Video Review Assignment | What is CIS? (PSP_DAT5B_Group1)


Muhammad Ashraf bin Mohamad Redzwan 10DAT18F1006

Thurgeswari selvemani                             10DAT18F1073

Nurdiana binti Mohd Nasir                       10DAT18F1014

Nuralya Sophia binti Suhaidi                    10DAT18F1026

Nor Athirah binti Amran.                          10DAT18F1028


Collect, manage, and analyze audit logs of events that could help detect, understand, or recover from an attack.

CIS RAM is an information security risk assessment method that helps organizations implement and assess their security posture against the CIS Controls.

CIS environment exists when a computer of any type or size is involved in the processing by an entity of financial information of significance to the audit, whether that computer is operated by the entity or a third party.

Identify the computerized environment.

Extent of computerization in the organization.

The pervasiveness of computerization.

CIS as part of the organizational infrastructure.

Importance of the CIS in the organization.

The objective of audit in a CIS environment is to express opinion whether the financial statements true and fair. Management’s view of the CIS environment.

Scope of audit under cis 

It is govern by legislation, regulation and the approved auditing standards 

There are two category in internal control. The first one is application control. Second one is general control

Type of Control

1) Data capture Controls

- To capture that all transactions are recorded in the application system

2) Data Validation Controls

- To ensure the data is accurate 

3) Processing Control

- Prevent and detect errors

4) Output Control

- prevent computer output for being used by an authorised user

5) Error Control

- Errors should be corrected and then submitted it

CAAT

- Used the computer as an audit tools to enhance the effectiveness and efficiency of audit procedures 

- this technique can provide effective test of control and substantive procedure whether no input document or sample of populations is large

Types of CAAT

Generalised audit software 

-test on data files

Custom audit software

-specific task

Test data 

-creates a simulation transaction

Intergrated test facility

- “dummy” record is created 

Parallel simulation 

-mimics the entities application programme




Comments

Popular posts from this blog

CHAPTER 4: AUDITING IN CIS ENVIRONMENT (PSP_DAT5BJune2020)

CHAPTER 2 : AUDIT EVIDENCE