audit Lecture # 1
CIS Audit Lecture # 1
 
Rothke Patchlink
Rothke    PatchlinkRothke    Patchlink
Rothke Patchlink
 
Iso27001 Approach
Iso27001   ApproachIso27001   Approach
Iso27001 Approach
 
Improving and Implementing Internal Controls
Improving and Implementing Internal ControlsImproving and Implementing Internal Controls
Improving and Implementing Internal Controls
 
Social Engineering Audit & Security Awareness
Social Engineering Audit & Security AwarenessSocial Engineering Audit & Security Awareness
Social Engineering Audit & Security Awareness
 
Security and Audit Report Sign-Off—Made Easy
Security and Audit Report Sign-Off—Made EasySecurity and Audit Report Sign-Off—Made Easy
Security and Audit Report Sign-Off—Made Easy
 
Securing your presence at the perimeter
Securing your presence at the perimeterSecuring your presence at the perimeter
Securing your presence at the perimeter
 
ISCA-CA Final
ISCA-CA FinalISCA-CA Final
ISCA-CA Final
 

Similar to IS Audit and Internal Controls

3 2006 06 cs6 4 gait principles v3a
3 2006 06 cs6 4 gait principles v3a3 2006 06 cs6 4 gait principles v3a
3 2006 06 cs6 4 gait principles v3a
Gene Kim
 
The Proposed Business Process Changes For The System In Riordan .docx
The Proposed Business Process Changes For The System In Riordan .docxThe Proposed Business Process Changes For The System In Riordan .docx
The Proposed Business Process Changes For The System In Riordan .docx
ssusera34210
 
Info Security & PCI(original)
Info Security & PCI(original)Info Security & PCI(original)
Info Security & PCI(original)
NCTechSymposium
 
Overview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptxOverview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptx
JoshJaro
 
Information Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your BusinessInformation Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your Business
Laura Perry
 
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
LynellBull52
 

Similar to IS Audit and Internal Controls (20)

James hall ch 15
James hall ch 15James hall ch 15
James hall ch 15
 
Cisa 2013 ch4
Cisa 2013 ch4Cisa 2013 ch4
Cisa 2013 ch4
 
Sample audit plan
Sample audit planSample audit plan
Sample audit plan
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security Audit
 
Information systems and its components iii
Information systems and its components   iiiInformation systems and its components   iii
Information systems and its components iii
 
gray_audit_presentation.ppt
gray_audit_presentation.pptgray_audit_presentation.ppt
gray_audit_presentation.ppt
 
3 2006 06 cs6 4 gait principles v3a
3 2006 06 cs6 4 gait principles v3a3 2006 06 cs6 4 gait principles v3a
3 2006 06 cs6 4 gait principles v3a
 
The Proposed Business Process Changes For The System In Riordan .docx
The Proposed Business Process Changes For The System In Riordan .docxThe Proposed Business Process Changes For The System In Riordan .docx
The Proposed Business Process Changes For The System In Riordan .docx
 
Info Security & PCI(original)
Info Security & PCI(original)Info Security & PCI(original)
Info Security & PCI(original)
 
FulcrumWay GRC Solutions
FulcrumWay GRC SolutionsFulcrumWay GRC Solutions
FulcrumWay GRC Solutions
 
Security audit
Security auditSecurity audit
Security audit
 
Control and Audit Information System
Control and Audit Information SystemControl and Audit Information System
Control and Audit Information System
 
Overview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptxOverview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptx
 
Information Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your BusinessInformation Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your Business
 
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
 
Government and SOX Compliance for ERP Systems
Government and SOX Compliance for ERP SystemsGovernment and SOX Compliance for ERP Systems
Government and SOX Compliance for ERP Systems
 
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
 
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
 
CONTROL AND AUDIT
CONTROL AND AUDITCONTROL AND AUDIT
CONTROL AND AUDIT
 
audit_it_250759.pdf
audit_it_250759.pdfaudit_it_250759.pdf
audit_it_250759.pdf
 

More from Bharath Rao

More from Bharath Rao (17)

Let the games begin - Insights into the Gaming Industry
Let the games begin - Insights into the Gaming IndustryLet the games begin - Insights into the Gaming Industry
Let the games begin - Insights into the Gaming Industry
 
Internal Controls for Indian Financial Reporting using COBIT 5 based Guidance
Internal Controls for Indian Financial Reporting using COBIT 5 based GuidanceInternal Controls for Indian Financial Reporting using COBIT 5 based Guidance
Internal Controls for Indian Financial Reporting using COBIT 5 based Guidance
 
Going global while being local
Going global while being localGoing global while being local
Going global while being local
 
The Next Gen Auditor - Auditing through technological disruptions
The Next Gen Auditor - Auditing through technological disruptionsThe Next Gen Auditor - Auditing through technological disruptions
The Next Gen Auditor - Auditing through technological disruptions
 
