Chapter 08. Consideration of Internal Control in an Information Technology Environment. McGraw-Hill/Irwin
|
|
- Brittany Magdalene Richardson
- 6 years ago
- Views:
Transcription
1 Chapter 08 Consideration of Internal Control in an Information Technology Environment McGraw-Hill/Irwin Copyright 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
2 Nature of IT Based Systems Many systems have developed away from centralized systems with one main frame computer using user developed software to a combination of smaller computers using commercially available software Less expensive software Electronic checkbooks (e.g., Quicken) Moderate system Basic general ledger system (e.g.., QuickBooks) Expensive ERP systems (e.g., SAP) 8-2
3 Nature of IT Systems Usually consists of: Hardware Digital computer and peripheral equipment Software Various programs and routines for operating the system 8-3
4 Computer Hardware Input/Output Devices Central Processing Unit Auxiliary Storage Card Readers Arithmetic Unit Magnetic Disks Terminals Control Unit Magnetic Drums Electronic Cash Primary Storage Magnetic Tapes Registers Optical Compact Optical Scanners Disks Magnetic Tape Drives Magnetic Disk Drives Optical Compact Disks 8-4
5 Software Two Types: Systems software Programs that control and coordinate hardware components and provide support to application software Operating system (Examples: Unix, Windows) Application software Programs designed to perform a specific data processing task Written in programming language (Example: Java) 8-5
6 System Characteristics Regardless of size, system possesses one or more of the following elements Batch processing On-line capabilities Database storage IT networks End user computing 8-6
7 Batch Processing Input data gathered and processed periodically in groups Example: Accumulate all of a day s sales transactions and process them as a batch at end of day Often more efficient than other types of systems but does not provide up-to-minute information 8-7
8 Online Capabilities Online systems allow users direct access to data stored in the system Two types (a company may use both) Online transaction processing (OLTP) Individual transactions entered from remote locations Online real time (Example: Bank balance at ATM) Online analytical processing (OLAP) Enables user to query a system for analysis Example: Data warehouse, decision support systems, expert systems 8-8
9 Database Storage In traditional-it systems, each computer application maintains separate master files Redundant information stored in several files Database system allows users to access same integrated database file Eliminates data redundancy Creates need for data administrator for security against improper access 8-9
10 IT Networks Networks Computers linked together through telecommunication links that enable computers to communicate information back and forth WAN, LAN Internet, intranet, extranet Electronic commerce Involves electronic processing and transmission of data between customer and client Electronic Data Interchange (EDI) 8-10
11 End User Computing User departments are responsible for the development and execution of certain IT applications Involves a decentralized processing system IT department generally not involved Controls needed to prevent unauthorized access 8-11
12 Internal Control in IT Importance of internal control not diminished in computerized environment Separation of duties Clearly defined responsibilities Augmented by controls written into computer programs 8-12
13 Audit Trail Impact In a traditional manual system, hard-copy documentation available for accounting cycle In computerized environment, audit trail ordinarily still exists, but often not in printed form Can affect audit procedures Consulting auditors during design stage of ITbased system helps ultimate auditability 8-13
14 8-14
15 Responsibilities (1 of 2) Information systems management Supervise the operation of the department and report to vice president of finance Systems analysis Responsible for designing the system Application programming Design flowcharts and write programming code Database administration Responsible for planning and administering the company database Data Entry Prepare and verify input data for processing 8-15
16 Responsibilities (2 of 2) IT Operations Run and monitor central computers Program and file library Protect computer programs, master files and other records from loss, damage and unauthorized use Data Control Reviews and tests all input procedures, monitors processes and reviews IT logs Telecommunications Specialists Responsible for maintaining and enhancing IT networks Systems Programming Responsible for troubleshooting the operating system 8-16
