SlideShare ist ein Scribd-Unternehmen logo

Information system audit 2

Als PPTX, PDF herunterladen
J
Jayant Dalvi

Management Information Systems Audit Function

Bildung
1 von 40
INFORMATION SYSTEM AUDIT-II CHP 7. MANAGEMENT INFORMATION SYSTEMS AUDIT FUNCTION MR. JAYANT. P. DALVI
MIS • The three components of MIS provide a more complete and focused definition, where System suggests integration and holistic view, Information stands for processed data, and Management is the ultimate user, the decision makers. • Management information system can thus be analyzed as follows: • Management covers the planning, control, and administration of the operations of a concern. The top management handles planning; the middle management concentrates on controlling; and the lower management is concerned with actual administration. • Information, in MIS, means the processed data that helps the management in planning, controlling and operations. Data means all the facts arising out of the operations of the concern. Data is processed i.e. recorded, summarized, compared and finally presented to the management in the form of MIS report. • System Data is processed into information with the help of a system. A system is made up of inputs, processing, output and feedback or control. Thus MIS means a system for processing data in order to give proper information to the management for performing its functions
INTRODUCTION • Need of MIS audit to focus on the issues of corporate governance of IS in computerized environment and security controls to safeguard information and IS. • Well planned and structured audit is essential for risk management and monitoring and control IS in any organization. • objective is to identify risks that an organization in computerized environment. • evaluates adequacy of security controls and informs mgmt with suitable conclusions and recommendations
• it is continuous process of evaluating control, suggest security measures for purpose of safeguarding assets or resources, maintaining data integrity, improve system effectiveness and system efficiency for purpose of satisfying organization goals. • safeguarding of assets includes protection of hardware, software, facilities, people, data, technology, documentation and supplies. • auditor should review physical security over the facilities, security over systems software and adequacy of internal controls. • Data integrity includes safeguarding of information against unauthorized addition, deletion, modification or alteration. • it is maintained by Accuracy, Confidentiality, Completeness, Reliability, Efficiency.
AUDIT IN COMPUTERIZED ENVIRONMENT A) understanding computerized environment: • auditor requires following skills to understand the environment: 1. computer concepts and system design 2. functioning of accounting information system, identify new risks 3. understand how internal controls are mapped on to computers to manage technology and business risks 4. knowledge of use of computers in audit
B) ACCOUNTING INFORMATION SYSTEM IN COMPUTERIZED ENVIRONMENT • AIS is nothing but Transaction Processing system. TPS has 3 components input, processing and output. • IS follows the principle of garbage in- garbage out principle it is necessary that the input to the system should be accurate, complete and authorized for processing purpose. • It can be achieved by automating the input. there are large no of methods to be used for this purpose. • COBIT(Control Objectives for IT) is internal control framework established for IS which can be applied to AIS.
• To apply COBIT Framework, organization should define IS architecture: • frame security policies • conduct technology risk assessment • take steps to manage technology risks like designing appropriate audit trails, providing security to software systems, prepare business continuity plan, managing IS resources like data, apps and facilities, provide assurance for IS. • It is applicable to sales, purchase and payroll AIS by considering inputs required, app control, processing, report generation, exception reports, files used. • Auditor need to collect audit evidence to understand AIS.
C) IMPACT OF IT ON ECONOMICS OF AUDITING • IT impacts audit documentation, reporting, paper work. • Auditing in computerized environment enchances skills and knowledge of traditional auditing, IS, business technology risks. • it also impacts auditing, audit planning, audit risk, audit tools and techniques. • Detection and reduction of risks can now controlled by computer assisted tools and techniques. • Risk based audit approach starts with preliminary review. then followed by risk assessment
• under audit approach, depending upon intensity of use of IT, audit is done through computers. • Once approach is decided, the next step is assses general and application controls. • after this step, evidence is collected, evaluated and reports are prepared using IS.
D) SECURITY • IS resources are vulnerable to risks and subject financial, productivity losses. • security is necessary to maintain confidentiality, integrity and availability of data, app system and other resources. • principles of security: • Accountability: apportionment of duties, responsibilities, and accountability in organization • creation of security awareness • cost effective implementation of info security
• integrated efforts to implement security • periodic assesment of security needs • Timely implementation of security • Types of control to implement security: • framing and implementing security policy: physical, environmental, logical, administrative control. 1. physical: keys, locks, biometrics 2. environmental controls 3. logical control: access controls 4. Admin control: seperation of duties, policy, procedures, standards, disaster recovery, IS audit etc.
E) IS MANAGEMENT • it includes collection and evalation of evidence to determine whether the IS safeguard assets, maintain data integrity, achieve organizational goals, and consume resources efficiently. • it is divided into 4 phases: • Management(planning and organizing) • Implementation and deployment • Directing and controls • audit and monitoring
F) AVAILABILITY OF IS • security serves 3 purposes: confidentiality, availability and integrity • access controls provide confidentiality and availability • Business continuity process and back-up procedures provides integrity • Disaster recovery plan puts various IS resources in place, if any disaster occurs. • Because of this, financial auditor gets an idea about the risks and importance of application
G) DATABASE MANAGEMENT • database provides data sharing and data independence. • data sharing means users and apps can share data and data independence means data is stored independent of applications. • It makes IS secure and easy implementation. • DB offers facilities like data dictionary, sign-in and authentication mechanisms.
H) ACCESS CONTROL • all IS requires OS and DB that have ability to control access to the data and apps. • OS controls access at dictionary and file systems. • DB controls access at record and field levels. • To ensure data integrity, it is necessary to control access to data, apps and other resources. • so access to these systems should be strictly limited with the help of authetication and authorization • Authentication allows only authorized user should access to system and authorization allows only minimum access to authorized user. • This can be achieved by System Administrator • Auditors should know all these roles.
I) APPLICATION CONTROLS AND THEIR FUNCTIONING • purpose of application control is data integrity which is achieved to ensure integrity of input, processing and output. • Application controls are divided into: validation of input, authorization of input, completeness of input, accuracy of input integrity of stored data, completeness and accuracy of processing data, restricted access to assets and data, confidentiality and integrity of output. • Business risks are controlled by application control. • Application controls effectiveness can be tested either by continuous audit or by general audit software
J) EVALUATION OF BUSINESS RISKS • Business risks are controlled and managed by implementing application controls so primary duty of auditor is to evaluate application control to reduce risk to minimun. • 2 types of testing is done i.e compliance and substantial testing. compliance testing is done only for complex systems. • computer assisted tools and techniques help to conduct substantive testing to evaluate whether financial statements depicts true and fair picture. • Audit command Language(ACL) is used in general audit software which offers tools to understand qualitative and quantitative features of data. • it provides facilities like indexing, sorting, joining, setting relation, creating output files, exporting files, extracting files. • It also has feature to create command log which keeps check on auditor, improves the quality of audit also helps in systems audit.
K) CONVERSION AUDIT • Data conversion in a software project provides ability to convert data from one database to another and from one application to another. • Conversion audit is conducted to check accuracy of such data conversions.
RISK BASED AUDIT FRAMEWORK • It assists managers in meeting Policy on transfer payments(PTP) risk related requirements that support governments directions to more systematic and corporate management of risk in design and delivery of programs. • Planning of incorporating risks in initial stages: • type of transfer payment should be determined by departmental mandate, business lines, clients etc • it is a government policy to manage transfer payments in a manner that is sensitive to risks, complexity, accountability for results and economical use of resources. • Department must develop risk based audit framework for auditing of risks.
