Information Technology Flashcards
Control Objectives for Information and Related Technology (COBIT) 5 Framework
- ) Meeting stakeholders needs
- ) Covering enterprise end-to-end
- ) Applying single integrated framework
- ) Enabling a holistic approach
- ) Separating Governance from management
Objective of controls in IT environment
- ) Completeness
- ) Accuracy
- ) Validity
- ) Authorization
- ) Timeliness
- ) Integrity
General Controls
Ensure that the control environment is stable and well managed so that application controls are effective.
GC - Personnel Policies
Provide for proper segregation of duties and use of computer accounts that provide users with passwords or other means of preventing unauthrorized access
GC - File Security Policies
Safeguard files from accidental or intentional errors or abuse.
GC - Hardware Controls
Built into a computer equipment to ensure proper functioning
Application Controls (AC) IT Environment
Relate to data input, data processing, data output
AC - Preventative controls
Designed to prevent errors and fraud
AC - Detective and automated controls
Designed to detect errors and fraud
AC - User and corrective controls
individual users to follow up on detected errors and fraud
Input controls
designed to ensure the validity, accuracy, and completeness of data entered into a system
Edit Tests
Scrutinize data as it is input to determine if it is in appropriate form. If not appropriate it will be rejected and an exception report will be created.
Process Controls
Once data has been input, processing controls ensure that the data is properly manipulated to produce usable output.
Output Controls
Ensure that the processing results are valid and monitor the distribution and use of output
Data Flow Diagrams (DFDs)
illustrate the system components and functions, data flows among the components and sources, destinations and storage of the data
