Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CAF 8 Audit > General IT Control > Flashcards

General IT Control Flashcards

1
Q

IT control

A

Internal controls in IT systems can be divided into two main categories: general controls and application controls. Let’s break these down in a simple way.

What They Are: Policies and procedures that apply to many different applications (like revenue, purchases, and payroll). They ensure IT systems work properly.

Why They Matter: If general IT controls are weak, the system’s processing might not be complete or accurate.

Main Categories:
1. Development Controls: Controls over creating new IT systems and applications.
2. Change Management: Controls over documenting and testing changes to programs.
3. Unauthorized Changes: Controls to prevent or detect unauthorized changes to programs (e.g., by an employee or hacker).
4. Data Integrity: Controls to prevent the use of incorrect data files or programs.
5. Data Security: Controls to prevent unauthorized changes to data files.
6. Continuity Controls: Controls to ensure the system continues to operate without breakdowns.

Example: A company has controls to ensure that any changes to their accounting software are tested and approved before implementation to prevent errors or fraud.

What They Are: Specific controls within individual applications to ensure transactions are processed correctly.

Why They Matter: They ensure the accuracy, completeness, and authorization of transactions within specific applications.

Main Categories:
1. Input Controls: Ensure data entered into the system is accurate and complete.
2. Processing Controls: Ensure data is processed correctly.
3. Output Controls: Ensure the output from the system is accurate and complete.

Example: An ERP system that requires dual authorization for processing payments to ensure they are accurate and authorized.

Scenario: An auditor is evaluating a company’s IT controls.

  1. General IT Controls:
    • Development Controls: The auditor checks if new systems are properly developed and tested.
    • Change Management: The auditor reviews how changes to programs are documented and tested.
    • Unauthorized Changes: The auditor examines controls to prevent unauthorized changes to programs.
    • Data Integrity: The auditor checks controls to prevent the use of incorrect data files.
    • Data Security: The auditor reviews controls to prevent unauthorized changes to data files.
    • Continuity Controls: The auditor ensures there are controls to keep the system running smoothly.

By understanding and evaluating these controls, the auditor can assess the effectiveness of the IT system and plan the audit accordingly.Sure, let’s simplify the examples of general IT controls.

These controls ensure that IT systems work properly and securely. Here are some key areas and examples:

  • Design and Development: New systems should be designed by IT staff or external companies using proper standards.
  • Testing: New systems must be tested before use.
  • Approval: System designs should be approved by users.
  • Segregation of Duties: Different people should design and test systems.
  • Training: Staff should be trained on new systems before use.
  • Updating Programs: Changes to programs should be documented and tested.
  • Authorization: New program versions must be approved by management.
  • Training: Staff should be trained on new program versions.
  • Segregation of Duties: Programmers and operators should have separate roles.
  • Documentation: All program changes should be documented.
  • Restricted Access: Only authorized programmers should access program files.
  • Logs and Backups: Maintain logs of program use and keep backup copies.
  • Training: Operating staff should be trained to use the correct program versions.
  • Job Scheduling: Specify which program versions to use.
  • Supervision and Reviews: Supervisors and management should monitor program use.
  • Physical Access: Restrict access to computer terminals.
  • Passwords: Use strong passwords and manage them effectively.
  • Firewalls: Use firewalls to prevent unauthorized internet access.
  • Backups: Keep secure backup copies of all programs and data files.
  • Protection Measures: Protect equipment from fire, power failure, and other hazards.
  • Disaster Recovery Plans: Have plans for using another company’s computer center in case of disaster.
  • Maintenance Agreements: Have agreements with software companies for technical support.

Scenario: A company implements general IT controls to ensure their systems run smoothly and securely.

  1. Development: The IT department designs a new payroll system, tests it thoroughly, and gets it approved by the finance team.
  2. Program Changes: When updating the payroll system, changes are documented, tested, and approved by management.
  3. Unauthorized Changes: Only authorized IT staff can access and modify the payroll system, with all changes logged.
  4. Correct Programs: IT staff are trained to use the correct versions of the payroll software, and supervisors monitor their work.
  5. Data Security: Access to payroll data is restricted with strong passwords and firewalls.
  6. Continuity: The company keeps backup copies of payroll data and has a disaster recovery plan in place.

These controls help ensure the company’s IT systems are reliable and secure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CAF 8 Audit (92 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions