Reasons Why Computers Can Cause Control Problems
|
|
- Sherilyn Hardy
- 7 years ago
- Views:
Transcription
1 Core Concepts of ACCOUNTING INFORMATION SYSTEMS Moscove, Simkin & Bagranoff Chapter 5 Computer Controls for Accounting Information Systems Developed by: S. Bhattacharya, Ph.D. Florida Atlantic University John Wiley & Sons, Inc. Introduction Security and Controls for Technology Security and General Controls for Organizations Security and Application Controls for Transaction Processing Database Controls Controls in the Information Age Reasons Why Computers Can Cause Control Problems Effects or errors may be magnified. Inadequate separation of duties because of decreased manual involvement Audit trails may be reduced, eliminated, or exist only for a brief time. Changes to data and programs may be made by individuals lacking knowledge. More individuals may have access to accounting data. Accounting data stored in computer-based systems are oriented to characteristics of magnetic or optical media. Security and Controls for Technology Security for wireless technology VPNs Data encryption Controls for hard-wired network systems Security and controls for microcomputers Risks unique to the micro environment Controls for microcomputers Risks Unique to Micro Environment Control Procedures for Microcomputers Hardware -microcomputers can be easily stolen or destroyed Data and software -easy to access, modify, copy or destroy; therefore, are difficult to control. Take inventory Keyboard locks Lock laptops in cabinets Software protection procedures Back-up files Lock office doors
2 Additional Controls for Laptops Identify your laptop Use nonbreakable cables to attach laptops to stationary furniture Load antivirus software Keep laptop information backed up Computer Control Procedures Computer controls are frequently classified into two categories: General controls ensure that a company s control environment is stable and well managed in order to strengthen the effectiveness of application controls. Application controls are designed to prevent, detect, and correct errors and irregularities in transactions as they flow through the input, processing, and output stages of data processing. Objectives of Controls over the Data Processing Function To provide reasonable assurance that: development of, and changes to, computer programs are authorized, tested and approved prior to their usage. access to data files is restricted to authorized users and programs. These objectives are referred to as general computer control objectives. Risks that Control Procedures Seek to Reduce Control procedures are aimed at reducing financial risk, the chance that financial statements are misstated. Controls also seek to reduce business risk, the risk that the viability of the business is impacted by lack of control. Backup Contingency Planning All companies should backup their vital documents, files and programs. Grandfather-parent-child procedure is used during batch processing. Through electronic vaulting, data on backup tapes can be electronically transmitted to remote sites. An uninterruptible power system (UPS) is an auxiliary power supply that can prevent the loss of data due to momentary surges or dips in power. Contingency planning includes the development of a formal disaster recovery plan. This plan describes procedures to be followed in the case of an emergency as well as the role of each member of the disaster recovery team. The goal is to recover processing capability as soon as possible. A disaster recovery site can either be a hot site or cold site.
3 General Controls within IT Environments Personnel Controls - Separation of Duties Personnel Controls File Security Controls Fault-Tolerant Systems, Backup, Contingency Planning Computer Facility Controls Access to Computer Files and Separation of duties, which separates incompatible functions, is a central control objective when designing a system. In IT environments separation of duties should include: separating accounting and information processing subsystems from other subsystems separate responsibilities within the IT environment More Personnel Controls File Security Controls Companies use separate computer accounts that are assigned to users on either a group or individual basis. Passwords are checked against a master list. Call-back procedures restrict access from remote terminals. An informal knowledge of employees and their activities can be an important clue for the detection of fraud. The purpose of file security controls is to protect computer files from either accidental or intentional abuse. Examples: External file labels Internal file labels Lock-out procedures File protection rings Read-only file designations Computer Facility Controls Access to Computer Files Locate the Data Processing Center in a safe place. Limit employee access. Buy insurance. Password codes and biometric identifications restrict logical access to data. Biometric identification devices identify distinctive user physical characteristics such as voice patterns, fingerprints and retina prints.