17 Computer-Based Fraud History shows the person responsible for frauds in many situations set up the system and controlled its modifications Segregation of duties Programming separate from controlling data entry Computer operator from custody or detailed knowledge of programs If segregation not possible need: Compensating controls like batch totals Organizational controls not effective in mitigating collusion 8-17
18 Internal Auditing in IT Interested in evaluating the overall efficiency and effectiveness of information systems operations and related controls throughout the company Should participate in design of IT-based system Perform tests to ensure no unauthorized changes, adequate documentation, control activities functioning and data group performing duties. 8-18
19 8-19
20 IT Control Activities General Control Activities Developing new programs and systems Changing existing programs and systems Access to programs and data IT operations controls 8-20
21 Application Control Activities Programmed Control Activities Input validation checks Limit test Validity test Self-checking number Batch controls Item count Control total Hash total Processing controls Input controls plus file labels Manual Follow-up Activities Exception reports follow-up 8-21
22 User Control Activities Designed to test the completeness and accuracy of IT-processed transactions Designed to ensure reliability Reconciliation of control totals generated by system to totals developed at input phase Example: Sales invoices generated by ITbased system tested for clerical accuracy and pricing by the accounting clerk 8-22
23 Control in Decentralized and Single Workstation Systems Involves use of one or more user operated workstations to process data Needed controls Train users Document computer processing procedures Backup files stored away from originals Authorization controls Prohibit use of unauthorized programs Use antivirus software 8-23
24 Steps 1 and 2 of audit--plan audit and Obtain an Understanding Step 1 Consider IT system in planning Step 2 Obtain an understanding of the client and its environment Documentation of client s IT-based system depends on complexity of system Narrative Systems flowchart Program flowchart Internal control questionnaires 8-24
25 Step 3 of Audit: Assess the Risks Identify risks of Material Misstatement Relate the identified risks to what can go wrong at the relevant assertion level Consider whether the risks are of a magnitude that could result in a material misstatement Consider the likelihood that the risks could result in a material misstatement Evaluate effectiveness of related controls in mitigating risks Test of controls over IT-based systems 8-25
26 Techniques for Testing Application Controls Auditing Around the Computer--Manually processing selected transactions and comparing results to computer output Manual Tests of Computer Controls--Inspection of computer control reports and evidence of manual follow-up on exceptions Auditing Through the Computer--Computer assisted techniques Test Data Integrated Test Facility Controlled Programs Program Analysis Techniques Tagging and Tracing Transactions Generalized audit software parallel simulation 8-26
27 Using Generalized Audit Software to Perform Substantive Procedures In general, using client data and generalized audit software Examine client s records for overall quality, completeness and valid conditions Rearrange data and perform analyses Select audit samples Compare data on separate files Compare results of audit procedures with client s records 8-27
28 Typical Inventory Audit Procedures Using Generalized Audit Software 8-28
29 Service Organizations Computer service centers provide processing services to customers who decide not to invest in their own processing of particular data Outsourcing companies run computer centers and provide a range of computer processing services to companies 8-29
30 Service Organizations Auditor concerned if service provided are part of the client s information system. Part of system if service organization affect: How client s transactions are initiated The accounting records, supporting information The accounting processes from initiation to inclusion in financial statements The financial reporting process Can obtain service auditors report 8-30
31 Service Organizations Types of Service Auditor Reports Type 1 Management s description of the system and the suitability of the design of controls Type 2 Attributes of 1, plus assurance on the operating effectiveness of controls A Type 2 report may provide the user auditor with a basis for assessing control risk below the maximum. 8-31
Consideration of Internal Control in an Information Technology Environment
CHAPTER 8 Consideration of Internal Control in an Information Technology Environment Review Questions 8 1 System software monitors and controls hardware and provides other support to application programs.
