Upload
khristine-gail-arcega
View
217
Download
0
Embed Size (px)
Citation preview
7/27/2019 Auditing Report
http://slidepdf.com/reader/full/auditing-report 1/12
General Controls
7/27/2019 Auditing Report
http://slidepdf.com/reader/full/auditing-report 2/12
Segregation between CIS departmentand user departments. CIS
department must independent of all
departments within the entity thatprovide input data or that use output
generated by the CIS
Segregation of duties within the CISdepartment. Functions within the CIS
department should be properly
segregated for good organizational
7/27/2019 Auditing Report
http://slidepdf.com/reader/full/auditing-report 3/12
Sample Organizational Structure within
the CIS Department
CIS Director
SystemsDevelopment
Systems Analysis
Programmer
Operations
Computer Operator
Data EntryOperator
Other Functions
Librarian ControlGroup
7/27/2019 Auditing Report
http://slidepdf.com/reader/full/auditing-report 4/12
Position Primary Responsibilities
CIS Director Control over the CIS operation
Systems Analyst Designs new systems, evaluates and improves
existing systems, and prepares specification for
programmers
Programmer Writes a program, tests and debugs such
programs, and prepares the computer operatinginstructions.
Computer Operator Operates the computer to process transactions
Data Entry Operator Prepares and verifies input data for processing.
Librarian Maintains custody of systems documentation,programs and files
Control Group Reviews all input procedures, monitors computer
processing, follows-up data processing errors,
reviews the reasonableness of output, and
distributes output to authorized personnel.
7/27/2019 Auditing Report
http://slidepdf.com/reader/full/auditing-report 5/12
Optimal segregation of duties dictatesthat each of the above tasks be
assigned to different employees.
As a minimum, the functions of systemsdevelopment and computer operations
must be segregated.
A number of computer related fraudshave been resulted when these
functions were combined.
7/27/2019 Auditing Report
http://slidepdf.com/reader/full/auditing-report 6/12
Software developments as well aschanges thereof must be approved by
the appropriate level of management
and the user department.
Adequate systems documentation must
be made in order to facilitate the use of
the program as well as changes thatmay be introduced later into the system.
7/27/2019 Auditing Report
http://slidepdf.com/reader/full/auditing-report 7/12
Every computer system should haveadequate security controls to protect
equipment, files and programs.
Appropriate controls such as the useof passwords must be adopted in
order to protect data files and
programs from unauthorized.
7/27/2019 Auditing Report
http://slidepdf.com/reader/full/auditing-report 8/12
One of the characteristics of the CIS isthe vulnerability of files and programs.
A data recovery control provides for the
maintenance of back-up files and off-sitestorage procedures.
7/27/2019 Auditing Report
http://slidepdf.com/reader/full/auditing-report 9/12
Monitoring controls aredesigned to ensure that CIS
controls are working effectivelyas planned.
7/27/2019 Auditing Report
http://slidepdf.com/reader/full/auditing-report 10/12
1. As a minimum, the functions of these must be segregated.a. Systems development and Operations
b. Systems development and Other
Functions
c. Operations and Other Functions
d. All of the Above
e. None of the Above
7/27/2019 Auditing Report
http://slidepdf.com/reader/full/auditing-report 11/12
2. A control which relates to allparts of the CIS is called a(n)
a. Systems control
b. General control
c. Applications control
d. Universal controle. None of the Above
7/27/2019 Auditing Report
http://slidepdf.com/reader/full/auditing-report 12/12