4 Input Controls Processing Controls Input controls attempt to ensure the validity, accuracy and completeness of the data entered into an AIS. The categories of input controls include 1. data observation and recording 2. data transcription 3. edit tests 4. additional input controls Processing controls focus on the manipulation of accounting data after they are input to the computer system. Two kinds: 1. Data-access controls 2. Data manipulation controls Output Controls The objective of output controls is to assure the output s validity, accuracy and completeness. Activity (or proof) listings provide complete, detailed information about all changes to master files. Forms control is vital for forms associated with check-writing. Prenumbered forms are the most common type of control utilized with computer-generated checkwriting procedures. Shred sensitive documents Application Controls within IT Environments Application controls pertain directly to the transaction processing systems. The objectives of application controls are to prevent, detect and correct errors and irregularities in transactions that are processed in an IT environment. Application controls are subdivided into input, processing and output controls. Data Observation and Recording Controls Feedback mechanism Dual observation Point-of-sale (POS) devices Preprinted recording forms Data Transcription Data transcription refers to the preparation of data for computerized processing. Preformatted screens that use masks are an important control procedure.
5 Edit Tests Examples of Edit Tests Input validation routines (edit programs) check the validity and accuracy of input data after the data have been entered and recorded on a machinereadable file. Edit tests examine selected fields of input data and reject those transactions whose data fields do not meet the pre-established standards of data quality. Real-time systems use edit checks during dataentry. Tests for: Numeric field Alphabetic field Alphanumeric field Valid code Reasonableness Sign Completeness Sequence Consistency Data-Access Control Totals Data Manipulation Controls Batch control total Financial control total Nonfinancial control total Hash total Record count Once data has been validated by earlier portions of data processing, they usually must be manipulated in some way to produce useful output. Data manipulation controls include: Software documentation Compiler Test Data System testing Database Controls Database management software Layered passwords Complete documentation including data dictionary Database administrator Security modules Authorization and approval of all significant modifications to software Changes made by authorized individuals Controls for Computer Network Systems Data encryption minimizes the risk of unauthorized access to data through electronic eavesdropping. A checkpoint should be established to facilitate recovery from a system failure. Routing verification procedures help to ensure that no transactions or messages are routed to the wrong computer network system address. Message acknowledgement procedures are useful in preventing the loss of part or all of a transaction or message on a computer network system.
6 Copyright Chapter 5 Copyright 2005 John Wiley & Sons, Inc. All rights reserved. Reproduction or translation of this work beyond that permitted in Section 117 of the 1976 United States Copyright Act without the express written permission of the copyright owner is unlawful. Request for further information should be addressed to the Permissions Department, John Wiley & Sons, Inc. The purchaser may make backup copies for his/her own use only and not for distribution or resale. The Publisher assumes no responsibility for errors, omissions, or damages, caused by the use of these programs or from the use of the information contained herein.
Why Documentation Is Important. Documentation of Systems. Document Flowcharts. Types of Documentation
Core Concepts of ACCOUNTING INFORMATION SYSTEMS Moscove, Simkin & Bagranoff Chapter 2 Documenting Accounting Information Systems Developed by: S. Bhattacharya, Ph.D. Florida Atlantic University Introduction
More informationAbout Me. Background of you. Let s Get Started. Chapter Quotation. Chapter 1 Accounting Information Systems and the Accountant
Core Concepts of ACCOUNTING INFORMATION SYSTEMS Moscove, Simkin & Bagranoff 1 About Me 2 Developed by: S. Bhattacharya, Ph.D. Florida Atlantic University John Wiley & Sons, Inc. Philip Laube CPA, Controller
More informationPART 10 COMPUTER SYSTEMS
PART 10 COMPUTER SYSTEMS 10-1 PART 10 COMPUTER SYSTEMS The following is a general outline of steps to follow when contemplating the purchase of data processing hardware and/or software. The State Board
More informationControl Matters. Computer Auditing. (Relevant to ATE Paper 8 Auditing) David Chow, FCCA, FCPA, CPA (Practising)
Computer Auditing Control Matters (Relevant to ATE Paper 8 Auditing) David Chow, FCCA, FCPA, CPA (Practising) The introduction of a computerized or electronic data processing (EDP) accounting system has
More informationIT - General Controls Questionnaire
IT - General Controls Questionnaire Internal Control Questionnaire Question Yes No N/A Remarks G1. ACCESS CONTROLS Access controls are comprised of those policies and procedures that are designed to allow
More informationINFORMATION TECHNOLOGY CONTROLS
CHAPTER 14 INFORMATION TECHNOLOGY CONTROLS SCOPE This chapter addresses requirements common to all financial accounting systems and is not limited to the statewide financial accounting system, ENCOMPASS,
More informationCHAPTER 11 COMPUTER SYSTEMS INFORMATION TECHNOLOGY SERVICES CONTROLS
11-1 CHAPTER 11 COMPUTER SYSTEMS INFORMATION TECHNOLOGY SERVICES CONTROLS INTRODUCTION The State Board of Accounts, in accordance with State statutes and the Statements on Auditing Standards Numbers 78
More informationDecision on adequate information system management. (Official Gazette 37/2010)
Decision on adequate information system management (Official Gazette 37/2010) Pursuant to Article 161, paragraph (1), item (3) of the Credit Institutions Act (Official Gazette 117/2008, 74/2009 and 153/2009)
More informationSoftware Engineering. Data Capture. Copyright BCA Notes All Rights Reserved.
