Module 5

Question 1

What are are IT General controls?

Answer 1

Policies and procedures that relate to many applications and support the effective functioning of application controls by helping to ensure the continued proper operation of information systems

Whole item system (bubble around)
E.g username password, backups

Question 2

ITGC can be?

Answer 2

Manual
Automated
Combination of both

Question 3

What are the 4 areas ITGCs commonly cover?

Answer 3

Access to programs and data
Program changes and development
Operations (computer)
Continuity of operations

Question 4

What is the key risk for access to programs and data?

Answer 4

Loss, destruction or unauthorised use and alteration of data

Question 5

What is the key risk for program changes and development?

Answer 5

Changes may be unsuitable

New programs may not be fit for purpose

Question 6

What is the key risk for computer operations?

Answer 6

Problems with system fail to be resolved in a timely manner

Question 7

What is the key risk for continuity of operations?

Answer 7

Unexpected distasters

Question 8

What is access to programs and data?

Answer 8

Access restricted to authorised persons only

Question 9

What is program changes and development?

Answer 9

Any changes or development must incorporate controls including appropriate authorisation and testing

Question 10

What are computer operations?

Answer 10

Procedures are required to ensure the recording, analysis and timely resolution of problems

Day to day processing of information
Ensure efficiency to achieve objectives

Question 11

What are continuity of operations?

Answer 11

Take precautions against potential hazards and implement suitable backup procedures

Question 12

What are the components of access to programs and data?

Answer 12

Awareness of information security policies by all staff
Appropriate restrictions of access to IT resources
Segregation of duties within key processes

Question 13

What are the common controls within restriction of access?

Answer 13

Physical access
User access
Administrator access

Question 14

What do you need to consider to ensure changes and development are appropriate and don’t negatively affect?

Answer 14

Authorisation
Development
Testing
Approval

DATA

Question 15

Change should be made where?

Answer 15

In separate test environments to avoid any negative impact on info processing and application controls

Question 16

What should organisations consider with regards to computer operations?

Answer 16

Job processing (documented procedures)
Backup and recovery procedures
Incident and problem management procedures (doc)

Question 17

The ability to carry on trading after a distaste involves formulation a?

Answer 17

Disaster recovery plan as well as procedures to avoid disaster occurring

Question 18

How can the DRP be developed?

Answer 18

Internally or outsourced to a specialist

Question 19

What steps does designing a good DRP involve?

Answer 19

Identifying IT risk events
Assessing threat and impact
Preventing and reducing risk

Question 20

What are the objective of a good DRP?

Answer 20

Minimising interruption
Securing alternative internet access
Recovering lost data
Providing recovery procedures 
Training employees

Question 21

What are typical physical security measures for distasteful prevention?

Answer 21

Fire and smoke detectors 
Alarms
Plastic equipment covers 
Air con
Firewalls

Question 22

4 key areas ITGCs cover?

Answer 22

Access to programs and data
Program changes and development
Operations computer
Continuity of operations

APOC

Question 23

What do IT application controls apply to?

Answer 23

Processing of specific types of transactions

To ensure genuine accurate and compete transactions
At business process/transaction level

Question 24

What is the key difference between a manual and IT application control?

Answer 24

IT application contains some element of automation or involvement of IT

Question 25

What are the 6 common examples of IT application controls?

Answer 25

Audit log
Batch controls 
Programmed editing 
Calculation
Check digits
Exception reports

Question 26

What is an audit log?

Answer 26

Automatic log kept of activity that can be manually reviewed

Question 27

What are batch controls?

Answer 27

Operate where a manual count or total is made of inputs prior to being put into system.
Once input, but before processing, the manual count is agreed to the computer generated totals to ensure accuracy

Question 28

What is programmed editing?

Answer 28

Computer is programmed to anticipate entires fields

Tests on data entry incorporated e.g 1-100 over is rejected

Question 29

What is calculation?

Answer 29

Automatic calculations embedded within applications based on inputted info

Question 30

What are check digits?

Answer 30

A decimal digit added to a number for detecting the sorts of errors humans typically make on data entry.
The digit is driven by a formula and the system can perform an automatic check using it

Question 31

What are exception reports?

Answer 31

A report generated that identifies any transactions that are outside the normal expected range
Should be reviewed and investigated