SlideShare ist ein Scribd-Unternehmen logo

Information Systems Audit - Ron Weber chapter 1

Als PPTX, PDF herunterladen
S
Sreekanth Narendran

Visit www.lifein01.com for presentations of all chapters. Auditing is the process of assessment of financial, operational, strategic goals and processes in organizations to determine whether they are in compliance with the stated principles, regulatory norms, rules, and regulations.

Technologie
1 von 35
Information Systems Audit (Chapter 1)
Contents • Introduction • Need for control and audit of computers • Information systems auditing defined • Effects of computer on internal controls • Effect/advantages of computer in audit techniques
Introduction Auditing is the process of assessment of financial, operational, strategic goals and processes in organizations to determine whether they are in compliance with the stated principles ,regulatory norms, rules and regulations.
• Aim of information audit is to safe guard the assets, to maintain data integrity, to achieve system effectiveness and to achieve system efficiency. • The audit can be conducted internally by employees of the organization, or externally by an outside firm.
Need for control and Audit of computers computers assist in the processing of data and decision making. Factors: 1)Organizational cost of data loss 2)Incorrect decision making 3)Cost of computer abuse 4)Value of hardware, software 5)High costs of computer error 6)Maintainance of privacy 7)Controlled evolution of computer use
Organizational cost of data loss • Data provides the organization with an image of itself its environment, its history and its future. • If the Data is inaccurate or lost the organization can incur substantial losses. • There should be proper backup of computer files.
Incorrect decision making • Decision making depends on the quality of data and quantity of decision rules that exists in the computer based information system. • Inaccurate data causes costly, unnecessary investigations and out of control process can also remain undetected. Example: If the algorithm that the bank uses to give interest rates if incorrect the bank will undergo substantial loss.
• Not just management but parties who have interest in an organization also have an impact of incorrect data. Example: Shareholders might make poor investment decisions if they are provided with inaccurate financial information.
Costs of computer abuse Hacking: A person gaining unauthorized access of system to modify or delete program or to disrupt services. Viruses: It is a program that attaches itself to executable files or data files and replicate themselves and causes disruption.
Illegal physical access: A person gaining unauthorized physical access in the system.(can cause physical damage or make copies of data) Abuse of privileges: A person uses privileges for unauthorized purposes.(making copies of sensitive data they are permitted to access)
Consequences of Abuse: 1)Destruction of assets 2)Theft of assets 3)Modification of assets 4)Privacy violation 5)Unauthorized use of assets
Value of computer hardware and software • In addition to data Hardware and software are critical organizational resources. • Some intentional or unintentional loss of hardware can cause disruption in functioning of organization • If the software is corrupted the confidential information could be stolen could be disclosed to competitors.
High cost of computer error • Computers automatically perform many critical functions. Example: Computers allow banks to provide ATM services, online banking and accurate tracking and verification of funds.
Maintenance of privacy • All the important data of an individual like financial information, personal data everything is stored on computers • If there is some breach in the system all the private data will be gone in seconds thus making it important to protect and maintain the privacy.
Impact of ISA 1)Improved safeguard of assets 2)Improved data integrity 3)Improved system effectiveness 4)Improved system efficiency
Asset safeguarding objective • The information system assets of an organization includes hardware, software, people(knowledge),data files and system documentation. • These assets play a major role in organizational growth thus making it necessary to safeguard these assets.
Data integrity objective • Data integrity is an fundamental concept of information system auditing. • It is a state implying data has certain attributes like: completeness, soundness, purity and veracity. • If the integrity of an organization’s data is low it could suffer a great loss.
Three major factors affect the value of data : 1)The value of information content of the data item for individual decision makers. 2)The extent to which data item is shared among decision makers. 3)The value of data item to competitors.
System effectiveness objective • The effectiveness is the measure for deciding whether the system provides the desired output or not. Being effective means producing the right output in terms of quantity and quality. • Effectiveness auditing is done usually after the system has been running for sometime. • It can be carried out during the design stages of system.
System efficiency objectives • The efficiency indicates the manner in which the inputs are used by the system. Being efficient means the system uses inputs in a `right' way. • An efficient information system uses minimum resources to achieve its required objectives.
Effects of computers on internal control • The goals can be achieved only if an organization’s management sets up a system of internal control. • There is a huge impact of computers on the internal control components.
Components of internal control • Separation of duties • Delegation of authority • Competent and trustworthy personal • System of authorizations • Adequate documents and records • Physical control over assets and records • Adequate management supervision • Independent checks on performance
Separation of duties • In manual system separate individuals must be responsible for initiating transactions, recording transactions and maintaining the assets. • It prevents and detects errors and irregularity • Separation of duties must exist in different forms • The capability to run the program and change the program should be separated(privileges).
Delegation of authority and responsibility In a computer system delegating authority and responsibility is difficult because some resources are shared among various users. Example: In a database various users can access the same data. But by this the integrity is somehow violated. It is not possible to trace who is responsible for corrupting the data and who is responsible for identifying and correcting the errors.
Competent and trustworthy personnel • Substantial power is given to persons responsible for computer based information system developed, implemented, operated and maintained within organization. • Sometimes the personnel not only lacks skills but also well developed sense of ethics.
• In computer system it is difficult to assess whether the authority assigned to individual is consistent with the management’s goals. Example: Users can formulate queries on database that could fetch them contents of confidential data.
System of authorizations Management issues two types of authorizations: 1) general authorizations 2)specific authorizations
Adequate documents and records The systems should be designed in a way to maintain a record of all events and should be easily accessible in order to have effective auditing process.
Physical control over assets and records Computer system differs from manual systems in a way they concentrate all the information systems assets and records of an organization. Example: In manual system if a person wants to commit fraud he’ll have to go to different physical locations whereas in computer based all the data will be available in single site. Thus making it easy to execute the fraud.
Adequate management supervision • In computer based system supervision needs to be carried out remotely. • Managers must examine and do periodic auditing to check for unauthorized actions.
Independent checks on performance • The control emphasis should be on ensuring the veracity of program code. • Auditors must must evaluate controls established for program development, modification operation and maintenance.
Effects of computers on auditing 1)Changes to evidence collection 2)Changes to evidence evaluation
Foundation of information systems auditing 1)Traditional auditing 2)Information system management 3)Behavioral science 4)Computer science
Advantages of using computers in audit techniques • Increase the accuracy of audit tests • Perform audit tests more efficiently • Enable the audit team to test a large volume of data accurately and quickly • Reduce the level of human error in testing • Provide a better quality of audit evidence
Thank you