Software Engineering Data Capture Data capture Data entry :- Direct input output of data in the appropriate data fields of a database through the use of human data input device such as keyboard mouse or
More informationSAS 70 Exams Of EBT Controls And Processors
Appendix VIII SAS 70 Examinations of EBT Service Organizations Background States must obtain an examination by an independent auditor of the State electronic benefits transfer (EBT) service providers (service
More informationSECTION 15 INFORMATION TECHNOLOGY
SECTION 15 INFORMATION TECHNOLOGY 15.1 Purpose 15.2 Authorization 15.3 Internal Controls 15.4 Computer Resources 15.5 Network/Systems Access 15.6 Disaster Recovery Plan (DRP) 15.1 PURPOSE The Navajo County
More informationSupplier Information Security Addendum for GE Restricted Data
Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,
More informationCHIS, Inc. Privacy General Guidelines
CHIS, Inc. and HIPAA CHIS, Inc. provides services to healthcare facilities and uses certain protected health information (PHI) in connection with performing these services. Therefore, CHIS, Inc. is classified
More informationLearning Objective 1. The Impact of Information Technology on the Audit Process. Describe how IT improves internal control.
Learning Objective 1 The Impact of Information Technology on the Audit Process Describe how IT improves internal control. Chapter 12 12-1 12-2 How Information Technologies Enhance Internal Control Learning
More informationInformation Systems and Technology
As public servants, it is our responsibility to use taxpayers dollars in the most effective and efficient way possible while adhering to laws and regulations governing those processes. There are many reasons
More informationMeeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)
Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11) Executive Summary...3 Background...4 Internet Growth in the Pharmaceutical Industries...4 The Need for Security...4
More informationDisaster Recovery Plan
Disaster Recovery Plan Disasters that can cause hardware, software and data loss such as fire are inevitable. One can minimize the losses by formulating a plan to recover from such disasters and to keep
More informationInformation Technology General Controls Review (ITGC) Audit Program Prepared by:
Information Technology General Controls Review (ITGC) Audit Program Date Prepared: 2012 Internal Audit Work Plan Objective: IT General Controls (ITGC) address the overall operation and activities of the
More informationInformation Technology Security Procedures
Information Technology Security Procedures Prepared By: Paul Athaide Date Prepared: Dec 1, 2010 Revised By: Paul Athaide Date Revised: September 20, 2012 Version 1.2 Contents 1. Policy Procedures... 3
More informationState HIPAA Security Policy State of Connecticut
Health Insurance Portability and Accountability Act State HIPAA Security Policy State of Connecticut Release 2.0 November 30 th, 2004 Table of Contents Executive Summary... 1 Policy Definitions... 3 1.
More informationHIPAA: In Plain English
HIPAA: In Plain English Material derived from a presentation by Kris K. Hughes, Esq. Posted with permission from the author. The Health Insurance Portability and Accountability Act of 1996 (HIPAA), Pub.
More informationMain Reference : Hall, James A. 2011. Information Technology Auditing and Assurance, 3 rd Edition, Florida, USA : Auerbach Publications
Main Reference : Hall, James A. 2011. Information Technology Auditing and Assurance, 3 rd Edition, Florida, USA : Auerbach Publications Suggested Reference : Senft, Sandra; Gallegos, Frederick., 2009.