Big data, Machine learning and the Auditor
Big data, Machine learning and the AuditorBig data, Machine learning and the Auditor
Big data, Machine learning and the Auditor
 
Base Erosion and Profit Shifting
Base Erosion and Profit ShiftingBase Erosion and Profit Shifting
Base Erosion and Profit Shifting
 
Chartered Accountant going Global
Chartered Accountant going GlobalChartered Accountant going Global
Chartered Accountant going Global
 
Forex markets
Forex marketsForex markets
Forex markets
 
Big Data Analytics and a Chartered Accountant
Big Data Analytics and a Chartered AccountantBig Data Analytics and a Chartered Accountant
Big Data Analytics and a Chartered Accountant
 
IS Audits and Internal Controls
IS Audits and Internal ControlsIS Audits and Internal Controls
IS Audits and Internal Controls
 
Cloud Computing - Emerging Opportunities in the CA Profession
Cloud Computing - Emerging Opportunities in the CA ProfessionCloud Computing - Emerging Opportunities in the CA Profession
Cloud Computing - Emerging Opportunities in the CA Profession
 
Internal Controls over Indian Financial Reporting
Internal Controls over Indian Financial ReportingInternal Controls over Indian Financial Reporting
Internal Controls over Indian Financial Reporting
 
Big data - The next best thing
Big data - The next best thingBig data - The next best thing
Big data - The next best thing
 
Physical and logical access controls - A pre-requsite for Internal Controls
Physical and logical access controls - A pre-requsite for Internal ControlsPhysical and logical access controls - A pre-requsite for Internal Controls
Physical and logical access controls - A pre-requsite for Internal Controls
 
Standards of Auditing - Introduction and Application in the Indian Context
Standards of Auditing - Introduction and Application in the Indian ContextStandards of Auditing - Introduction and Application in the Indian Context
Standards of Auditing - Introduction and Application in the Indian Context
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information Security
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planning
 

Recently uploaded

SAUDI ARABIYA | +966572737505 |Jeddah Get Cytotec pills for Abortion pills
SAUDI ARABIYA | +966572737505 |Jeddah Get Cytotec pills for Abortion pillsSAUDI ARABIYA | +966572737505 |Jeddah Get Cytotec pills for Abortion pills
SAUDI ARABIYA | +966572737505 |Jeddah Get Cytotec pills for Abortion pills
Abortion pills in Riyadh +966572737505 get cytotec
 
一比一原版(UMich毕业证书)密歇根大学安娜堡分校毕业证成绩单学位证书
一比一原版(UMich毕业证书)密歇根大学安娜堡分校毕业证成绩单学位证书一比一原版(UMich毕业证书)密歇根大学安娜堡分校毕业证成绩单学位证书
一比一原版(UMich毕业证书)密歇根大学安娜堡分校毕业证成绩单学位证书
atedyxc
 
一比一原版(UCSB毕业证书)圣塔芭芭拉社区大学毕业证成绩单学位证书
一比一原版(UCSB毕业证书)圣塔芭芭拉社区大学毕业证成绩单学位证书一比一原版(UCSB毕业证书)圣塔芭芭拉社区大学毕业证成绩单学位证书
一比一原版(UCSB毕业证书)圣塔芭芭拉社区大学毕业证成绩单学位证书
atedyxc
 
NO1 Best kala jadu karne wale ka contact number kala jadu karne wale baba kal...
NO1 Best kala jadu karne wale ka contact number kala jadu karne wale baba kal...NO1 Best kala jadu karne wale ka contact number kala jadu karne wale baba kal...
NO1 Best kala jadu karne wale ka contact number kala jadu karne wale baba kal...
Amil baba
 
State Space Tutorial.pptxjjjjjjjjjjjjjjj
State Space Tutorial.pptxjjjjjjjjjjjjjjjState Space Tutorial.pptxjjjjjjjjjjjjjjj
State Space Tutorial.pptxjjjjjjjjjjjjjjj
joshuaclack73
 
一比一原版(Caltech毕业证书)加利福尼亚理工学院毕业证成绩单学位证书
一比一原版(Caltech毕业证书)加利福尼亚理工学院毕业证成绩单学位证书一比一原版(Caltech毕业证书)加利福尼亚理工学院毕业证成绩单学位证书
一比一原版(Caltech毕业证书)加利福尼亚理工学院毕业证成绩单学位证书
atedyxc
 
Financial Accounting and Analysis balancesheet.pdf
Financial Accounting and Analysis balancesheet.pdfFinancial Accounting and Analysis balancesheet.pdf
Financial Accounting and Analysis balancesheet.pdf
mukul381940
 
