Scribd
Upload
14 views

CIS Environment

This document discusses auditing in computer information systems. It defines auditing and IT auditing, focusing on assessing proper implementation, operation, and control of computer resources to protect assets and ensure data integrity. It describes general controls that encompass organizational structures and safeguards for data, systems development, and program maintenance. It also describes application controls that provide assurance that specific systems like payroll or cash disbursements are processed correctly through input, validation, processing, and output controls. These controls help ensure accurate and authorized data entry, processing, and reporting.

Uploaded by

maraelvillamor
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
14 views

CIS Environment

This document discusses auditing in computer information systems. It defines auditing and IT auditing, focusing on assessing proper implementation, operation, and control of computer resources to protect assets and ensure data integrity. It describes general controls that encompass organizational structures and safeguards for data, systems development, and program maintenance. It also describes application controls that provide assurance that specific systems like payroll or cash disbursements are processed correctly through input, validation, processing, and output controls. These controls help ensure accurate and authorized data entry, processing, and reporting.

Uploaded by

maraelvillamor
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Auditing in Computer Information System Environment

Auditing
- Systematic process of objectively obtaining and evaluation of evidence regarding assertions
about economic actions and events to ascertain the degree of correspondence between those
assertions and established criteria and communicating the results to interested users

Information Technology (IT) Audit


- Focuses on computer-based aspects of an organization’s information system
- Includes assessing the proper implementation, operation, and control of computer resources
- Determine whether IT controls protect corporate assets, ensure data integrity and are aligned
with the business’s overall goals

Computer Controls
- General Controls
o Entity-wide concerns; such as:
▪ controls over the data center
▪ organization databases
▪ systems development
▪ program maintenance
o Often includes:
▪ controls over the development, modification, and maintenance of the computer
programs
▪ controls over the use of the changes of the data maintained on computer files
o Encompass organizational, operating, program development and documentation,
hardware and access controls
- Application Controls
o Programmed procedures designed to deal with potential exposures that threaten specific
applications; such as:
▪ Payroll
▪ Purchase
▪ Cash disbursements systems
o Should provide reasonable assurance that the recording, processing, and reporting of
data are properly performed
o Types:
▪ Input Controls
● Objective is to ensure that transactions processed are valid, accurate
and complete
● Source document controls – using physical source documents
● Data coding controls – checks on the integrity of data codes used in
processing
● Batch controls – method for handling high volumes of transaction data
● Input error correction – controls to make sure errors dealt with completely
and accurately
▪ Validation Controls
● Intended to detect errors in data before processing
● 3 Levels:
o Field interrogation – program procedures that examine the
characteristics of data in the field
▪ Common Types:
● Missing data check – blank spaces
● Numeric-alphabetic data check
● Limit checks – if something goes beyond
authorized limit (ex. credit limit)
● Validity check – compare values
o Record interrogation – validate the entire record by examining
the relationship of its field values
▪ Examples:
● Reasonable check – check if value in one field is
reasonable when considered along with other
fields
● Sign check – tests to see if the sign is correct
(positive, negative, debit, or credit)
o File interrogation
▪ Processing Controls
● Provide reasonable assurance that the processing has been performed
as intended for the particular application
● 3 Categories:
o Run-to-Run Control – use batch figures to monitor the batch as it
moves from one programmed procedure (run) to another
o Operator Intervention Controls – limit operator intervention
through operator intervention controls, thus less prone to
processing errors
o Audit Trail Controls
▪ Transaction logs
▪ Listing of automatic transactions
▪ Unique transaction identifiers
▪ Error listing
▪ Output Controls
● Examples:
o Output spooling or spooler controls – prevent access to spooled
output (i.e. to the results of processing that are temporarily
stored in an intermediate file rather than immediately printed)
o Print programs – designed to deal with:
▪ Production of unauthorized copies of output; and
▪ Employee browsing of sensitive data
o Bursting – primary control against these exposures is
supervision; may be performed by the end user
o Report distribution – reports should be distributed according to
distribution registers
o End user controls

You might also like