Empfohlen

Conducting an Information Systems Audit
Conducting an Information Systems Audit Conducting an Information Systems Audit
Conducting an Information Systems Audit Sreekanth Narendran
 
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...Sreekanth Narendran
 
03.2 application control
03.2 application control03.2 application control
03.2 application controlMulyadi Yusuf
 
Security audit
Security auditSecurity audit
Security auditRosaria Dee
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementMaganathin Veeraragaloo
 
03.1 general control
03.1 general control03.1 general control
03.1 general controlMulyadi Yusuf
 
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)Muhammad Azmy
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security AuditMufaddal Nullwala
 

Empfohlen

Conducting an Information Systems Audit
Conducting an Information Systems Audit Conducting an Information Systems Audit
Conducting an Information Systems Audit Sreekanth Narendran
 
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...Sreekanth Narendran
 
03.2 application control
03.2 application control03.2 application control
03.2 application controlMulyadi Yusuf
 
Security audit
Security auditSecurity audit
Security auditRosaria Dee
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementMaganathin Veeraragaloo
 
03.1 general control
03.1 general control03.1 general control
03.1 general controlMulyadi Yusuf
 
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)Muhammad Azmy
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security AuditMufaddal Nullwala
 
Information systems audit and control
Information systems audit and controlInformation systems audit and control
Information systems audit and controlKashif Rana ACCA
 
Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1Yasir Khan
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management Ersoy AKSOY
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...PECB
 
3c 2 Information Systems Audit
3c 2 Information Systems Audit3c 2 Information Systems Audit
3c 2 Information Systems AuditRajeswaran Muthu Venkatachalam
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Dinesh O Bareja
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditingDamilola Mosaku
 
Information Systems Control and Audit - Chapter 4 - Systems Development Manag...
Information Systems Control and Audit - Chapter 4 - Systems Development Manag...Information Systems Control and Audit - Chapter 4 - Systems Development Manag...
Information Systems Control and Audit - Chapter 4 - Systems Development Manag...Sreekanth Narendran
 
Information risk management
Information risk managementInformation risk management
Information risk managementAkash Saraswat
 
Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity AuditEC-Council
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Hendri Eka Saputra
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityjayashri kolekar
 
Domain 2 - Asset Security
Domain 2 - Asset SecurityDomain 2 - Asset Security
Domain 2 - Asset SecurityMaganathin Veeraragaloo
 