More informationGuide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR
Guide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR Information and Resources for Small Medical Offices Introduction The Personal Health Information Protection Act, 2004 (PHIPA) is Ontario s health-specific
More informationCourse: Information Security Management in e-governance
Course: Information Security Management in e-governance Day 2 Session 2: Security in end user environment Agenda Introduction to IT Infrastructure elements in end user environment Information security
More informationAn Introduction to HIPAA and how it relates to docstar
Disclaimer An Introduction to HIPAA and how it relates to docstar This document is provided by docstar to our partners and customers in an attempt to answer some of the questions and clear up some of the
More informationControls for the Credit Card Environment Edit Date: May 17, 2007
Controls for the Credit Card Environment Edit Date: May 17, 2007 Status: Approved in concept by Executive Staff 5/15/07 This document contains policies, standards, and procedures for securing all credit
More informationa) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)
MIS5206 Week 12 Your Name Date 1. Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)? a) User from within could send a file
More informationTransaction Processing and Enterprise Resource Planning Systems. Goal of Transaction Processing. Characteristics of Transaction Processing
C H A P T E R 9 Transaction Processing and Enterprise Resource Planning Systems Goal of Transaction Processing Provide all the information needed to keep the business running properly and efficiently.
More informationProtection of Computer Data and Software
April 2011 Country of Origin: United Kingdom Protection of Computer Data and Software Introduction... 1 Responsibilities...2 User Control... 2 Storage of Data and Software... 3 Printed Data... 4 Personal
More informationThe Practice of Internal Controls. Cornell Municipal Clerks School July 16, 2014
The Practice of Internal Controls Cornell Municipal Clerks School July 16, 2014 Page 1 July 18, 2014 Cash Receipts (Collection procedures) Centralize cash collections within a department or for the local
More informationInformation Resources Security Guidelines
Information Resources Security Guidelines 1. General These guidelines, under the authority of South Texas College Policy #4712- Information Resources Security, set forth the framework for a comprehensive
More informationTechnical Standards for Information Security Measures for the Central Government Computer Systems
Technical Standards for Information Security Measures for the Central Government Computer Systems April 21, 2011 Established by the Information Security Policy Council Table of Contents Chapter 2.1 General...
More informationQuestion Name C 1.1 Do all users and administrators have a unique ID and password? Yes
Category Question Name Question Text C 1.1 Do all users and administrators have a unique ID and password? C 1.1.1 Passwords are required to have ( # of ) characters: 5 or less 6-7 8-9 Answer 10 or more
More informationFull Compliance Contents
Full Compliance for and EU Annex 11 With the regulation support of Contents 1. Introduction 2 2. The regulations 2 3. FDA 3 Subpart B Electronic records 3 Subpart C Electronic Signatures 9 4. EU GMP Annex
More informationGENERAL APPLICATION FOR ELECTRONIC COMMUNICATION SYSTEM ( ECS ) INSURANCE
GENERAL APPLICATION FOR ELECTRONIC COMMUNICATION SYSTEM ( ECS ) INSURANCE (CLAIMS MADE BASIS) APPLICANT S INSTRUCTIONS: 1. Answer all questions. If the answer requires detail, please attach a separate
More informationIT Application Controls Questionnaire
IT Application Controls Questionnaire Internal Control Questionnaire Question Yes No N/A Remarks A1.a. MULTIPLE USER PROCESSING INPUT CONTROLS Input controls are the procedures and methods utilized by
More informationLEHMAN COLLEGE: DEPARTMENTAL RETENTION SCHEDULE 8/7/2014 INFORMATION TECHNOLOGY (IT)
IT-1 Contracts/ Software Licenses/ Use Agreements Legal agreements, including contracts, legal releases, software licenses, and use agreements involving the College or the University 6 years after expiration
More informationCHAPTER 15: Operating Systems: An Overview
CHAPTER 15: Operating Systems: An Overview The Architecture of Computer Hardware, Systems Software & Networking: An Information Technology Approach 4th Edition, Irv Englander John Wiley and Sons 2010 PowerPoint
More informationHIGH-RISK SECURITY VULNERABILITIES IDENTIFIED DURING REVIEWS OF INFORMATION TECHNOLOGY GENERAL CONTROLS
Department of Health and Human Services OFFICE OF INSPECTOR GENERAL HIGH-RISK SECURITY VULNERABILITIES IDENTIFIED DURING REVIEWS OF INFORMATION TECHNOLOGY GENERAL CONTROLS AT STATE MEDICAID AGENCIES Inquiries
More informationCyber Security Best Practices
Cyber Security Best Practices 1. Set strong passwords; Do not share them with anyone: They should contain at least three of the five following character classes: o Lower case letters o Upper case letters
More information2.2 INFORMATION SERVICES Documentation of computer services, computer system management, and computer network management.
