13. IT Systems Flashcards
What are preventive controls?
These are designed to stop errors or irregularities from occurring in the first place.
For example:
Authorization of transactions,
Physical and logical access to restrict unauthorized access,
Training of employees.
What are detective controls?
These are designed to identify errors or irregularities that may have occurred.
For example:
Review of system logs,
Reconciliations.
What are corrective controls?
These are designed to correct errors or irregularities that have been detected.
For example:
Disciplinary mechanism,
policies and procedures for reporting errors to correct them.
What are IT General Controls?
IT General Controls are policies and procedures that relate to many or all applications. They support effective functioning of application controls by ensuring continued proper operations of IT system.
Explain importance of IT General Controls for Auditor?
Auditor first tests ITGC to assess control risk of IT system as whole. If control risk as whole is assessed low only then he will test application controls to decide if he can rely on specific system and reduce substantive testing.
What are application controls?
Application controls apply to processing of individual application. For example: Sales application or payroll application in accounting. These controls ensure that input transactions are authorized, transactions are processed and output is timely and confidentially distributed.
These can either be manual or computerized.
What is objective of development and acquisition of IT Systems?
To ensure computer based information system and application are developed in consistency with entity’s objectives.
What is objective of documentation and testing of changes to program?
To ensure proper development, documentation, testing, training and approval of program changes.
What does prevention and detection of unauthorized changes do?
The objective is to ensure that unauthorized persons do not make changes in the program or new programs are not introduced without authorization.
What does using correct version of programs and data files do?
There may be several versions of a program at any time. These controls ensure that correct version of the program is used.
Examples include:
training, job scheduling, reviews by management.
What is access controls to prevent unauthorized access to data files?
Also explain physical access control?
To prevent unauthorized access to resources.
Physical access controls are used to prevent or detect unauthorized access to hardware.
Examples include:
Fences and door-locks, Finger-print readers, Identification badges, etc
What is ensure continuity of operations?
To ensure continuity of operations in the event of disaster for example: in case of physical damage to computer equipment or if data is corrupted.
Explain Categories of IT Application Controls?
Input controls: To ensure that input data is authorized and valid.
Controls over processing: To ensure that correct number of transactions has been processed and that they have all been fully and accurately processed.
Controls over output: To ensure that output reports are distributed to authorized personnel, output is not lost and privacy is not violated.
Controls over master file and standing data: To ensure that data held on master files and standing files is accurate and complete.
What is auditing around computers?
Auditing around computers means that client’s internal software is not audited. Auditor agrees inputs of the system with output and compares actual output with expected output.
This method increases the audit risk because:
Auditor has no direct evidence that programs are working correctly.
If differences are found between input to the system and output from the system, it may be difficult or even impossible to determine.
Explain auditing through computers?
It means that the auditor uses various techniques to evaluate client’s computerized information system to determine reliability of its operations.