Information System audit
Information System auditInformation System audit
Information System auditPratapchandra
 
information security management
information security managementinformation security management
information security managementGurpreetkaur838
 
Chapter 1 auditing and internal control
Chapter 1 auditing and internal controlChapter 1 auditing and internal control
Chapter 1 auditing and internal controljayussuryawan
 
IT Governance
IT GovernanceIT Governance
IT GovernanceCarlos Chalico
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsPECB
 
Chapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.pptChapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.pptShruthi48
 
Information Security Governance and Strategy
Information Security Governance and Strategy Information Security Governance and Strategy
Information Security Governance and Strategy Dam Frank
 
Information 2nd lesson
Information 2nd lessonInformation 2nd lesson
Information 2nd lessonAnne ndolo
 
CISA_WK_4.pptx
CISA_WK_4.pptxCISA_WK_4.pptx
CISA_WK_4.pptxdotco
 

Weitere ähnliche Inhalte

Was ist angesagt?

Information systems audit and control
Information systems audit and controlInformation systems audit and control
Information systems audit and controlKashif Rana ACCA
 
Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1Yasir Khan
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management Ersoy AKSOY
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...PECB
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Dinesh O Bareja
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditingDamilola Mosaku
 
Information Systems Control and Audit - Chapter 4 - Systems Development Manag...
Information Systems Control and Audit - Chapter 4 - Systems Development Manag...Information Systems Control and Audit - Chapter 4 - Systems Development Manag...
Information Systems Control and Audit - Chapter 4 - Systems Development Manag...Sreekanth Narendran
 
Information risk management
Information risk managementInformation risk management
Information risk managementAkash Saraswat
 
Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity AuditEC-Council
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Hendri Eka Saputra
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityjayashri kolekar
 
Information System audit
Information System auditInformation System audit
Information System auditPratapchandra
 
information security management
information security managementinformation security management
information security managementGurpreetkaur838
 
Chapter 1 auditing and internal control
Chapter 1 auditing and internal controlChapter 1 auditing and internal control
Chapter 1 auditing and internal controljayussuryawan
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsPECB
 
Chapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.pptChapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.pptShruthi48
 
Information Security Governance and Strategy
Information Security Governance and Strategy Information Security Governance and Strategy
Information Security Governance and Strategy Dam Frank
 

Was ist angesagt? (20)

Information systems audit and control
Information systems audit and controlInformation systems audit and control
Information systems audit and control
 
Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
 
3c 2 Information Systems Audit
3c 2 Information Systems Audit3c 2 Information Systems Audit
3c 2 Information Systems Audit
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditing
 
Information Systems Control and Audit - Chapter 4 - Systems Development Manag...
Information Systems Control and Audit - Chapter 4 - Systems Development Manag...Information Systems Control and Audit - Chapter 4 - Systems Development Manag...
Information Systems Control and Audit - Chapter 4 - Systems Development Manag...
 
Information risk management
Information risk managementInformation risk management
Information risk management
 
Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity Audit
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Domain 2 - Asset Security
Domain 2 - Asset SecurityDomain 2 - Asset Security
Domain 2 - Asset Security
 
Information System audit
Information System auditInformation System audit
Information System audit
 
information security management
information security managementinformation security management
information security management
 
Chapter 1 auditing and internal control
Chapter 1 auditing and internal controlChapter 1 auditing and internal control
Chapter 1 auditing and internal control
 
IT Governance
IT GovernanceIT Governance
IT Governance
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO Standards
 
Chapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.pptChapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.ppt
 
Information Security Governance and Strategy
Information Security Governance and Strategy Information Security Governance and Strategy
Information Security Governance and Strategy
 

Ähnlich wie Information Systems Audit - Ron Weber chapter 1

Information 2nd lesson
Information 2nd lessonInformation 2nd lesson
Information 2nd lessonAnne ndolo
 
CISA_WK_4.pptx
CISA_WK_4.pptxCISA_WK_4.pptx
CISA_WK_4.pptxdotco
 
Information system audit 2
Information system audit 2 Information system audit 2
Information system audit 2 Jayant Dalvi
 
Information systems audit n control introduction.ppt
Information systems audit n control introduction.pptInformation systems audit n control introduction.ppt
Information systems audit n control introduction.pptr209777z
 
Lecture 2 - Security Requirments.ppt
Lecture 2 - Security Requirments.pptLecture 2 - Security Requirments.ppt
Lecture 2 - Security Requirments.pptDrBasemMohamedElomda
 