More informationChapter 8: General Controls and Application Controls
Accounting Information Systems: Essential Concepts and Applications Fourth Edition by Wilkinson, Cerullo, Raval, and Wong-On-Wing Chapter 8: General Controls and Application Controls Slides Authored by
More informationIT Auditing, Hall, 3e
IT Auditing, an economic event that affects the assets and equities of the firm, is reflected in its accounts, and is measured in monetary terms. similar types of transactions are grouped together into
More informationDefinition of Internal Control
Definition of Internal Control - To address and limit potential risks - designed, implemented and maintained by those charged with governance to provide reasonable assurance about the achievement of the
More informationAuditing in an Automated Environment: Appendix B: Application Controls
Accountability Modules Auditing in an Automated Environment: Initials Date Agency Prepared By Reviewed By Audit Program - Application W/P Ref Page 1 of 1 The SAO follows control objectives established
More informationRISK ASSESSMENTS AND INTERNAL CONTROL CIS CHARACTERISTICS AND CONSIDERATIONS CONTENTS
CONTENTS Paragraphs Introduction... 1 Organizational Structure... 2 Nature of Processing... 3 Design and Procedural Aspects... 4 Internal Controls in a CIS Environment... 5 General CIS Controls... 6-7
More informationAUDITING (PART-18) (UNIT-III) INTERNAL CONTROL (PART 4)
1. INTRODUCTION AUDITING (PART-18) (UNIT-III) INTERNAL CONTROL (PART 4) Hello students welcome to the lecture series of auditing. Today we shall be taking up unit 3 rd and under unit 3 rd we shall continue
More informationContents. Process flow diagrams and other documentation
Process flow diagrams and other documentation Contents 1. Audit lessons 2. Process flows 3. Flowcharts 4. Information produced by entity (IPE) 5. Documentation Topic 1: Audit lessons Audit lessons Teams
More informationChapter 3: AIS Enhancements Through Information Technology and Networks
Accounting Information Systems: Essential Concepts and Applications Fourth Edition by Wilkinson, Cerullo, Raval, and Wong-On-Wing Chapter 3: AIS Enhancements Through Information Technology and Networks
More informationTransaction Processing Systems
Chapter 5: Computer-Based Transaction Processing Transaction Processing Systems A fundamental task in any AIS is to process transactions affecting the organization Transaction processing systems(ss) involve
More informationIntroduction To IS Auditing
Introduction To IS Auditing Instructor: Bryan McAtee, ASA, CISA Bryan McAtee & Associates - Brisbane, Australia * Course, Presenter and Delegate Introductions * Definition of Information Technology (IT)
More informationIntroduction to Transaction Processing
Modul ke: Introduction to Transaction Processing Fakultas Fakultas Ekonomi & Bisnis Iwan Setiadi, SE., M.Si Program Studi Akuntansi www.mercubuana.ac.id A Financial Transaction is... an economic event
More informationAudit Considerations Relating to an Entity Using a Service Organization
An Entity Using a Service Organization 355 AU-C Section 402 Audit Considerations Relating to an Entity Using a Service Organization Source: SAS No. 122; SAS No. 128; SAS No. 130. Effective for audits of
More informationAuditing in an Automated Environment: Appendix E: System Design, Development, and Maintenance
Accountability Modules Auditing in an Automated Environment: Agency Prepared By Initials Date Reviewed By Audit Program - System Design, Development, and Maintenance W/P Ref Page 1 of 1 Procedures Initials
More informationANZSCO Descriptions The following list contains example descriptions of ICT units and employment duties for each nominated occupation ANZSCO code. And
ANZSCO Descriptions The following list contains example descriptions of ICT units and employment duties for each nominated occupation ANZSCO code. Content 261311 - Analyst Programmer... 2 135111 - Chief
More informationFRAUD-RELATED INTERNAL CONTROLS
GLOBAL HEADQUARTERS THE GREGOR BUILDING 716 WEST AVE AUSTIN, TX 78701-2727 USA TABLE OF CONTENTS I. THE NEED FOR INTERNAL CONTROLS Example... 1 Threats to an Organization s Internal Control Environment...