DSP Gold ETF Fund of Fund PPT - April'2024
DSP Gold ETF Fund of Fund PPT - April'2024DSP Gold ETF Fund of Fund PPT - April'2024
DSP Gold ETF Fund of Fund PPT - April'2024
DSP Mutual Fund
 
一比一原版(BU毕业证书)波士顿大学毕业证成绩单学位证书
一比一原版(BU毕业证书)波士顿大学毕业证成绩单学位证书一比一原版(BU毕业证书)波士顿大学毕业证成绩单学位证书
一比一原版(BU毕业证书)波士顿大学毕业证成绩单学位证书
atedyxc
 

Recently uploaded (20)

Economic Risk Factor Update: May 2024 [SlideShare]
Economic Risk Factor Update: May 2024 [SlideShare]Economic Risk Factor Update: May 2024 [SlideShare]
Economic Risk Factor Update: May 2024 [SlideShare]
 
Big developments in Lesotho Butha-Buthe.
Big developments in Lesotho Butha-Buthe.Big developments in Lesotho Butha-Buthe.
Big developments in Lesotho Butha-Buthe.
 
The Pfandbrief Roundtable 2024 - Covered Bonds
The Pfandbrief Roundtable 2024 - Covered BondsThe Pfandbrief Roundtable 2024 - Covered Bonds
The Pfandbrief Roundtable 2024 - Covered Bonds
 
Managing personal finances wisely for financial stability and
Managing personal finances wisely for financial stability  andManaging personal finances wisely for financial stability  and
Managing personal finances wisely for financial stability and
 
SAUDI ARABIYA | +966572737505 |Jeddah Get Cytotec pills for Abortion pills
SAUDI ARABIYA | +966572737505 |Jeddah Get Cytotec pills for Abortion pillsSAUDI ARABIYA | +966572737505 |Jeddah Get Cytotec pills for Abortion pills
SAUDI ARABIYA | +966572737505 |Jeddah Get Cytotec pills for Abortion pills
 
project ratio analysis of bcom studies .
project ratio analysis of bcom studies .project ratio analysis of bcom studies .
project ratio analysis of bcom studies .
 
一比一原版(UMich毕业证书)密歇根大学安娜堡分校毕业证成绩单学位证书
一比一原版(UMich毕业证书)密歇根大学安娜堡分校毕业证成绩单学位证书一比一原版(UMich毕业证书)密歇根大学安娜堡分校毕业证成绩单学位证书
一比一原版(UMich毕业证书)密歇根大学安娜堡分校毕业证成绩单学位证书
 
Retail sector trends for 2024 | European Business Review
Retail sector trends for 2024  | European Business ReviewRetail sector trends for 2024  | European Business Review
Retail sector trends for 2024 | European Business Review
 
一比一原版(UCSB毕业证书)圣塔芭芭拉社区大学毕业证成绩单学位证书
一比一原版(UCSB毕业证书)圣塔芭芭拉社区大学毕业证成绩单学位证书一比一原版(UCSB毕业证书)圣塔芭芭拉社区大学毕业证成绩单学位证书
一比一原版(UCSB毕业证书)圣塔芭芭拉社区大学毕业证成绩单学位证书
 
NO1 Best kala jadu karne wale ka contact number kala jadu karne wale baba kal...
NO1 Best kala jadu karne wale ka contact number kala jadu karne wale baba kal...NO1 Best kala jadu karne wale ka contact number kala jadu karne wale baba kal...
NO1 Best kala jadu karne wale ka contact number kala jadu karne wale baba kal...
 
ACC311_Corporate Income Taxation in the Philippines
ACC311_Corporate Income Taxation  in the PhilippinesACC311_Corporate Income Taxation  in the Philippines
ACC311_Corporate Income Taxation in the Philippines
 
Diversification in Investment Portfolio.pdf
Diversification in Investment Portfolio.pdfDiversification in Investment Portfolio.pdf
Diversification in Investment Portfolio.pdf
 
State Space Tutorial.pptxjjjjjjjjjjjjjjj
State Space Tutorial.pptxjjjjjjjjjjjjjjjState Space Tutorial.pptxjjjjjjjjjjjjjjj
State Space Tutorial.pptxjjjjjjjjjjjjjjj
 
一比一原版(Caltech毕业证书)加利福尼亚理工学院毕业证成绩单学位证书
一比一原版(Caltech毕业证书)加利福尼亚理工学院毕业证成绩单学位证书一比一原版(Caltech毕业证书)加利福尼亚理工学院毕业证成绩单学位证书
一比一原版(Caltech毕业证书)加利福尼亚理工学院毕业证成绩单学位证书
 
How do I sell my Pi Network currency in 2024?
How do I sell my Pi Network currency in 2024?How do I sell my Pi Network currency in 2024?
How do I sell my Pi Network currency in 2024?
 