Chapter-2-Control-Audit-Security-ioenotes.pptx
Chapter-2-Control-Audit-Security-ioenotes.pptxChapter-2-Control-Audit-Security-ioenotes.pptx
Chapter-2-Control-Audit-Security-ioenotes.pptxToxicHawk
 
LOW LEVEL DESIGN INSPECTION SECURE CODING
LOW LEVEL DESIGN INSPECTION SECURE CODINGLOW LEVEL DESIGN INSPECTION SECURE CODING
LOW LEVEL DESIGN INSPECTION SECURE CODINGSri Latha
 
CISA_WK_1.pptx
CISA_WK_1.pptxCISA_WK_1.pptx
CISA_WK_1.pptxdotco
 
crisc_wk_5.pptx
crisc_wk_5.pptxcrisc_wk_5.pptx
crisc_wk_5.pptxdotco
 
Security Architecture
Security ArchitectureSecurity Architecture
Security ArchitecturePriyank Hada
 
Chapter 4 : Auditing and the information technology environment
Chapter 4 : Auditing and the information technology environmentChapter 4 : Auditing and the information technology environment
Chapter 4 : Auditing and the information technology environmentKugendranMani
 
Overview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptxOverview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptxJoshJaro
 
CONTROL AND AUDIT
CONTROL AND AUDITCONTROL AND AUDIT
CONTROL AND AUDITRos Dina
 
Internal Controls Over Information Systems
Internal Controls Over Information Systems Internal Controls Over Information Systems
Internal Controls Over Information Systems Jeffrey Paulette
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROLshinydey
 
MS Lecture 9 information technology
MS Lecture 9 information technologyMS Lecture 9 information technology
MS Lecture 9 information technologyEst
 
Information system audit
Information system audit Information system audit
Information system audit Jayant Dalvi
 

Ähnlich wie Information Systems Audit - Ron Weber chapter 1 (20)

Information 2nd lesson
Information 2nd lessonInformation 2nd lesson
Information 2nd lesson
 
CISA_WK_4.pptx
CISA_WK_4.pptxCISA_WK_4.pptx
CISA_WK_4.pptx
 
Information system audit 2
Information system audit 2 Information system audit 2
Information system audit 2
 
Chapter 7
Chapter 7Chapter 7
Chapter 7
 
audit_it_250759.pdf
audit_it_250759.pdfaudit_it_250759.pdf
audit_it_250759.pdf
 
Information systems audit n control introduction.ppt
Information systems audit n control introduction.pptInformation systems audit n control introduction.ppt
Information systems audit n control introduction.ppt
 
Lecture 2 - Security Requirments.ppt
Lecture 2 - Security Requirments.pptLecture 2 - Security Requirments.ppt
Lecture 2 - Security Requirments.ppt
 
A075434624
A075434624A075434624
A075434624
 
Chapter-2-Control-Audit-Security-ioenotes.pptx
Chapter-2-Control-Audit-Security-ioenotes.pptxChapter-2-Control-Audit-Security-ioenotes.pptx
Chapter-2-Control-Audit-Security-ioenotes.pptx
 
LOW LEVEL DESIGN INSPECTION SECURE CODING
LOW LEVEL DESIGN INSPECTION SECURE CODINGLOW LEVEL DESIGN INSPECTION SECURE CODING
LOW LEVEL DESIGN INSPECTION SECURE CODING
 
CISA_WK_1.pptx
CISA_WK_1.pptxCISA_WK_1.pptx
CISA_WK_1.pptx
 
crisc_wk_5.pptx
crisc_wk_5.pptxcrisc_wk_5.pptx
crisc_wk_5.pptx
 
Security Architecture
Security ArchitectureSecurity Architecture
Security Architecture
 
Chapter 4 : Auditing and the information technology environment
Chapter 4 : Auditing and the information technology environmentChapter 4 : Auditing and the information technology environment
Chapter 4 : Auditing and the information technology environment
 
Overview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptxOverview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptx
 
CONTROL AND AUDIT
CONTROL AND AUDITCONTROL AND AUDIT
CONTROL AND AUDIT
 
Internal Controls Over Information Systems
Internal Controls Over Information Systems Internal Controls Over Information Systems
Internal Controls Over Information Systems
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROL
 
MS Lecture 9 information technology
MS Lecture 9 information technologyMS Lecture 9 information technology
MS Lecture 9 information technology
 
Information system audit
Information system audit Information system audit
Information system audit
 

