Video Review Assignment | What is CIS? (PSP_DAT5B_Group1)
Muhammad Ashraf bin Mohamad Redzwan 10DAT18F1006
Thurgeswari selvemani 10DAT18F1073
Nurdiana binti Mohd Nasir 10DAT18F1014
Nuralya Sophia binti Suhaidi 10DAT18F1026
Nor Athirah binti Amran. 10DAT18F1028
Collect, manage, and analyze audit logs of events that could help detect, understand, or recover from an attack.
CIS RAM is an information security risk assessment method that helps organizations implement and assess their security posture against the CIS Controls.
CIS environment exists when a computer of any type or size is involved in the processing by an entity of financial information of significance to the audit, whether that computer is operated by the entity or a third party.
Identify the computerized environment.
Extent of computerization in the organization.
The pervasiveness of computerization.
CIS as part of the organizational infrastructure.
Importance of the CIS in the organization.
The objective of audit in a CIS environment is to express opinion whether the financial statements true and fair. Management’s view of the CIS environment.
Scope of audit under cis
It is govern by legislation, regulation and the approved auditing standards
There are two category in internal control. The first one is application control. Second one is general control
Type of Control
1) Data capture Controls
- To capture that all transactions are recorded in the application system
2) Data Validation Controls
- To ensure the data is accurate
3) Processing Control
- Prevent and detect errors
4) Output Control
- prevent computer output for being used by an authorised user
5) Error Control
- Errors should be corrected and then submitted it
CAAT
- Used the computer as an audit tools to enhance the effectiveness and efficiency of audit procedures
- this technique can provide effective test of control and substantive procedure whether no input document or sample of populations is large
Types of CAAT
Generalised audit software
-test on data files
Custom audit software
-specific task
Test data
-creates a simulation transaction
Intergrated test facility
- “dummy” record is created
Parallel simulation
-mimics the entities application programme
Comments