3 Audit Trail Files Data generated during the creation of a master file or database, used to validate a master file or database during a processing cycle. GS 14020 Retain for 3 backup cycles Computer Run
More informationCOB 302 Management Information System (Lesson 8)
COB 302 Management Information System (Lesson 8) Dr. Stanley Wong Macau University of Science and Technology Chapter 13 Security and Ethical Challenges 安 全 與 倫 理 挑 戰 Remarks: Some of the contents in this
More informationHow To Write A Health Care Security Rule For A University
INTRODUCTION HIPAA Security Rule Safeguards Recommended Standards Developed by: USF HIPAA Security Team May 12, 2005 The Health Insurance Portability and Accountability Act (HIPAA) Security Rule, as a
More informationSUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This
More informationTechnical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and
Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and procedures to govern who has access to electronic protected
More informationData storage, collaboration, backup, transfer and encryption
Data storage, collaboration, backup, transfer and encryption Scott Summers UK Data Archive Practical research data management 19 April 2016 Overview Looking after research data for the longer-term and
More informationHow To Protect Decd Information From Harm
Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the
More informationIT Security Standard: Network Device Configuration and Management
IT Security Standard: Network Device Configuration and Management Introduction This standard defines the steps needed to implement Bellevue College policy # 5250: Information Technology (IT) Security regarding
More informationCUNY SCHOOL OF PROFESSIONAL STUDIES: DEPARTMENTAL RETENTION SCHEDULE 4/7/2014 OFFICE OF INFORMATION TECHNOLOGY
IT-1 Contracts/ Software Licenses/ Use Agreements General 6[6] IT-2 CUNY SCHOOL OF PROFESSIONAL STUDIES: DEPARTMENTAL RETENTION SCHEDULE 4/7/2014 CUNY-CIS Information Security Procedures Attestation Forms
More informationGeneral Computer Controls
1 General Computer Controls Governmental Unit: University of Mississippi Financial Statement Date: June 30, 2007 Prepared by: Robin Miller and Kathy Gates Date: 6/29/2007 Description of computer systems
More informationComputers and Society: Security and Privacy
1 Chapter 12 Computers and Society: Security and Privacy 2 Chapter 12 Objectives 3 Computer Security: Risks and Safeguards What is a computer security risk? 4 Computer Security: Risks and Safeguards 1
More informationOECD SERIES ON PRINCIPLES OF GOOD LABORATORY PRACTICE AND COMPLIANCE MONITORING NUMBER 10 GLP CONSENSUS DOCUMENT
GENERAL DISTRIBUTION OCDE/GD(95)115 OECD SERIES ON PRINCIPLES OF GOOD LABORATORY PRACTICE AND COMPLIANCE MONITORING NUMBER 10 GLP CONSENSUS DOCUMENT THE APPLICATION OF THE PRINCIPLES OF GLP TO COMPUTERISED
More informationHIPAA Security Alert
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
More informationThe Commonwealth of Massachusetts
A. JOSEPH DeNUCCI AUDITOR The Commonwealth of Massachusetts AUDITOR OF THE COMMONWEALTH ONE ASHBURTON PLACE, ROOM 1819 BOSTON, MASSACHUSETTS 02108 TEL. (617) 727-6200 No. 2008-1308-4T OFFICE OF THE STATE
More informationImpact of Information Technology on Accounting Systems
Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology Vol.3, No.2, December (2013), pp. 93-106 http://dx.doi.org/10.14257/ajmahs.2013.12.02 Impact of Information Technology
More informationInformation Technology General Controls And Best Practices
Paul M. Perry, FHFMA, CITP, CPA Alabama CyberNow Conference April 5, 2016 Information Technology General Controls And Best Practices 1. IT General Controls - Why? 2. IT General Control Objectives 3. Documentation
More informationThe Impact of Information Technology on the Audit Process
The Impact of Information Technology on the Audit Process Chapter 12 2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12-1 Learning Objective 1 Describe how IT improves internal
More informationIntroduction. Purpose. Reference. Applicability. HIPAA Policy 7.1. Safeguards to Protect the Privacy of PHI
Office of Regulatory Compliance 13001 E. 17 th Place, Suite W1124 Mail Stop F497 Aurora, CO 80045 Main Office: 303-724-1010 Main Fax: 303-724-1019 HIPAA Policy 7.1 Title: Source: Prepared by: Approved
More informationHIPAA 203: Security. An Introduction to the Draft HIPAA Security Regulations