• Treasury Board of Secretariat(TBS) acknowleged importance and benefit of systematic risk management as a strategic investment in attainment of overall business objectives and demonstration of good governance. • Integrated Risk Management Framework strengthen accountability by demonstrating that levels of risk should explicitly understood. • Active monitoring policy which incorporate that department must actively monitor their management practices and controls using risk based approach
RBAF • It is a management document that explains how risks concepts are integrated into strategies and approaches used for managing programs that are funded through transfer payments. • RBAF provides: • Background and profile info on transfer payment pgm including key areas that program faces. • understanding of specific risks that may influence achievement of transfer payment program through objectives • description of existing measures and strategies for managing specific risks • explaination of monitoring, recipient auditing, internal auditing, reporting practices and procedures
NEED OF RBAF • Transfer payment programs operate in environment includes numerous interconnections, global organizations, governance req, authorities, and various risk drivers. • RBAF enhances managers and employees understanding and comm of risk and related mitigation options. • strengthen accountability for achieving objectives over public funds • facilitates managers achivement of govm wide req. • provides basis upon which to create contingency plans • helps to secure funding for new or renewed pgms • enhance info for decision making
DEVELOPMENT AND IMPLEMENTATION OF RBAF • Key parties involved in development and implementation of RBAF: • Managers of pgm to ensure framework reflects accurate analysis of potential risks to achieve objectives as well as monitor and report strategies. • Internal Audit and Program staff provide expert advice and technical support to idenfy, assess and monitor risk. • Evaluation staff provide knowledge and expertise in recognition of potential for overlap between RBAF and RMAF • TBS program and Center for excellence for internal audit analyst provide advice during preparation of pgm • Delivery partners, codewriters, etc.
PLANNING AND PREPARING RBAF • uncomplicated programs with low materiality and straightforward accountability and risk mgmt environment would require less detailed RBAF. • high priority and complex pgms with significant materiality and diversified and complex env require more detailed RBAF and large time and efforts investment. • meaningful info should be provided in each section of RBAF
ROLES, RESPONSIBILITIES AND RELATIONSHIPS • Purpose: it should clearly delegate respective roles and responsibilities of mgmt and IA with terms and conditions for monitoring, auditing and RBAF requirements. • Proces: PTP, guide on grants, contributions and other transfer payments delegate the roles and responsibilities of mgmt and IA. • Management: responsible for ongoing financial and operational monitoring and audit of recipients whether results data is reliable. • Internal Audits: to employ risk based methodologies in planning and conducting audits to provide assurance on adequacy of integrated risk mgmt practices, mgmt control frameworks and info used for decision making and reporting on achievement of overall objectives. • product: stmt of roles and responsibilities betn mgmt and IA and recipient
PROGRAM PROFILE • purpose: should provide context and key areas of inherent risk that evolve from transfer payment programs objectives amd environment. • process: should be developed with reference to organizations outcomes and design info that has been compiled during recent business planning and development of RMAF. • product: needs of pgm, target population, resources, product grps, delivery mechanisms and governance structure.
RISK IDENTIFICATION, ASSESSMENT AND MGMT SUMMARY • key risks should be identified, assessed and associated measures either implemented. • purpose: ensure explicit understanding of level of key risks also understands controls to reduce this risk. • process: it requires input from team of managers and knowledgeable staff within pgm area of functional grps. • preparation steps: • consider who should participate • clearly define risk • establish time horizon • customize risk matrix • consider other tool req.
Process Steps • understand objectives: objectives with reference to outcomes • risk identification: conduction of preliminary analysis of risk level of each area to further analysis of areas • risk assessment: use existing preventive measures for risk areas selected for analysis for further analysis • risk response: decide strategies to avoid, transfer, share, accept and manage the risk
Process steps • Key risk summaries: includes following- • methodologies section- risk definition and model • brief description- process steps • identification of involved teams • risk matrix- levels of impact and likelihood • key areas- overall risk context of pgm and strategies
PROGRAM MONITORING AND RECIPIENT AUDITING • purpose: to provide description of monitoring and recipient auditing practices undertaken by mgmt. • process: objectives to meet • achievement of established outcomes • risks to achieve outcomes • determine eligibility of recipients and expenditures of funds • efficient, effective and economical use of resources • whether or not pgm is administered with terms and conditions at all stages of transfer payment life cycle
INTERNAL AUDITING • purpose: provide valuable assistance to mgmt by providing assurance as to soundness of risk mgmt strategy and practices , mgmt control framework and practices and info being used for decision making and reporting • process: used same risk assessment methodology and recipient audit risk • indicate results of audit performed , details of future plans, with expected costs • product: description of results, audit objectives assessed, scope, timing and expected cost for future plan, description of audit risk assessment methodology
PLANNING OF MANAGING IS AUDIT FUNCTION • Once need for a new system has been identified, plans must be developed to ensure that the new system can be successfully integrated with business processes and that should provide acceptable return of investment for organization. • effective project mgmt is essential if systems are to be produced that correctly fulfill req of their users without exceeding constraints of time and budget
PLANNING OF MANAGING IS AUDIT FUNCTION • requirements: • inbound logistics: receiving, warehousing and inventory control of input materials. • operations: value creating activities that transform inputs into final product • outbound logistics: activities req to get finished product to customer, including warehousing, order fullfillment • marketing and sales: activities associated with getting buyers to purchase product, including channel selection, advertising, pricing • service: activities maintain and enhance products value including customer suport, repair services
ZACHMAN FRAMEWORK • Zachman developed it for most systematic delivery of IS. • perspectives: • Data: what data entities need to capture and what are relationships between them • Function: which functions need to be addressed and which arguments does each function have • Network: which nodes need t be supported and what links exists between them • People: who are our agents and what are their tasks or work • Time: when do things happen and to which cycles do they conform • Motivation: what are ends of goals and by what means will we get there?
STRATEGIC IMPORTANCE GRID • Looks at entire IS portfolio of organization i.e all the systems currently in operation as well as the future systems currently under development or being planned. • assess whether a significant portion of an organizations systems is of strategic nature and classifies the organization acc into one of 4 possible categories on IS strategic imp grid. • assess imp of IS strategic plannoing in overall strategic business plan. • useful in strategic competitor analysis or significant shifts in budget
IS PLANNING • components of IS need to be successfully integrated in order to provide right info at right place and time. • So IS architecture needed to define IS resources that will be used to support business strategy and stds that should be adhered to in order to ensure compatibility within the system • planning needs to identify app needs of business and business goals • alternative software products needs to be evaluated also hardware and OS should be appropriate. • includes technical support, estimation of operating costs, financing method
COST BENEFIT ANALYSIS • used to access and prioritize new system development projects by measuring financial impact of proposed system. • Tangible benefits includes reduced inventory and admin cost, higher processing volume, reduction of bad debts and improved cash flow. • Intangible benefits includes customer satisfaction and better decision making. • Costs includes Development cost, equipment cost, operating cost
SOFTWARE ACQUISITION OPTIONS • In-house development: develop and support computer systems to support companys strategic goals. • Outsourcing: purchasing of service, ASP • End-user computing: training and assistance to user • Project management: planning, allocation, scheduling and review • organizing of MIS audit function with the help of activity analysis and decision analysis • Also creating departmentation and delegation of authority.
CONTROLLING MIS AUDIT FUNCTION • purpose of control: • to regulate process to achieve goals, objectives, targets • control is exercised through system through comparing perfomance • it should work on principle of feedback • Corrective action to be taken time • it gives advance warning about occurence of deviations in system • auditing is tool of control • control tools: planning, budgets, financial, risk analysis, pert/cpm
BENEFITS OF IS AUDIT FOR ORGANIZATION • mapping business control with IT application • business process reengineering • IT security policy • Security awareness • Better return on inverstment • risk management

