Corporate Governance - Entity-Level Controls - Change Control Process Flashcards
Computer program libraries can best be kept secure by:
restricting physical and logical access.
Restricting physical and logical access secures program libraries from unauthorized use, in person and remotely via terminals.
Logical access
describes how security software works to restrict access to a computer’s data. This type of restricted access is called “logical access” because the computer’s software interprets information, such as user ID and password, to determine who can have access to the computer’s records.
Terminals
used to communicate with a remote computer, mainframe computer, or one or more server computers over a local or wide-area network.
Change identification
the use of ongoing and separate evaluations to identify and address changes in internal control effectiveness
Transaction Processing System (TPS)
Completely programmed and automated system, treating every problem in exactly the same way. This type of system is used in accounting information systems (AIS) so that each transaction is processed in an identical, and therefore objective, manner.
Database
A collection of interrelated information that can be used for a variety of purposes; a structured set of interrelated files combined to eliminate redundancy of data items within the files and to establish logical connections between data items. Many of these files contain sensitive data.
Database management system (DBMS)
A computer program that manages a database
Change management
in IT uses standardized methods, processes, and procedures to efficiently and promptly handle changes to the control IT infrastructure. Change management maintains the balance between needed changes and the potential negative impact of such changes on service.
Enterprise resource planning (ERP) system
Integrates all aspects of an organization’s activities into one accounting information system.
Segregation (or seperation ) of Duties
To achieve adequate internal control in a business enterprise, the primary functions of the business should be identified. The duties of these functions should be outlined and control procedures designed to achieve adequate internal control. In designing control procedures, the duties involved in accomplishing these functions should be separated as much as possible to attain control—the duties should be segregated.
The procedures for a well-defined change control process would include the following:
- The change control board approves the change and assigns a project manager.
- The project manager makes sure all paperwork has been received and approved.
- The project manager sets up schedules for all personnel involved.
- The projects are completed.
- Changes are tested and approved before release.
Change control process
designed to ensure that any necessary changes to internal control over financial reporting are appropriately identified, reviewed, approved, and implemented in a controlled manner.