HIPAA 203: Security An Introduction to the Draft HIPAA Security Regulations Presentation Agenda Security Introduction Security Component Requirements and Impacts Administrative Procedures Physical Safeguards
More informationChapter 6. Architecture About Infrastructure. Introduction. Real World Examples
Introduction Chapter 6 Architecture and Managing and Using Information Systems: A Strategic Approach by Keri Pearlson & Carol Saunders What is the architecture of an organization? What is the infrastructure
More informationCertified Information Systems Auditor (CISA)
Certified Information Systems Auditor (CISA) Course Introduction Course Introduction Module 01 - The Process of Auditing Information Systems Lesson 1: Management of the Audit Function Organization of the
More informationCircular to All Licensed Corporations on Information Technology Management
Circular 16 March 2010 Circular to All Licensed Corporations on Information Technology Management In the course of our supervision, it has recently come to our attention that certain deficiencies in information
More informationCONTROLLING COMPUTER-BASED INFORMATION SYSTEMS, PART I
CHAPTER CONTROLLING COMPUTER-BASED INFORMATION SYSTEMS, PART I The basic topic of internal control was introduced in 3. These next two chapters discuss the implications of automating the accounting information
More informationInternal Controls. A short presentation from Your Internal Audit Department
Internal Controls A short presentation from Your Internal Audit Department The Old Internal Audit Department The New Internal Audit Department We re here to help! Teach + Train = Change Our goal: Promote
More informationInternal Controls Compliance Office of Business Affairs
Internal Controls Compliance Office of Business Affairs What Is Control? A control is an action taken by management to enhance the likelihood that established objectives and goals will be achieved. Sufficient
More informationSESSION 8 COMPUTER ASSISTED AUDIT TECHNIQUE
SESSION 8 COMPUTER ASSISTED AUDIT TECHNIQUE Learning objective: explain the use of computer assisted audit techniques in the context of an audit discuss and provide relevant examples of the use of test
More informationAUDITING IN COMPUTER ENVIRONMENT. What is audit in a computer environme nt?
AUDITING IN COMPUTER ENVIRONMENT What is audit in a computer environme nt? Wherever computer based accounting system, large or small are operated by an enterprise, or by a third party on behalf of the
More informationAdvanced Authentication
White Paper Advanced Authentication Introduction In this paper: Introduction 1 User Authentication 2 Device Authentication 3 Message Authentication 4 Advanced Authentication 5 Advanced Authentication is
More informationDepartment of Health and Human Services OFFICE OF INSPECTOR GENERAL
Department of Health and Human Services OFFICE OF INSPECTOR GENERAL HIGH-RISK SECURITY VULNERABILITIES IDENTIFIED DURING REVIEWS OF INFORMATION SYSTEM GENERAL CONTROLS AT THREE CALIFORNIA MANAGED-CARE
More informationSystem Security Plan Template
Institutional and Sector Modernisation Facility ICT Standards System Security Plan Template Document number: ISMF-ICT/3.03 - ICT Security/MISP/SD/SSP Template Version: 1.20 Project Funded by the European
More informationInformation System Audit. Arkansas Administrative Statewide Information System (AASIS) General Controls
Information System Audit Arkansas Administrative Statewide Information System (AASIS) General Controls ARKANSAS DIVISION OF LEGISLATIVE AUDIT April 12, 2002 April 12, 2002 Members of the Legislative Joint
More informationTameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by:
Tameside Metropolitan Borough Council ICT Security Policy for Schools Adopted by: 1. Introduction 1.1. The purpose of the Policy is to protect the institution s information assets from all threats, whether
More informationChapter 7 Securing Information Systems
1 Chapter 7 Securing Information Systems LEARNING TRACK 4: GENERAL AND APPLICATION CONTROLS FOR INFORMATION SYSTEMS To minimize errors, disaster, computer crime, and breaches of security, special policies
More informationPERFORMANCE EVALUATION AUDIT CHECKLIST EXAMPLE. EIIP Volume VI
Final 7/96 APPENDIX E - PERFORMANCE EVALUATION AUDIT APPENDIX E PERFORMANCE EVALUATION AUDIT CHECKLIST EXAMPLE APPENDIX E - PERFORMANCE EVALUATION AUDIT Final 7/96 This page is intentionally left blank.