Empfohlen

Conducting an Information Systems Audit
Conducting an Information Systems Audit Conducting an Information Systems Audit
Conducting an Information Systems Audit Sreekanth Narendran
 
Information Systems Control and Audit - Chapter 4 - Systems Development Manag...
Information Systems Control and Audit - Chapter 4 - Systems Development Manag...Information Systems Control and Audit - Chapter 4 - Systems Development Manag...
Information Systems Control and Audit - Chapter 4 - Systems Development Manag...Sreekanth Narendran
 
Compliance
ComplianceCompliance
CompliancePriyank Hada
 
Auditing in Computerized Environment
Auditing in Computerized EnvironmentAuditing in Computerized Environment
Auditing in Computerized EnvironmentDr. Sushil Bansode
 
Security Baselines and Risk Assessments
Security Baselines and Risk AssessmentsSecurity Baselines and Risk Assessments
Security Baselines and Risk AssessmentsPriyank Hada
 
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...Sreekanth Narendran
 
CIS Audit Lecture # 1
CIS Audit Lecture # 1CIS Audit Lecture # 1
CIS Audit Lecture # 1Cheng Olayvar
 
IT General Controls
IT General ControlsIT General Controls
IT General ControlsCicero Ray Rufino
 

Empfohlen

Conducting an Information Systems Audit
Conducting an Information Systems Audit Conducting an Information Systems Audit
Conducting an Information Systems Audit Sreekanth Narendran
 
Information Systems Control and Audit - Chapter 4 - Systems Development Manag...
Information Systems Control and Audit - Chapter 4 - Systems Development Manag...Information Systems Control and Audit - Chapter 4 - Systems Development Manag...
Information Systems Control and Audit - Chapter 4 - Systems Development Manag...Sreekanth Narendran
 
Compliance
ComplianceCompliance
CompliancePriyank Hada
 
Auditing in Computerized Environment
Auditing in Computerized EnvironmentAuditing in Computerized Environment
Auditing in Computerized EnvironmentDr. Sushil Bansode
 
Security Baselines and Risk Assessments
Security Baselines and Risk AssessmentsSecurity Baselines and Risk Assessments
Security Baselines and Risk AssessmentsPriyank Hada
 
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...Sreekanth Narendran
 
CIS Audit Lecture # 1
CIS Audit Lecture # 1CIS Audit Lecture # 1
CIS Audit Lecture # 1Cheng Olayvar
 
IT General Controls
IT General ControlsIT General Controls
IT General ControlsCicero Ray Rufino
 
Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1Sreekanth Narendran
 
Security audit
Security auditSecurity audit
Security auditRosaria Dee
 
Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1Yasir Khan
 
5.4 it security audit (mauritius)
5.4 it security audit (mauritius)5.4 it security audit (mauritius)
5.4 it security audit (mauritius)Corporate Registers Forum
 
