2C1 - IC, Identify Key Risks with General Controls
docx
keyboard_arrow_up
School
University of Illinois, Chicago *
*We aren’t endorsed by this school
Course
435
Subject
Information Systems
Date
Nov 24, 2024
Type
docx
Pages
2
Uploaded by JusticeCapybaraMaster1521
2C1 – Internal Controls, Identify Key Risks with General Controls
General IT Controls
-
Related to many applications
o
Support the effective functioning of application controls
o
Helps ensure the continue proper operation of systems
-
Includes the following:
o
Data center and network operations
o
System software acquisition, change and maintenance
o
Program change
o
Access security
o
Application system acquisition, development and maintenance
Access Controls
-
Prevent improper use or manipulation of data files, unauthorized use of a computer program,
and other improper uses of computer resources
-
Logical or physical controls
o
Varying levels of authority based on need
-
Limit access to program documentation, data files, and computer hardware
General Controls – IT Duties to Segregate
-
COPAL
o
Control Group
: Monitor control, error logs
o
Operators
: Data input, error detections on spot
o
Programmers
: Write programs, debug programs
o
Analysts
: Design programs, prepare flowchart
o
Librarian
: Secure programs, store backups
Phases of Development and Implementation of IT Systems
-
Systems Analysis
: Overall objectives are considered
-
System Design
: Specific proposal is developed
-
Programming and testing
-
Implementation
: Most costly point to find problems
-
Monitoring
: Ongoing
Disaster Recovery
-
Identify critical operations
o
Create plans to restore data and business function after loss
-
Backup files – stored off-site
o
Hot site
: Service that provides a virtual mirror image of customer’s current data center
o
Cold site
: Service that provides location only, NOT equipment
-
Notification Procedures
-
Test plan periodically
Question #1
To obtain evidence that user identification and password controls are functioning as designed, an auditor
would most likely:
a)
Attempt to sign-on to the system using invalid user identifications and passwords
b)
Write a computer program that simulates the logic of the client’s access control software
c)
Extract a random sample of processed transactions and ensure that the transactions were
appropriately authorized
d)
Examine statements signed by employees stating that they have NOT divulged their user
identifications and passwords to any other person
Question #2
Daylight Corporation’s organization chart provides for a controller and an electronic data processing
(EDP) manager, both of whom report to the financial vice-president. Internal control would NOT be
strengthened by:
a)
Assigning the programming and operating of the computer to an independent control group
which reports to the controller
b)
Providing for maintenance of input data controls by an independent control group which reports
to the controller
c)
Rotating periodically among machine operators the assignment of individual application runs
d)
Providing for review and distribution of computer output by an independent control group
which reports to the controller
Question #3
An auditor
MOST
likely would test for the presence of unauthorized EDP program changes by running a:
a)
Program with test data
b)
Check digit verification program
c)
Source code comparison program
d)
Program that computes control totals
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help