More informationOhio Supercomputer Center
Ohio Supercomputer Center Portable Security Computing No: Effective: OSC-09 05/27/09 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original Publication
More informationGAO INFORMATION SECURITY. Weak Controls Place Interior s Financial and Other Data at Risk. Report to the Secretary of the Interior
GAO United States General Accounting Office Report to the Secretary of the Interior July 2001 INFORMATION SECURITY Weak Controls Place Interior s Financial and Other Data at Risk GAO-01-615 United States
More informationRed Flags Identity Theft Training Program. Fall 2015
Red Flags Identity Theft Training Program Fall 2015 Background In 2003, U.S. Congress enacted the Fair and Accurate Credit Transactions Act of 2003 (FACTA). FACTA requires creditors to adopt policies and
More informationNETWORK SECURITY & PRIVACY SUPPLEMENT
A. ACCOUNT INFORMATION NETWORK SECURITY & PRIVACY SUPPLEMENT THIS SUPPLEMENT IS PART OF THE APPLICATION, INCLUDING A RENEWAL APPLICATION, SUBMITTED BY OR ON BEHALF OF THE APPLICANT FOR THE PROPOSED INSURANCE.
More informationMemorandum. ACTION: Report on Computer Security Controls of Financial Management System, FTA FE-2000-098. May 23, 2000.
U.S. Department of Transportation Office of the Secretary of Transportation Office of Inspector General Memorandum ACTION: Report on Computer Security Controls of Financial Management System, FTA FE-2000-098
More informationSUBJECT: Effective Date Policy Number Security of Mobile Computing, Data Storage, and Communication Devices
SUBJECT: Effective Date Policy Number Security of Mobile Computing, Data Storage, and Communication Devices 8-27-2015 4-007.1 Supersedes 4-007 Page Of 1 5 Responsible Authority Vice Provost for Information
More informationFORM 20A.9 SAMPLE AUDIT PROGRAM FOR TESTING IT CONTROLS. Date(s) Completed. Workpaper Reference
FORM 20A.9 SAMPLE AUDIT PROGRAM FOR TESTING IT CONTROLS Workpaper Reference Date(s) Completed Organization and Staffing procedures used to define the organization of the IT Department. 2. Review the organization
More information6-8065 Payment Card Industry Compliance
0 0 0 Yosemite Community College District Policies and Administrative Procedures No. -0 Policy -0 Payment Card Industry Compliance Yosemite Community College District will comply with the Payment Card
More informationADM:49 DPS POLICY MANUAL Page 1 of 5
DEPARTMENT OF PUBLIC SAFETY POLICIES & PROCEDURES SUBJECT: IT OPERATIONS MANAGEMENT POLICY NUMBER EFFECTIVE DATE: 09/09/2008 ADM: 49 REVISION NO: ORIGINAL ORIGINAL ISSUED ON: 09/09/2008 1.0 PURPOSE The
More information15 Organisation/ICT/02/01/15 Back- up
15 Organisation/ICT/02/01/15 Back- up 15.1 Description Backup is a copy of a program or file that is stored separately from the original. These duplicated copies of data on different storage media or additional
More informationDisaster Recovery Remote off-site Storage for single server environment
. White Paper Disaster Recovery Remote off-site Storage for single server environment When it comes to protecting your data there is no second chance January 1, 200 Prepared by: Bill Schmidley CompassPoint
More informationChapter 12. Computer Controls for Organizations and Accounting Information Systems
Chapter 12 Computer Controls for Organizations and Accounting Information Systems INTRODUCTION GENERAL CONTROLS FOR ORGANIZATIONS Integrated Security for the Organization Organization-Level Controls Personnel
More informationILLINOIS DEPARTMENT OF CENTRAL MANAGEMENT SERVICES CLASS SPECIFICATION DATA PROCESSING OPERATIONS SERIES CLASS TITLE POSITION CODE EFFECTIVE