Auditing in a computer environment copy
Auditing in a computer environment copyAuditing in a computer environment copy
Auditing in a computer environment copySaleh Rashid
 
Control and Audit Information System
Control and Audit Information SystemControl and Audit Information System
Control and Audit Information Systemarif prasetyo
 
Audit and Assurance
Audit and AssuranceAudit and Assurance
Audit and AssuranceMuhamadSyawal7
 
Audit in computerised informaton system environment and recent development i...
Audit in computerised informaton system environment and recent development i...Audit in computerised informaton system environment and recent development i...
Audit in computerised informaton system environment and recent development i...Dr. Sanjay Sawant Dessai
 
Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6Sharah Ayumi
 
It Security Audit Process
It Security Audit ProcessIt Security Audit Process
It Security Audit ProcessRam Srivastava
 
Security Audit View
Security Audit ViewSecurity Audit View
Security Audit ViewPLN9 Security Services Pvt. Ltd.
 
Ict governance
Ict governanceIct governance
Ict governanceZablon Peter
 
03.2 application control
03.2 application control03.2 application control
03.2 application controlMulyadi Yusuf
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security AuditMufaddal Nullwala
 
ITGC audit of ERPs
ITGC audit of ERPsITGC audit of ERPs
ITGC audit of ERPsJayesh Daga
 
Security and Audit Report Sign-Off—Made Easy
Security and Audit Report Sign-Off—Made EasySecurity and Audit Report Sign-Off—Made Easy
Security and Audit Report Sign-Off—Made EasyHelpSystems
 
Chapter008
Chapter008Chapter008
Chapter008Jeanie Delos Arcos
 
Chapter005
Chapter005Chapter005
Chapter005Jeanie Delos Arcos
 
Computer Audit an Introductory
Computer Audit an IntroductoryComputer Audit an Introductory
Computer Audit an IntroductoryMNorazizi HM
 
Rm 11-1
Rm 11-1Rm 11-1
Rm 11-1tomkacy
 
Controls in Audit.pptx
Controls in Audit.pptxControls in Audit.pptx
Controls in Audit.pptxHardikKundra
 
CISA_WK_4.pptx
CISA_WK_4.pptxCISA_WK_4.pptx
CISA_WK_4.pptxdotco
 

Weitere ähnliche Inhalte

Was ist angesagt?

Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1Sreekanth Narendran
 
Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1Yasir Khan
 
Auditing in a computer environment copy
Auditing in a computer environment copyAuditing in a computer environment copy
Auditing in a computer environment copySaleh Rashid
 
Control and Audit Information System
Control and Audit Information SystemControl and Audit Information System
Control and Audit Information Systemarif prasetyo
 
Audit in computerised informaton system environment and recent development i...
Audit in computerised informaton system environment and recent development i...Audit in computerised informaton system environment and recent development i...
Audit in computerised informaton system environment and recent development i...Dr. Sanjay Sawant Dessai
 
Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6Sharah Ayumi
 
It Security Audit Process
It Security Audit ProcessIt Security Audit Process
It Security Audit ProcessRam Srivastava
 
03.2 application control
03.2 application control03.2 application control
03.2 application controlMulyadi Yusuf
 
ITGC audit of ERPs
ITGC audit of ERPsITGC audit of ERPs
ITGC audit of ERPsJayesh Daga
 
Security and Audit Report Sign-Off—Made Easy
Security and Audit Report Sign-Off—Made EasySecurity and Audit Report Sign-Off—Made Easy
Security and Audit Report Sign-Off—Made EasyHelpSystems
 
Computer Audit an Introductory
Computer Audit an IntroductoryComputer Audit an Introductory
Computer Audit an IntroductoryMNorazizi HM
 

Was ist angesagt? (20)

Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1
 
Security audit
Security auditSecurity audit
Security audit
 
Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1
 
5.4 it security audit (mauritius)
5.4 it security audit (mauritius)5.4 it security audit (mauritius)
5.4 it security audit (mauritius)
 
Auditing in a computer environment copy
Auditing in a computer environment copyAuditing in a computer environment copy
Auditing in a computer environment copy
 
Control and Audit Information System
Control and Audit Information SystemControl and Audit Information System
Control and Audit Information System
 
Audit and Assurance
Audit and AssuranceAudit and Assurance
Audit and Assurance
 
Audit in computerised informaton system environment and recent development i...
Audit in computerised informaton system environment and recent development i...Audit in computerised informaton system environment and recent development i...
Audit in computerised informaton system environment and recent development i...
 
Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6
 
It Security Audit Process
It Security Audit ProcessIt Security Audit Process
It Security Audit Process
 
Security Audit View
Security Audit ViewSecurity Audit View
Security Audit View
 
Ict governance
Ict governanceIct governance
Ict governance
 
03.2 application control
03.2 application control03.2 application control
03.2 application control
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security Audit
 
ITGC audit of ERPs
ITGC audit of ERPsITGC audit of ERPs
ITGC audit of ERPs
 
Security and Audit Report Sign-Off—Made Easy
Security and Audit Report Sign-Off—Made EasySecurity and Audit Report Sign-Off—Made Easy
Security and Audit Report Sign-Off—Made Easy
 
Chapter008
Chapter008Chapter008
Chapter008
 
Chapter005
Chapter005Chapter005
Chapter005
 
Computer Audit an Introductory
Computer Audit an IntroductoryComputer Audit an Introductory
Computer Audit an Introductory
 
Rm 11-1
Rm 11-1Rm 11-1
Rm 11-1
 

Ähnlich wie Information system audit 2

Controls in Audit.pptx
Controls in Audit.pptxControls in Audit.pptx
Controls in Audit.pptxHardikKundra
 
CISA_WK_4.pptx
CISA_WK_4.pptxCISA_WK_4.pptx
CISA_WK_4.pptxdotco
 
CISA_WK_1.pptx
CISA_WK_1.pptxCISA_WK_1.pptx
CISA_WK_1.pptxdotco
 
Auditing in computerized environment.pptx
Auditing in computerized environment.pptxAuditing in computerized environment.pptx
Auditing in computerized environment.pptxinfantemiliya18
 
