Introduction to IT controls Flashcards
What is IT auditing?
- IT auditing is the assessment of the adequacy and effectiveness of controls which are related to the information technology systems and processes/ environment within an organisation.
- IT auditing does not change the basis of internal auditing (the principles and internal control objectives remain the same)
State the different types of internal control activities
- Segregation of duties
- Safeguarding of assets
- Adequate documents and records
- Proper authorization of transactions and activities
- Independent reviews
What is IT controls divided into?
- General controls
- Application controls
Discuss General controls
- Relate to the IT environment as a whole.
- Are not software specific, and control the environment in which system and application software operates.
Define general controls
Has pervasive effects, which means that if they are weak or absent, they may negate the effects of the application controls
What is manual systems?
- In a manual system, the entire accounting cycle can be followed step-by-step each source document is recorded in the appropriate journal.
- From the journals, all transactions are manually summarized and posted to the ledgers from which a trial balance and financial statements are constructed. The audit trail is visible to the internal auditor and audit engagement procedures can be applied to tangible documents and records.
- Tracing from source documents to the journals, general ledger and related financial reports is relatively easy as all information is recorded and kept in hardcopy format.
What is information and communications technology systems?
ICT systems are characterised by the speed at which processing of large volumes of data takes place.
- In addition, ICT systems make it easy for org’s to automate transactions and business processes - with little or no human intervention. From an auditing perspective, the fact that ICT is used in processing, and are automated, makes it difficult for the IA to follow the accounting cycle from beginning to end (audit trail).
- The full audit trial does still exist, but most of the transactions are executed (automated) without the user knowing/noticing and without any human intervention.
- ICT systems store information in electronic form
What are the challenges internal auditors must be mindful of?
- Data processing and storage can not be physically followed or observed by the internal auditor to determine whether proper procedures are followed.
- Data and programs in an ICT system is vulnerable
- With manual systems, disasters can result in the loss of information which could be very costly to recover if sufficient measures are not taken to safeguard the ICT system and information
- Electronically stored information can be changed, manipulated or destroyed by the insertion of malicious code
- The transmission of data increases the risk of unauthorized alteration and interpretation or the loss thereof and the internal auditor should consider all the of these facts in assessing the reliability of information used as audit evidence
Provide examples of general controls systems
- organizational controls related to IT personnel
- standard operating procedures for systems
- system documentation controls
- system development and program change controls
- hardware and software controls
- security controls related to IT
What is application controls?
- Relate to specific software programs and systems in the org.
- These controls are designed to ensure completeness, accuracy, authorization and validity of data captured and processed
- The functioning of application controls relate directly to general controls being in place, to create an environment conducive to compliance with controls
What is a edit check?
The most important application controls for a structure.
- Are checks (controls) programmed into a system/software program to ensure that error in data will be detected
Provide example of edit checks
- check digits
- reasonableness tests
- limit tests
- value tests
- alphanumeric tests