ILLINOIS DEPARTMENT OF CENTRAL MANAGEMENT SERVICES CLASS SPECIFICATION DATA PROCESSING OPERATIONS SERIES CLASS TITLE POSITION CODE EFFECTIVE DATA PROCESSING OPERATOR 11425 4-16-89 DATA PROCESSING ASSISTANT
More informationChapter 12 Objectives. Chapter 12 Computers and Society: Security and Privacy
Chapter 12 Objectives Chapter 12 Computers and Society: and Privacy p. 12.2 Identify the various types of security risks that can threaten computers Recognize how a computer virus works and take the necessary
More informationNotice to Government End Users DoD contract: Civilian agency contract:
SHIFT4, $$$ ON THE NET, $$$ IN THE BANK, FRAUD SENTRY, and IT'S YOUR CARD are products and Registered Trademarks of Shift4 Corporation. NetAPI, NetAudit, and NetCharge are products and Trademarks of Shift4
More informationMaking the leap to the cloud: IS my data private and secure?
Making the leap to the cloud: IS my data private and secure? tax & accounting MAKING THE LEAP TO THE CLOUD: IS MY DATA PRIVATE AND SECURE? Cloud computing: What s in it for me? The more you know about
More informationZIMBABWE SCHOOL EXAMINATIONS COUNCIL. COMPUTER STUDIES 7014/01 PAPER 1 Multiple Choice SPECIMEN PAPER
ZIMBABWE SCHOOL EXAMINATIONS COUNCIL General Certificate of Education Ordinary Level COMPUTER STUDIES 7014/01 PAPER 1 Multiple Choice SPECIMEN PAPER Candidates answer on the question paper Additional materials:
More informationGeneral Records Schedule Approved September 2009
GRS7 Information Management Records GRS7.1 Systems Design and Development Records Records documenting the design and development of new records and information management systems and subsystems as well
More informationThe Second National HIPAA Summit
HIPAA Security Regulations: Documentation and Procedures The Second National HIPAA Summit Healthcare Computing Strategies, Inc. John Parmigiani Practice Director, Compliance Programs Tom Walsh, CISSP Practice
More informationUsher Mobile Identity for Higher Education Institutions. Rebecca Parks Associate Product Manager, MicroStrategy
Usher Mobile Identity for Higher Education Institutions Rebecca Parks Associate Product Manager, MicroStrategy Agenda Overview of Mobile Identity Verify Personal ID Login to University Systems Unlock Doors
More informationE-Business Technologies
E-Business Technologies Craig Van Slyke and France Bélanger John Wiley & Sons, Inc. Slides by Fred Niederman 7-1 Client/Server Technologies for E-Business Chapter 7 7-2 Key Ideas E-commerce applications
More informationIntel Enhanced Data Security Assessment Form
Intel Enhanced Data Security Assessment Form Supplier Name: Address: Respondent Name & Role: Signature of responsible party: Role: By placing my name in the box above I am acknowledging that I am authorized
More informationInformation Security Plan effective March 1, 2010
Information Security Plan effective March 1, 2010 Section Coverage pages I. Objective 1 II. Purpose 1 III. Action Plans 1 IV. Action Steps 1-5 Internal threats 3 External threats 3-4 Addenda A. Document
More informationICT Policy. Executive Summary. Date of ratification Executive Team Committee 22nd October 2013. Document Author(s) Collette McQueen
ICT Policy THCCGIT20 Version: 01 Executive Summary This document defines the Network Infrastructure and File Server Security Policy for Tower Hamlets Clinical Commissioning Group (CCG). The Network Infrastructure
More informationAudit Report. Management and Security of Office of Budget and Program Analysis Information Technology Resources. U.S. Department of Agriculture
U.S. Department of Agriculture Office of Inspector General Southeast Region Audit Report Management and Security of Office of Budget and Program Analysis Information Technology Resources Report No. 39099-1-AT
More information