Emerging Contractors Mitigating Control Risk
Emerging Contractors Mitigating Control Risk Emerging Contractors Mitigating Control Risk
Emerging Contractors Mitigating Control Risk Marie Pagnotta
 
Chapter-2-Control-Audit-Security-ioenotes.pptx
Chapter-2-Control-Audit-Security-ioenotes.pptxChapter-2-Control-Audit-Security-ioenotes.pptx
Chapter-2-Control-Audit-Security-ioenotes.pptxToxicHawk
 
Information 2nd lesson
Information 2nd lessonInformation 2nd lesson
Information 2nd lessonAnne ndolo
 
CISM_WK_2.pptx
CISM_WK_2.pptxCISM_WK_2.pptx
CISM_WK_2.pptxdotco
 
Information system audit
Information system audit Information system audit
Information system audit Jayant Dalvi
 
Computerized Environment
Computerized EnvironmentComputerized Environment
Computerized EnvironmentVadivelM9
 
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docxLynellBull52
 
Information systems audit n control introduction.ppt
Information systems audit n control introduction.pptInformation systems audit n control introduction.ppt
Information systems audit n control introduction.pptr209777z
 
Overview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptxOverview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptxJoshJaro
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principlesDivya Tiwari
 
Security Organization/ Infrastructure
Security Organization/ InfrastructureSecurity Organization/ Infrastructure
Security Organization/ InfrastructurePriyank Hada
 
what is system audit and objectives of system audit.pptx
what is system audit and objectives of system audit.pptxwhat is system audit and objectives of system audit.pptx
what is system audit and objectives of system audit.pptxsimratkaur290104
 
The Importance of Security within the Computer Environment
The Importance of Security within the Computer EnvironmentThe Importance of Security within the Computer Environment
The Importance of Security within the Computer EnvironmentAdetula Bunmi
 
Unit-1 part 2.pptx
Unit-1 part 2.pptxUnit-1 part 2.pptx
Unit-1 part 2.pptxHKShab
 
Information systems and its components iii
Information systems and its components iiiInformation systems and its components iii
Information systems and its components iiiAshish Desai
 

Ähnlich wie Information system audit 2 (20)

Controls in Audit.pptx
Controls in Audit.pptxControls in Audit.pptx
Controls in Audit.pptx
 
CISA_WK_4.pptx
CISA_WK_4.pptxCISA_WK_4.pptx
CISA_WK_4.pptx
 
CISA_WK_1.pptx
CISA_WK_1.pptxCISA_WK_1.pptx
CISA_WK_1.pptx
 
Auditing in computerized environment.pptx
Auditing in computerized environment.pptxAuditing in computerized environment.pptx
Auditing in computerized environment.pptx
 
Emerging Contractors Mitigating Control Risk
Emerging Contractors Mitigating Control Risk Emerging Contractors Mitigating Control Risk
Emerging Contractors Mitigating Control Risk
 
Chapter-2-Control-Audit-Security-ioenotes.pptx
Chapter-2-Control-Audit-Security-ioenotes.pptxChapter-2-Control-Audit-Security-ioenotes.pptx
Chapter-2-Control-Audit-Security-ioenotes.pptx
 
Information 2nd lesson
Information 2nd lessonInformation 2nd lesson
Information 2nd lesson
 
auditing-190520092523.pdf
auditing-190520092523.pdfauditing-190520092523.pdf
auditing-190520092523.pdf
 
CISM_WK_2.pptx
CISM_WK_2.pptxCISM_WK_2.pptx
CISM_WK_2.pptx
 
Information system audit
Information system audit Information system audit
Information system audit
 
Computerized Environment
Computerized EnvironmentComputerized Environment
Computerized Environment
 
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
 
Information systems audit n control introduction.ppt
Information systems audit n control introduction.pptInformation systems audit n control introduction.ppt
Information systems audit n control introduction.ppt
 
Overview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptxOverview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptx
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principles
 
Security Organization/ Infrastructure
Security Organization/ InfrastructureSecurity Organization/ Infrastructure
Security Organization/ Infrastructure
 
what is system audit and objectives of system audit.pptx
what is system audit and objectives of system audit.pptxwhat is system audit and objectives of system audit.pptx
what is system audit and objectives of system audit.pptx
 
The Importance of Security within the Computer Environment
The Importance of Security within the Computer EnvironmentThe Importance of Security within the Computer Environment
The Importance of Security within the Computer Environment
 
Unit-1 part 2.pptx
Unit-1 part 2.pptxUnit-1 part 2.pptx
Unit-1 part 2.pptx
 
Information systems and its components iii
Information systems and its components iiiInformation systems and its components iii
Information systems and its components iii
 

Mehr von Jayant Dalvi

Linux System Administration
Linux System AdministrationLinux System Administration
Linux System AdministrationJayant Dalvi
 
Linux System Administration
Linux System AdministrationLinux System Administration
Linux System AdministrationJayant Dalvi
 
Structured system analysis and design
Structured system analysis and design Structured system analysis and design
Structured system analysis and design Jayant Dalvi
 
Structured system analysis and design
Structured system analysis and design Structured system analysis and design
Structured system analysis and design Jayant Dalvi
 
Structured system analysis and design
Structured system analysis and design Structured system analysis and design
Structured system analysis and design Jayant Dalvi
 
Structured system analysis and design
Structured system analysis and design Structured system analysis and design
Structured system analysis and design Jayant Dalvi
 
java- Abstract Window toolkit
java- Abstract Window toolkitjava- Abstract Window toolkit
java- Abstract Window toolkitJayant Dalvi
 
Structured system analysis and design
Structured system analysis and design Structured system analysis and design
Structured system analysis and design Jayant Dalvi
 
Information system audit
Information system audit Information system audit
Information system audit Jayant Dalvi
 
Information system audit
Information system audit Information system audit
Information system audit Jayant Dalvi
 
Structured system analysis and design
Structured system analysis and design Structured system analysis and design
Structured system analysis and design Jayant Dalvi
 
