College Finder
English flagItalian flagKorean flagChinese (Simplified) flagGerman flagFrench flagSpanish flagJapanese flagArabic flagRussian flagGreek flagDutch flagBulgarian flagCzech flagCroat flagDanish flagFinnish flagHindi flagPolish flagRumanian flagSwedish flagNorwegian flag
By N2H




IT Internal Controls

July 9, 2008

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting and have a nice day!

These are policies, procedures, practices and organizational structures designed to provide reasonable assurance that an organization’s objectives will be achieved, undesired risks presented, or detected and corrected.

Internal control objectives are statements of desired results or purposes to be achieved by implemented control procedures.

Control is the means by which control objectives are addressed: the control objectives include:

  • Safeguarding of IT assets

  • Compliance to corporate policies and legal requirements

  • Authorization/input

  • Accuracy and completeness of processing of transaction.

  • Output

  • Reliability of process.

  • Backup/recovery.

  • Efficiency and economy of operations

Controls can be classified as:

Preventative Controls:

This involves:

  • Detecting problems before they arise.

  • Monitor both operational aspects and input process.

  • Attempts to predict potential problems before they occur and make adjustments.

  • Prevent an error, omission or malicious act.

Preventative controls include segmentation of duties, controlling access to physical facilities, audit checks, use of access control software that allow only authorized personnel to access sensitive files.


Detective Controls

These controls report the occurrence of an error, omission or malicious act. These controls include harsh totals, checkpoint in production jobs, internal audit function, error message over tape labels, duplicate checking of calculations.

Corrective Controls

These controls minimize the impact of a threat. It helps to identify the cause of a problem and correct the error arising from a problem. It also helps to modify processing systems to minimize future occurrences of the problem.

These controls are contingency back up procedures and rerun procedures.

The objectives of IS controls include:

  • Safeguarding Assets: This involves securing information systems from improper access and keeping that information up to date.

  • Assuring integrity of general system environments including network management.

  • Assuring integrity of sensitive and critical application system environments including accounting/financial and management information through.

  • Authorization of inputs.

  • Accuracy and completeness in processing of transaction.

  • Reliability of overall information processing activities.

  • Accuracy, completeness and security of output.

  • Database integrity.

  • Ensuring the efficiency and effectiveness of operations.

  • Complying with user’s requirements and with organizational policies and procedures as well as laws and regulations.

  • Develop business continuity and disaster recovery plans.

  • Developing an incidence response time.


Page copy protected against web site content infringement by Copyscape

Written by admin · Filed Under IT Audit 

Comments

Got something to say?





FireStats icon Powered by FireStats