Financial Accounting and Analysis balancesheet.pdf
Financial Accounting and Analysis balancesheet.pdfFinancial Accounting and Analysis balancesheet.pdf
Financial Accounting and Analysis balancesheet.pdf
 
DSP Gold ETF Fund of Fund PPT - April'2024
DSP Gold ETF Fund of Fund PPT - April'2024DSP Gold ETF Fund of Fund PPT - April'2024
DSP Gold ETF Fund of Fund PPT - April'2024
 
20240514-Calibre-Q1-2024-Conference-Call-Presentation.pdf
20240514-Calibre-Q1-2024-Conference-Call-Presentation.pdf20240514-Calibre-Q1-2024-Conference-Call-Presentation.pdf
20240514-Calibre-Q1-2024-Conference-Call-Presentation.pdf
 
一比一原版(BU毕业证书)波士顿大学毕业证成绩单学位证书
一比一原版(BU毕业证书)波士顿大学毕业证成绩单学位证书一比一原版(BU毕业证书)波士顿大学毕业证成绩单学位证书
一比一原版(BU毕业证书)波士顿大学毕业证成绩单学位证书
 
Pitch-deck CopyFinancial and MemberForex.ppsx
Pitch-deck CopyFinancial and MemberForex.ppsxPitch-deck CopyFinancial and MemberForex.ppsx
Pitch-deck CopyFinancial and MemberForex.ppsx
 

IS Audit and Internal Controls

Editor's Notes

  1. Control: It literally means Internal Controls that is present in an business environment. It can be IT Controls or non IT Controls.Design: It refers to the working part of the control which is a summary on paper/blue print. Basically a working model of the control on paper.Operation: Actual performance of the Control is assessed here.Risk: It is the rate at which there is a threat to the business which has arisen from a specific happening/non happening.Process: A set of tasks make a work flow. A set of work flows make a process. A process is controlled by a “Process owner” or “ Function head”. Eg. HR Process, Procurement Process
  2. Control Environment The control environment sets the tone of an organization, influencing the control consciousness of its people. It is the foundation for all other components of internal control, providing discipline and structure. Control environment factors include the integrity, ethical values and competence of the entity's people; management's philosophy and operating style; the way management assigns authority and responsibility, and organizes and develops its people; and the attention and direction provided by the board of directors. Risk Assessment Every entity faces a variety of risks from external and internal sources that must be assessed. A precondition to risk assessment is establishment of objectives, linked at different levels and internally consistent. Risk assessment is the identification and analysis of relevant risks to achievement of the objectives, forming a basis for determining how the risks should be managed. Because economic, industry, regulatory and operating conditions will continue to change, mechanisms are needed to identify and deal with the special risks associated with change. Control Activities Control activities are the policies and procedures that help ensure management directives are carried out. They help ensure that necessary actions are taken to address risks to achievement of the entity's objectives. Control activities occur throughout the organization, at all levels and in all functions. They include a range of activities as diverse as approvals, authorizations, verifications, reconciliations, reviews of operating performance, security of assets and segregation of duties. Information and Communication Pertinent information must be identified, captured and communicated in a form and timeframe that enable people to carry out their responsibilities. Information systems produce reports, containing operational, financial and compliance-related information, that make it possible to run and control the business. They deal not only with internally generated data, but also information about external events, activities and conditions necessary to informed business decision-making and external reporting. Effective communication also must occur in a broader sense, flowing down, across and up the organization. All personnel must receive a clear message from top management that control responsibilities must be taken seriously. They must understand their own role in the internal control system, as well as how individual activities relate to the work of others. They must have a means of communicating significant information upstream. There also needs to be effective communication with external parties, such as customers, suppliers, regulators and shareholders.Monitoring Internal control systems need to be monitored--a process that assesses the quality of the system's performance over time. This is accomplished through ongoing monitoring activities, separate evaluations or a combination of the two. Ongoing monitoring occurs in the course of operations. It includes regular management and supervisory activities, and other actions personnel take in performing their duties. The scope and frequency of separate evaluations will depend primarily on an assessment of risks and the effectiveness of ongoing monitoring procedures. Internal control deficiencies should be reported upstream, with serious matters reported to top management and the board.
  3. Examples of controls in the areas:Physical Access – Security Personnel, Physical Locks, Bio Metric LocksData Center – Biometric locks, Presence of server racks, Presence of AC, Fire ExtinguishersIS Security – Firewall, Antivirus, Anti Spyware, Timely Updataion of patches and updates of AV and other softwaresSDLC and CM – Documetned Process for procuring software. Documented Process of incorporating changes to the acquired software.Logical Controls – Disabling of USB Ports, Automatic screen lockBackup and Recovery – Daily Backup of data and environment (OS), Restoration Practice trialEnd User computing – Logging of user activity, Review