Multithreading in Java
Multithreading in JavaMultithreading in Java
Multithreading in JavaJayant Dalvi
 
Exception handling c++
Exception handling c++Exception handling c++
Exception handling c++Jayant Dalvi
 
Object Oriented Programming using C++
Object Oriented Programming using C++Object Oriented Programming using C++
Object Oriented Programming using C++Jayant Dalvi
 

Mehr von Jayant Dalvi (15)

Linux System Administration
Linux System AdministrationLinux System Administration
Linux System Administration
 
Linux System Administration
Linux System AdministrationLinux System Administration
Linux System Administration
 
Structured system analysis and design
Structured system analysis and design Structured system analysis and design
Structured system analysis and design
 
Structured system analysis and design
Structured system analysis and design Structured system analysis and design
Structured system analysis and design
 
Structured system analysis and design
Structured system analysis and design Structured system analysis and design
Structured system analysis and design
 
Java I/O
Java I/OJava I/O
Java I/O
 
Structured system analysis and design
Structured system analysis and design Structured system analysis and design
Structured system analysis and design
 
java- Abstract Window toolkit
java- Abstract Window toolkitjava- Abstract Window toolkit
java- Abstract Window toolkit
 
Structured system analysis and design
Structured system analysis and design Structured system analysis and design
Structured system analysis and design
 
Information system audit
Information system audit Information system audit
Information system audit
 
Information system audit
Information system audit Information system audit
Information system audit
 
Structured system analysis and design
Structured system analysis and design Structured system analysis and design
Structured system analysis and design
 
Multithreading in Java
Multithreading in JavaMultithreading in Java
Multithreading in Java
 
Exception handling c++
Exception handling c++Exception handling c++
Exception handling c++
 
Object Oriented Programming using C++
Object Oriented Programming using C++Object Oriented Programming using C++
Object Oriented Programming using C++
 

Kürzlich hochgeladen

Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfPoh-Sun Goh
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxRamakrishna Reddy Bijjam
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesCeline George
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Shubhangi Sonawane
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxVishalSingh1417
 
Role Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptxRole Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptxNikitaBankoti2
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.MaryamAhmad92
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural Resources
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural ResourcesEnergy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural Resources
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural ResourcesShubhangi Sonawane
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701bronxfugly43
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.christianmathematics
 

Kürzlich hochgeladen (20)

Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Asian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptxAsian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptx
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
Role Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptxRole Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptx
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural Resources
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural ResourcesEnergy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural Resources
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural Resources
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 

