Auditing Report

7/27/2019 Auditing Report

http://slidepdf.com/reader/full/auditing-report 1/12

General Controls



Segregation between CIS departmentand user departments. CIS

department must independent of all

departments within the entity thatprovide input data or that use output

generated by the CIS

Segregation of duties within the CISdepartment. Functions within the CIS

department should be properly

segregated for good organizational



Sample Organizational Structure within

the CIS Department

CIS Director

SystemsDevelopment

Systems Analysis

Programmer

Operations

Computer Operator

Data EntryOperator

Other Functions

Librarian ControlGroup



Position Primary Responsibilities

CIS Director Control over the CIS operation

Systems Analyst Designs new systems, evaluates and improves

existing systems, and prepares specification for

programmers

Programmer Writes a program, tests and debugs such

programs, and prepares the computer operatinginstructions.

Computer Operator Operates the computer to process transactions

Data Entry Operator Prepares and verifies input data for processing.

Librarian Maintains custody of systems documentation,programs and files

Control Group Reviews all input procedures, monitors computer

processing, follows-up data processing errors,

reviews the reasonableness of output, and

distributes output to authorized personnel.



Optimal segregation of duties dictatesthat each of the above tasks be

assigned to different employees.

As a minimum, the functions of systemsdevelopment and computer operations

must be segregated.

A number of computer related fraudshave been resulted when these

functions were combined.



Software developments as well aschanges thereof must be approved by

the appropriate level of management

and the user department.

Adequate systems documentation must

be made in order to facilitate the use of

the program as well as changes thatmay be introduced later into the system.



Every computer system should haveadequate security controls to protect

equipment, files and programs.

Appropriate controls such as the useof passwords must be adopted in

order to protect data files and

programs from unauthorized.



One of the characteristics of the CIS isthe vulnerability of files and programs.

A data recovery control provides for the

maintenance of back-up files and off-sitestorage procedures.



Monitoring controls aredesigned to ensure that CIS

controls are working effectivelyas planned.



1. As a minimum, the functions of these must be segregated.a. Systems development and Operations

b. Systems development and Other

Functions

c. Operations and Other Functions

d. All of the Above

e. None of the Above



2. A control which relates to allparts of the CIS is called a(n)

a. Systems control

b. General control

c. Applications control

d. Universal controle. None of the Above



Documents

Auditing Report