Mehr von Sreekanth Narendran

Transactional vs transformational leadership
Transactional vs transformational leadershipTransactional vs transformational leadership
Transactional vs transformational leadershipSreekanth Narendran
 
ECGC, Exim Bank, RBI, FEDAI, FEMA and SWIFT.
ECGC, Exim Bank, RBI, FEDAI, FEMA and SWIFT.ECGC, Exim Bank, RBI, FEDAI, FEMA and SWIFT.
ECGC, Exim Bank, RBI, FEDAI, FEMA and SWIFT.Sreekanth Narendran
 

Mehr von Sreekanth Narendran (17)

Quantum cryptography
Quantum cryptographyQuantum cryptography
Quantum cryptography
 
Nmap
NmapNmap
Nmap
 
Transactional vs transformational leadership
Transactional vs transformational leadershipTransactional vs transformational leadership
Transactional vs transformational leadership
 
ECGC, Exim Bank, RBI, FEDAI, FEMA and SWIFT.
ECGC, Exim Bank, RBI, FEDAI, FEMA and SWIFT.ECGC, Exim Bank, RBI, FEDAI, FEMA and SWIFT.
ECGC, Exim Bank, RBI, FEDAI, FEMA and SWIFT.
 
Web services for banks
Web services for banksWeb services for banks
Web services for banks
 
Virus vs worms vs trojans
Virus vs worms vs trojansVirus vs worms vs trojans
Virus vs worms vs trojans
 
Business process reengineering
Business process reengineeringBusiness process reengineering
Business process reengineering
 
Hash cat
Hash catHash cat
Hash cat
 
Phishing
PhishingPhishing
Phishing
 
International banking
International bankingInternational banking
International banking
 
Master Data Management
Master Data ManagementMaster Data Management
Master Data Management
 
Maltego Information Gathering
Maltego Information Gathering Maltego Information Gathering
Maltego Information Gathering
 
Leadership traits
Leadership traitsLeadership traits
Leadership traits
 
Network Miner Network forensics
Network Miner Network forensicsNetwork Miner Network forensics
Network Miner Network forensics
 
Autopsy Digital forensics tool
Autopsy Digital forensics toolAutopsy Digital forensics tool
Autopsy Digital forensics tool
 
Organizational development
Organizational developmentOrganizational development
Organizational development
 
Indigo Case study
Indigo Case study Indigo Case study
Indigo Case study
 

Kürzlich hochgeladen

DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 

Kürzlich hochgeladen (20)

DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 

Information Systems Audit - Ron Weber chapter 1

  • 2. Contents • Introduction • Need for control and audit of computers • Information systems auditing defined • Effects of computer on internal controls • Effect/advantages of computer in audit techniques
  • 3. Introduction Auditing is the process of assessment of financial, operational, strategic goals and processes in organizations to determine whether they are in compliance with the stated principles ,regulatory norms, rules and regulations.
  • 4. • Aim of information audit is to safe guard the assets, to maintain data integrity, to achieve system effectiveness and to achieve system efficiency. • The audit can be conducted internally by employees of the organization, or externally by an outside firm.
  • 5. Need for control and Audit of computers computers assist in the processing of data and decision making. Factors: 1)Organizational cost of data loss 2)Incorrect decision making 3)Cost of computer abuse 4)Value of hardware, software 5)High costs of computer error 6)Maintainance of privacy 7)Controlled evolution of computer use
  • 6. Organizational cost of data loss • Data provides the organization with an image of itself its environment, its history and its future. • If the Data is inaccurate or lost the organization can incur substantial losses. • There should be proper backup of computer files.
  • 7. Incorrect decision making • Decision making depends on the quality of data and quantity of decision rules that exists in the computer based information system. • Inaccurate data causes costly, unnecessary investigations and out of control process can also remain undetected. Example: If the algorithm that the bank uses to give interest rates if incorrect the bank will undergo substantial loss.
  • 8. • Not just management but parties who have interest in an organization also have an impact of incorrect data. Example: Shareholders might make poor investment decisions if they are provided with inaccurate financial information.
  • 9. Costs of computer abuse Hacking: A person gaining unauthorized access of system to modify or delete program or to disrupt services. Viruses: It is a program that attaches itself to executable files or data files and replicate themselves and causes disruption.
  • 10. Illegal physical access: A person gaining unauthorized physical access in the system.(can cause physical damage or make copies of data) Abuse of privileges: A person uses privileges for unauthorized purposes.(making copies of sensitive data they are permitted to access)
  • 11. Consequences of Abuse: 1)Destruction of assets 2)Theft of assets 3)Modification of assets 4)Privacy violation 5)Unauthorized use of assets
  • 12. Value of computer hardware and software • In addition to data Hardware and software are critical organizational resources. • Some intentional or unintentional loss of hardware can cause disruption in functioning of organization • If the software is corrupted the confidential information could be stolen could be disclosed to competitors.
  • 13. High cost of computer error • Computers automatically perform many critical functions. Example: Computers allow banks to provide ATM services, online banking and accurate tracking and verification of funds.
  • 14. Maintenance of privacy • All the important data of an individual like financial information, personal data everything is stored on computers • If there is some breach in the system all the private data will be gone in seconds thus making it important to protect and maintain the privacy.
  • 15. Impact of ISA 1)Improved safeguard of assets 2)Improved data integrity 3)Improved system effectiveness 4)Improved system efficiency
  • 16. Asset safeguarding objective • The information system assets of an organization includes hardware, software, people(knowledge),data files and system documentation. • These assets play a major role in organizational growth thus making it necessary to safeguard these assets.
  • 17. Data integrity objective • Data integrity is an fundamental concept of information system auditing. • It is a state implying data has certain attributes like: completeness, soundness, purity and veracity. • If the integrity of an organization’s data is low it could suffer a great loss.
  • 18. Three major factors affect the value of data : 1)The value of information content of the data item for individual decision makers. 2)The extent to which data item is shared among decision makers. 3)The value of data item to competitors.
  • 19. System effectiveness objective • The effectiveness is the measure for deciding whether the system provides the desired output or not. Being effective means producing the right output in terms of quantity and quality. • Effectiveness auditing is done usually after the system has been running for sometime. • It can be carried out during the design stages of system.
  • 20. System efficiency objectives • The efficiency indicates the manner in which the inputs are used by the system. Being efficient means the system uses inputs in a `right' way. • An efficient information system uses minimum resources to achieve its required objectives.
  • 21. Effects of computers on internal control • The goals can be achieved only if an organization’s management sets up a system of internal control. • There is a huge impact of computers on the internal control components.
  • 22. Components of internal control • Separation of duties • Delegation of authority • Competent and trustworthy personal • System of authorizations • Adequate documents and records • Physical control over assets and records • Adequate management supervision • Independent checks on performance
  • 23. Separation of duties • In manual system separate individuals must be responsible for initiating transactions, recording transactions and maintaining the assets. • It prevents and detects errors and irregularity • Separation of duties must exist in different forms • The capability to run the program and change the program should be separated(privileges).
  • 24. Delegation of authority and responsibility In a computer system delegating authority and responsibility is difficult because some resources are shared among various users. Example: In a database various users can access the same data. But by this the integrity is somehow violated. It is not possible to trace who is responsible for corrupting the data and who is responsible for identifying and correcting the errors.
  • 25. Competent and trustworthy personnel • Substantial power is given to persons responsible for computer based information system developed, implemented, operated and maintained within organization. • Sometimes the personnel not only lacks skills but also well developed sense of ethics.
  • 26. • In computer system it is difficult to assess whether the authority assigned to individual is consistent with the management’s goals. Example: Users can formulate queries on database that could fetch them contents of confidential data.
  • 27. System of authorizations Management issues two types of authorizations: 1) general authorizations 2)specific authorizations
  • 28. Adequate documents and records The systems should be designed in a way to maintain a record of all events and should be easily accessible in order to have effective auditing process.
  • 29. Physical control over assets and records Computer system differs from manual systems in a way they concentrate all the information systems assets and records of an organization. Example: In manual system if a person wants to commit fraud he’ll have to go to different physical locations whereas in computer based all the data will be available in single site. Thus making it easy to execute the fraud.
  • 30. Adequate management supervision • In computer based system supervision needs to be carried out remotely. • Managers must examine and do periodic auditing to check for unauthorized actions.
  • 31. Independent checks on performance • The control emphasis should be on ensuring the veracity of program code. • Auditors must must evaluate controls established for program development, modification operation and maintenance.
  • 32. Effects of computers on auditing 1)Changes to evidence collection 2)Changes to evidence evaluation
  • 33. Foundation of information systems auditing 1)Traditional auditing 2)Information system management 3)Behavioral science 4)Computer science
  • 34. Advantages of using computers in audit techniques • Increase the accuracy of audit tests • Perform audit tests more efficiently • Enable the audit team to test a large volume of data accurately and quickly • Reduce the level of human error in testing • Provide a better quality of audit evidence