Information system audit 2

  • 1. INFORMATION SYSTEM AUDIT-II CHP 7. MANAGEMENT INFORMATION SYSTEMS AUDIT FUNCTION MR. JAYANT. P. DALVI
  • 2. MIS • The three components of MIS provide a more complete and focused definition, where System suggests integration and holistic view, Information stands for processed data, and Management is the ultimate user, the decision makers. • Management information system can thus be analyzed as follows: • Management covers the planning, control, and administration of the operations of a concern. The top management handles planning; the middle management concentrates on controlling; and the lower management is concerned with actual administration. • Information, in MIS, means the processed data that helps the management in planning, controlling and operations. Data means all the facts arising out of the operations of the concern. Data is processed i.e. recorded, summarized, compared and finally presented to the management in the form of MIS report. • System Data is processed into information with the help of a system. A system is made up of inputs, processing, output and feedback or control. Thus MIS means a system for processing data in order to give proper information to the management for performing its functions
  • 3. INTRODUCTION • Need of MIS audit to focus on the issues of corporate governance of IS in computerized environment and security controls to safeguard information and IS. • Well planned and structured audit is essential for risk management and monitoring and control IS in any organization. • objective is to identify risks that an organization in computerized environment. • evaluates adequacy of security controls and informs mgmt with suitable conclusions and recommendations
  • 4. • it is continuous process of evaluating control, suggest security measures for purpose of safeguarding assets or resources, maintaining data integrity, improve system effectiveness and system efficiency for purpose of satisfying organization goals. • safeguarding of assets includes protection of hardware, software, facilities, people, data, technology, documentation and supplies. • auditor should review physical security over the facilities, security over systems software and adequacy of internal controls. • Data integrity includes safeguarding of information against unauthorized addition, deletion, modification or alteration. • it is maintained by Accuracy, Confidentiality, Completeness, Reliability, Efficiency.
  • 5. AUDIT IN COMPUTERIZED ENVIRONMENT A) understanding computerized environment: • auditor requires following skills to understand the environment: 1. computer concepts and system design 2. functioning of accounting information system, identify new risks 3. understand how internal controls are mapped on to computers to manage technology and business risks 4. knowledge of use of computers in audit
  • 6. B) ACCOUNTING INFORMATION SYSTEM IN COMPUTERIZED ENVIRONMENT • AIS is nothing but Transaction Processing system. TPS has 3 components input, processing and output. • IS follows the principle of garbage in- garbage out principle it is necessary that the input to the system should be accurate, complete and authorized for processing purpose. • It can be achieved by automating the input. there are large no of methods to be used for this purpose. • COBIT(Control Objectives for IT) is internal control framework established for IS which can be applied to AIS.
  • 7. • To apply COBIT Framework, organization should define IS architecture: • frame security policies • conduct technology risk assessment • take steps to manage technology risks like designing appropriate audit trails, providing security to software systems, prepare business continuity plan, managing IS resources like data, apps and facilities, provide assurance for IS. • It is applicable to sales, purchase and payroll AIS by considering inputs required, app control, processing, report generation, exception reports, files used. • Auditor need to collect audit evidence to understand AIS.
  • 8. C) IMPACT OF IT ON ECONOMICS OF AUDITING • IT impacts audit documentation, reporting, paper work. • Auditing in computerized environment enchances skills and knowledge of traditional auditing, IS, business technology risks. • it also impacts auditing, audit planning, audit risk, audit tools and techniques. • Detection and reduction of risks can now controlled by computer assisted tools and techniques. • Risk based audit approach starts with preliminary review. then followed by risk assessment
  • 9. • under audit approach, depending upon intensity of use of IT, audit is done through computers. • Once approach is decided, the next step is assses general and application controls. • after this step, evidence is collected, evaluated and reports are prepared using IS.
  • 10. D) SECURITY • IS resources are vulnerable to risks and subject financial, productivity losses. • security is necessary to maintain confidentiality, integrity and availability of data, app system and other resources. • principles of security: • Accountability: apportionment of duties, responsibilities, and accountability in organization • creation of security awareness • cost effective implementation of info security
  • 11. • integrated efforts to implement security • periodic assesment of security needs • Timely implementation of security • Types of control to implement security: • framing and implementing security policy: physical, environmental, logical, administrative control. 1. physical: keys, locks, biometrics 2. environmental controls 3. logical control: access controls 4. Admin control: seperation of duties, policy, procedures, standards, disaster recovery, IS audit etc.
  • 12. E) IS MANAGEMENT • it includes collection and evalation of evidence to determine whether the IS safeguard assets, maintain data integrity, achieve organizational goals, and consume resources efficiently. • it is divided into 4 phases: • Management(planning and organizing) • Implementation and deployment • Directing and controls • audit and monitoring
  • 13. F) AVAILABILITY OF IS • security serves 3 purposes: confidentiality, availability and integrity • access controls provide confidentiality and availability • Business continuity process and back-up procedures provides integrity • Disaster recovery plan puts various IS resources in place, if any disaster occurs. • Because of this, financial auditor gets an idea about the risks and importance of application
  • 14. G) DATABASE MANAGEMENT • database provides data sharing and data independence. • data sharing means users and apps can share data and data independence means data is stored independent of applications. • It makes IS secure and easy implementation. • DB offers facilities like data dictionary, sign-in and authentication mechanisms.
  • 15. H) ACCESS CONTROL • all IS requires OS and DB that have ability to control access to the data and apps. • OS controls access at dictionary and file systems. • DB controls access at record and field levels. • To ensure data integrity, it is necessary to control access to data, apps and other resources. • so access to these systems should be strictly limited with the help of authetication and authorization • Authentication allows only authorized user should access to system and authorization allows only minimum access to authorized user. • This can be achieved by System Administrator • Auditors should know all these roles.
  • 16. I) APPLICATION CONTROLS AND THEIR FUNCTIONING • purpose of application control is data integrity which is achieved to ensure integrity of input, processing and output. • Application controls are divided into: validation of input, authorization of input, completeness of input, accuracy of input integrity of stored data, completeness and accuracy of processing data, restricted access to assets and data, confidentiality and integrity of output. • Business risks are controlled by application control. • Application controls effectiveness can be tested either by continuous audit or by general audit software
  • 17. J) EVALUATION OF BUSINESS RISKS • Business risks are controlled and managed by implementing application controls so primary duty of auditor is to evaluate application control to reduce risk to minimun. • 2 types of testing is done i.e compliance and substantial testing. compliance testing is done only for complex systems. • computer assisted tools and techniques help to conduct substantive testing to evaluate whether financial statements depicts true and fair picture. • Audit command Language(ACL) is used in general audit software which offers tools to understand qualitative and quantitative features of data. • it provides facilities like indexing, sorting, joining, setting relation, creating output files, exporting files, extracting files. • It also has feature to create command log which keeps check on auditor, improves the quality of audit also helps in systems audit.
  • 18. K) CONVERSION AUDIT • Data conversion in a software project provides ability to convert data from one database to another and from one application to another. • Conversion audit is conducted to check accuracy of such data conversions.
  • 19. RISK BASED AUDIT FRAMEWORK • It assists managers in meeting Policy on transfer payments(PTP) risk related requirements that support governments directions to more systematic and corporate management of risk in design and delivery of programs. • Planning of incorporating risks in initial stages: • type of transfer payment should be determined by departmental mandate, business lines, clients etc • it is a government policy to manage transfer payments in a manner that is sensitive to risks, complexity, accountability for results and economical use of resources. • Department must develop risk based audit framework for auditing of risks.
