1 / 29

Advantages and Disadvantages of Technology

Advantages and Disadvantages of Technology. Reduced human involvementUnauthorized access exposes confidential information and changes programmingLoss of data (all centralized)Reduced segregation of dutiesLack of traditional authorizationNeed for IT experience. General Internal Controls over In

katarina
Télécharger la présentation

Advantages and Disadvantages of Technology

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Advantages and Disadvantages of Technology Computer controls replace manual controls Higher quality information available faster Hardware and software and therefore all the companys information is a risk when computer malfunctions Loss of hard copy audit trail Systematic vs random errors (make the same error every time.

    2. Advantages and Disadvantages of Technology Reduced human involvement Unauthorized access exposes confidential information and changes programming Loss of data (all centralized) Reduced segregation of duties Lack of traditional authorization Need for IT experience

    3. General Internal Controls over Information Technology General Controls relate to all aspects of the IT function administration of the IT function segregation of IT duties systems development physical and online security backup and contingency planning hardware controls

    4. General Controls Administration of the IT Function Must be given importance in organization Chief Information Officer IT steering Committees

    5. General Controls Segregation of IT duties Separate custody, authorization, record-keeping in traditional controls Separate IT Management, Systems Development, Operations, Data Control

    6. IT Functions IT Management CIO Security Administrator System Development Systems Analysts Programmers cannot have access to input data or operations (use test copies of programs and data)

    7. IT Functions Operations Computer Operators- Day to day operations execute jobs according to schedule monitoring computer consoles for messages on efficiency and malfunctions Librarian Maintains programs and transaction files Network administrator planning, implementing and maintaining network

    8. IT Functions Data Control Data input/output control verify quality of input and reasonableness of output Database administrator controls operation and access security of shared databases

    9. General Controls Systems Development Controls = system development methodology procedures Involve IT and non IT personnel in development testing of software Pilot testing- one part of organization Parallel testing - both systems operate

    10. General Controls Physical and Online Security Physical control over computer equipment restricts access to hardware, software, backup files, hard drives, CDs, thumb drives, laptops etc. keypad entry badge-entry systems security cameras security personnel

    11. General Controls Physical and Online Security (cont.) Online access controls User IDs passwords key cards bio-id

    12. General Controls Backup and Contingency Planning Several copies of backup, some stored off premises battery backups for temporary power outages

    13. General Controls Hardware Controls Built into computer equipment to detect and report equipment failures Someone must review and act on these reports

    14. Application Controls Exist to satisfy the 6 transaction related audit objectives Existence Completeness Accuracy Classifications Timing Posting/Summarization

    15. Application Controls Performed by people Performed by computers

    16. Application Controls Input Controls- Entering Data Design of screens Pull-down lists Valid combinations Batch totals Record counts

    17. Application Controls Processing Controls Validation Sequence Test Math Reasonableness Completeness

    18. Application Controls Output Controls Review by human eyes for reasonableness

    19. Audit Process and IT General Controls are the most important auditors evaluate General Controls first Use Flow charts, manuals, interviews, change request forms, testing results to understand systems

    20. Audit Process and IT Controls Application controls may reduce control risk and need for evidence reduce sample size use software to test controls

    21. Audit Process and IT For less complex systems we can audit around the computer test documents before input and reports after output as if it was done manually

    22. Audit Process and IT For more Complex systems we Audit through the computer Test Data Approach - Auditors data, clients system All relevant conditions Programs must be the same all year Eliminate test data when done Parallel simulation- Auditor software, client data using Generalized Audit software (ACL or IDEA)

    23. Audit Process and IT For more Complex systems we Audit through the computer (continued) Embedded Audit Module - Auditor software and client data (software embedded all year in client system) real time parallel simulation.

    24. PC Environments General Controls less effective in smaller companies Auditors audit around the computer Access is a greater risk Loss of data (viruses)

    25. Network Environments LAN - Local area networks single or small cluster of buildings WAN - wide area networks larger regions including global Network risks lack of security

    26. Network Environments Internal Controls over Financial Reporting network configuration network software Access controls Change controls

    27. Database Management Systems Database Management System = storage of data for multiple uses reduce data redundancy control data integrated information (cost reduction) Risks Improper Access loss of data

    28. E-Commerce Systems Linking your network to outside networks for business purposes increases risk firewall (filters data) hardware and software encryption techniques- change message into code use decryption program to decode Public key to code, private key to decode Digital signatures- verify source of public key

    29. Outsourcing IT Application Service Providers (ASPs) and Computer service centers Difficulty in obtaining understanding of internal controls of the service center Rely on report done on Service Center by other auditors report on controls placed in operation report on controls placed in operations and tests of operating effectiveness

More Related