More informationINTERNATIONAL STANDARD ON AUDITING 505 EXTERNAL CONFIRMATIONS CONTENTS
INTERNATIONAL STANDARD ON AUDITING 505 EXTERNAL CONFIRMATIONS (Effective for audits of financial statements for periods beginning on or after December 15, 2009) CONTENTS Paragraph Introduction Scope of
More informationAuditing IT General Controls
Auditing IT General Controls Amanthi Pendegraft and Nadine Yassine September 27, 2017 Agenda Introduction and Objectives IT Audit Fundamentals IT General Controls Overview Access to Programs and Data Program
More informationInternational Standard on Auditing (Ireland) 505 External Confirmations
International Standard on Auditing (Ireland) 505 External Confirmations MISSION To contribute to Ireland having a strong regulatory environment in which to do business by supervising and promoting high
More informationLearning Objectives. External confirmations procedures as per SA330 and SA 500 requirements
CA. Sudhir Sharma 1 Learning Objectives 1 2 3 4 External confirmations procedures as per SA330 and SA 500 requirements Management s refusal to allow auditor to send confirmation requests Results of the
More informationEXTERNAL CONFIRMATIONS SRI LANKA AUDITING STANDARD 505 EXTERNAL CONFIRMATIONS
SRI LANKA STANDARD 505 EXTERNAL CONFIRMATIONS (Effective for audits of financial statements for periods beginning on or after 01 January 2014) CONTENTS Paragraph Introduction Scope of this SLAuS... 1 External
More informationChapter 2 Introduction to Transaction Processing
Chapter 2 Introduction to Transaction Processing TRUE/FALSE 1. Processing more transactions at a lower unit cost makes batch processing more efficient than real-time systems. T 2. The process of acquiring
More informationIntroduction. Controlling Information Systems. Threats to Computerised Information System. Why System are Vulnerable?
Introduction Controlling Information Systems When computer systems fail to work as required, firms that depend heavily on them experience a serious loss of business function. M7011 Peter Lo 2005 1 M7011
More informationAnnual to Hourly PAY RATE conversion with 10% hourly premium. Overhead TAXES - FUTA FICA Texas - 11%
Job Title 2017 Average ANNUAL SALARY Compensation Annual to Hourly PAY RATE conversion with 10% hourly premium Overhead TAXES - FUTA FICA Texas - 11% Overhead BENEFITS - 5% Hourly COST Margin - 25% Hourly
More informationComputers Are Your Future
Computers Are Your Future Twelfth Edition Chapter 12: Databases and Information Systems Copyright 2012 Pearson Education, Inc. Publishing as Prentice Hall 1 Databases and Information Systems Copyright
More informationDIPLOMA COURSE IN INTERNAL AUDIT
DIPLOMA COURSE IN INTERNAL AUDIT Course Objective: Internal Audit is an assurance and consulting service that reviews the efficiency and effectiveness of the internal control.. It assists management at
More informationCITADEL INFORMATION GROUP, INC.
CITADEL INFORMATION GROUP, INC. The Role of the Information Security Assessment in a SAS 99 Audit Stan Stahl, Ph.D. President Citadel Information Group, Inc. The auditor has a responsibility to plan and
More informationCHAPTER 2 INTRODUCTION TO TRANSACTION PROCESSING
Chapter 2 Page 20 REVIEW QUESTIONS CHAPTER 2 INTRODUCTION TO TRANSACTION PROCESSING. The expenditure cycle, conversion cycle, and revenue cycle. 2. Purchases/accounts payable system, cash disbursements
More information1. The narratives, diagrams, charts, and other written materials that explain how a system works are collectively called
CH 3 MULTIPLE CHOICE 1. The narratives, diagrams, charts, and other written materials that explain how a system works are collectively called a) documentation. b) data flows. c) flowcharts. d) schema.