  • 20. • Treasury Board of Secretariat(TBS) acknowleged importance and benefit of systematic risk management as a strategic investment in attainment of overall business objectives and demonstration of good governance. • Integrated Risk Management Framework strengthen accountability by demonstrating that levels of risk should explicitly understood. • Active monitoring policy which incorporate that department must actively monitor their management practices and controls using risk based approach
  • 21. RBAF • It is a management document that explains how risks concepts are integrated into strategies and approaches used for managing programs that are funded through transfer payments. • RBAF provides: • Background and profile info on transfer payment pgm including key areas that program faces. • understanding of specific risks that may influence achievement of transfer payment program through objectives • description of existing measures and strategies for managing specific risks • explaination of monitoring, recipient auditing, internal auditing, reporting practices and procedures
  • 22. NEED OF RBAF • Transfer payment programs operate in environment includes numerous interconnections, global organizations, governance req, authorities, and various risk drivers. • RBAF enhances managers and employees understanding and comm of risk and related mitigation options. • strengthen accountability for achieving objectives over public funds • facilitates managers achivement of govm wide req. • provides basis upon which to create contingency plans • helps to secure funding for new or renewed pgms • enhance info for decision making
  • 23. DEVELOPMENT AND IMPLEMENTATION OF RBAF • Key parties involved in development and implementation of RBAF: • Managers of pgm to ensure framework reflects accurate analysis of potential risks to achieve objectives as well as monitor and report strategies. • Internal Audit and Program staff provide expert advice and technical support to idenfy, assess and monitor risk. • Evaluation staff provide knowledge and expertise in recognition of potential for overlap between RBAF and RMAF • TBS program and Center for excellence for internal audit analyst provide advice during preparation of pgm • Delivery partners, codewriters, etc.
  • 24. PLANNING AND PREPARING RBAF • uncomplicated programs with low materiality and straightforward accountability and risk mgmt environment would require less detailed RBAF. • high priority and complex pgms with significant materiality and diversified and complex env require more detailed RBAF and large time and efforts investment. • meaningful info should be provided in each section of RBAF
  • 25. ROLES, RESPONSIBILITIES AND RELATIONSHIPS • Purpose: it should clearly delegate respective roles and responsibilities of mgmt and IA with terms and conditions for monitoring, auditing and RBAF requirements. • Proces: PTP, guide on grants, contributions and other transfer payments delegate the roles and responsibilities of mgmt and IA. • Management: responsible for ongoing financial and operational monitoring and audit of recipients whether results data is reliable. • Internal Audits: to employ risk based methodologies in planning and conducting audits to provide assurance on adequacy of integrated risk mgmt practices, mgmt control frameworks and info used for decision making and reporting on achievement of overall objectives. • product: stmt of roles and responsibilities betn mgmt and IA and recipient
  • 26. PROGRAM PROFILE • purpose: should provide context and key areas of inherent risk that evolve from transfer payment programs objectives amd environment. • process: should be developed with reference to organizations outcomes and design info that has been compiled during recent business planning and development of RMAF. • product: needs of pgm, target population, resources, product grps, delivery mechanisms and governance structure.
  • 27. RISK IDENTIFICATION, ASSESSMENT AND MGMT SUMMARY • key risks should be identified, assessed and associated measures either implemented. • purpose: ensure explicit understanding of level of key risks also understands controls to reduce this risk. • process: it requires input from team of managers and knowledgeable staff within pgm area of functional grps. • preparation steps: • consider who should participate • clearly define risk • establish time horizon • customize risk matrix • consider other tool req.
  • 28. Process Steps • understand objectives: objectives with reference to outcomes • risk identification: conduction of preliminary analysis of risk level of each area to further analysis of areas • risk assessment: use existing preventive measures for risk areas selected for analysis for further analysis • risk response: decide strategies to avoid, transfer, share, accept and manage the risk
  • 29. Process steps • Key risk summaries: includes following- • methodologies section- risk definition and model • brief description- process steps • identification of involved teams • risk matrix- levels of impact and likelihood • key areas- overall risk context of pgm and strategies
  • 30. PROGRAM MONITORING AND RECIPIENT AUDITING • purpose: to provide description of monitoring and recipient auditing practices undertaken by mgmt. • process: objectives to meet • achievement of established outcomes • risks to achieve outcomes • determine eligibility of recipients and expenditures of funds • efficient, effective and economical use of resources • whether or not pgm is administered with terms and conditions at all stages of transfer payment life cycle
  • 31. INTERNAL AUDITING • purpose: provide valuable assistance to mgmt by providing assurance as to soundness of risk mgmt strategy and practices , mgmt control framework and practices and info being used for decision making and reporting • process: used same risk assessment methodology and recipient audit risk • indicate results of audit performed , details of future plans, with expected costs • product: description of results, audit objectives assessed, scope, timing and expected cost for future plan, description of audit risk assessment methodology
  • 32. PLANNING OF MANAGING IS AUDIT FUNCTION • Once need for a new system has been identified, plans must be developed to ensure that the new system can be successfully integrated with business processes and that should provide acceptable return of investment for organization. • effective project mgmt is essential if systems are to be produced that correctly fulfill req of their users without exceeding constraints of time and budget
  • 33. PLANNING OF MANAGING IS AUDIT FUNCTION • requirements: • inbound logistics: receiving, warehousing and inventory control of input materials. • operations: value creating activities that transform inputs into final product • outbound logistics: activities req to get finished product to customer, including warehousing, order fullfillment • marketing and sales: activities associated with getting buyers to purchase product, including channel selection, advertising, pricing • service: activities maintain and enhance products value including customer suport, repair services
  • 34. ZACHMAN FRAMEWORK • Zachman developed it for most systematic delivery of IS. • perspectives: • Data: what data entities need to capture and what are relationships between them • Function: which functions need to be addressed and which arguments does each function have • Network: which nodes need t be supported and what links exists between them • People: who are our agents and what are their tasks or work • Time: when do things happen and to which cycles do they conform • Motivation: what are ends of goals and by what means will we get there?
  • 35. STRATEGIC IMPORTANCE GRID • Looks at entire IS portfolio of organization i.e all the systems currently in operation as well as the future systems currently under development or being planned. • assess whether a significant portion of an organizations systems is of strategic nature and classifies the organization acc into one of 4 possible categories on IS strategic imp grid. • assess imp of IS strategic plannoing in overall strategic business plan. • useful in strategic competitor analysis or significant shifts in budget
  • 36. IS PLANNING • components of IS need to be successfully integrated in order to provide right info at right place and time. • So IS architecture needed to define IS resources that will be used to support business strategy and stds that should be adhered to in order to ensure compatibility within the system • planning needs to identify app needs of business and business goals • alternative software products needs to be evaluated also hardware and OS should be appropriate. • includes technical support, estimation of operating costs, financing method
  • 37. COST BENEFIT ANALYSIS • used to access and prioritize new system development projects by measuring financial impact of proposed system. • Tangible benefits includes reduced inventory and admin cost, higher processing volume, reduction of bad debts and improved cash flow. • Intangible benefits includes customer satisfaction and better decision making. • Costs includes Development cost, equipment cost, operating cost
  • 38. SOFTWARE ACQUISITION OPTIONS • In-house development: develop and support computer systems to support companys strategic goals. • Outsourcing: purchasing of service, ASP • End-user computing: training and assistance to user • Project management: planning, allocation, scheduling and review • organizing of MIS audit function with the help of activity analysis and decision analysis • Also creating departmentation and delegation of authority.
  • 39. CONTROLLING MIS AUDIT FUNCTION • purpose of control: • to regulate process to achieve goals, objectives, targets • control is exercised through system through comparing perfomance • it should work on principle of feedback • Corrective action to be taken time • it gives advance warning about occurence of deviations in system • auditing is tool of control • control tools: planning, budgets, financial, risk analysis, pert/cpm
  • 40. BENEFITS OF IS AUDIT FOR ORGANIZATION • mapping business control with IT application • business process reengineering • IT security policy • Security awareness • Better return on inverstment • risk management