Video Review Assignment | Auditing in CIS (PSP_DAT5B_Group8)
Hai, We are from group 8 (DAT5B)
Nursyamira Izzati bt Mohd Rosdi 10dat18f1008
Nur Arisha Bt Zakaria 10dat18f1038
Sabarreena Priyah A/P Murugesan 10dat18f1058
Siti Nur Izza bt Mohamed 10dat18f1098
Suthashne A/P Seran 10dat18f1102
Nurul Nabilah bt Abdullah 10dat18f1501
LEARNING OUTCOMES FROM THE VIDEO :
Characteristics of Computer Information System
1.Lack of visible transaction trails
2.Consistency of performance
3. Ease of Acess to data and computer programs
4. Concentration duties
5. Systems generated transaction
6.Vulnerability of data and program storage media
Internal Control
1.Internal control in a CIS environment is an essential prerequisite for efficient and effective management of any organization.
2.There are variety of control to check accuracy, completeness, and authorization of transactions.
3.Internal control can be classified as general control and application controls
General Controls and Application Controls
General control classified as:
1.Organization control
2.Systems development and documentation controls
3.Data recovery controls
4.Access controls
5.Monitoring control
Application controls category as :
1. Control over input
2. Control over processing
3. Control over output
Differences between Testing General Control and Testing Application control
Testing General controls :
1)Actual observation of personnel
2) Inspecting program documentation
3)Observing security measures in force
Testing Application control:
1)Audit around the computer
2)Use computer-assisted audit techniques
CIS Auditing
IS Auditing Objectives
-Understanding the CIS environment
-The effect of computerization in general and on internal controls
-Types of general & application controls used in CIS processes
-The audit process in a CIS environment
-To know the techniques of auditing using CA
Analyzing the CIS Environment
Risk Assessment of the CIS Environment :
-Identify the business processes, criticality.
-The automation of business processes.
-To identify where should there be control points.
-To analyze processes against internal control.
-Effectiveness of internal control.
-Benefits of internal control.
-Efficiency of operations.
Risk Management Overview
-Risk management is the process of ensuring that the impact of threats exploiting vulnerabilities is within acceptable limits at an acceptable cost.
- At a high level, this is accomplished by balancing risk exposure against mitigation costs and implementing appropriate countermeasures and controls.
Computer assisted data techniques ( CAATs )
- test data
- integrated test facility
- parallel simulation
Parallel Simulations
-The simulataneous performance of mutiple operations
- provides evidence of the validity of processing
-Requires the auditor write the program
- simulates key features of processes of the program under review
- The video also show the diagram parallel simulation
- generalized audit software consists of generally available computer packages designed to perfom common audit tasks
- know about the purpose written programs which is designed to perform audit tasks in specific circumstances
Other CAATs which is snapshots
- involves taking a pictures of a transactions
Systems control audit review files ( SCARF )
- involves embedding audit software modules
- to provise continous monitoring of the systems transactions
Comments