More informationCreative Solutions Consulting, Inc. Commercial Price List (CPL) Price List Effective January 1, 2018 *
Creative Solutions Consulting, Inc. Commercial Price List (CPL) Price List Effective January 1, 2018 * Note: These are Commercial rates, and not rates applied to the Federal Government. CSCI s Federal
More informationInformation for entity management. April 2018
Information for entity management April 2018 Note to readers: The purpose of this document is to assist management with understanding the cybersecurity risk management examination that can be performed
More informationInternational Standard on Auditing (UK) 505
Standard Audit and Assurance Financial Reporting Council July 2017 International Standard on Auditing (UK) 505 External Confi rmations The FRC s mission is to promote transparency and integrity in business.
More informationTHE CORPORATE CON: INTERNAL FRAUD AND THE AUDITOR
THE CORPORATE CON: INTERNAL FRAUD AND THE AUDITOR GLOBAL HEADQUARTERS THE GREGOR BUILDING 716 WEST AVE AUSTIN, TX 78701-2727 USA TABLE OF CONTENTS I. INTRODUCTION Video Supplement... 1 Course Objectives
More informationProcessing Techniques. Chapter 7: Design and Development and Evaluation of Systems. Online Processing. Real-time Processing
Processing Techniques Chapter 7: Design and Development and Evaluation of Systems The Processing Methods for a system can be divided into: Online Processing Real-time Processing Batch Processing B2001
More informationPowered by TCPDF (
Powered by TCPDF (www.tcpdf.org) 1 FINANCE AND ACCOUNTING FOR NON-FINANCIAL PROFESSIONALS 28th Feb - 3rd Mar, 2017 1st - 4th Aug, 2017 2 MODERN APPROACHES TO CORPORATE AND INDIVIDUAL TAX COMPLIANCE 28th
More informationTESTING General & Automated Control
TESTING General & Automated Control Testin g Testing is a process of executing a program with the objective of finding an error. A good test case is one that has a high possibility of finding an undiscovered
More informationINFORMATION TECHNOLOGY AUDITING GAO AND THE FISCAM AUDIT FRAMEWORK. Ronald E. Franke, CISA, CIA, CFE, CICA. April 30, 2010
INFORMATION TECHNOLOGY AUDITING GAO AND THE FISCAM AUDIT FRAMEWORK Presented by Ronald E. Franke, CISA, CIA, CFE, CICA April 30, 2010 1 Agenda General Accountability Office (GAO) and IT Auditing Federal
More informationMICROSOFT DYNAMICS GP GENERAL LEDGER YEAR-END CLOSING PROCEDURES
GENERAL LEDGER YEAR-END CLOSING PROCEDURES Before you perform year-end closing procedures, you will need to: complete the posting of all entries and adjusting entries to reflect the transactions for the
More information4. The portion of the monthly bill from a credit card company is an example of a turn-around document.
Chapter 2 Introduction to Transaction Processing Introduction to Accounting Information Systems, 8e Test Bank, Chapter 2 TRUE/FALSE 1. Processing more transactions at a lower unit cost makes batch processing
More informationFull file at https://fratstock.eu INTRODUCTION TO TRANSACTION PROCESSING
CHAPTER 2 2-1 OUTLINE OF CHAPTER 2 Learning Objectives An Overview of Transaction Processing Transaction Cycles The Expenditure Cycle The Conversion Cycle The Revenue Cycle Accounting Records Manual Systems
More informationKENYA SCHOOL OF GOVERNMENT EMPLOYMENT OPORTUNITY (EXTERNAL ADVERTISEMENT)
KENYA SCHOOL OF GOVERNMENT EMPLOYMENT OPORTUNITY (EXTERNAL ADVERTISEMENT) 1. DIRECTOR, LEARNING & DEVELOPMENT - LOWER KABETE Reporting to the Director General, Campus Directors will be responsible for
More informationIntroduction to Automated Controls. Jay Swaminathan Senior Manager, SOAProjects. San Francisco Chapter
Introduction to Automated Controls Jay Swaminathan Senior Manager, SOAProjects Agenda Defining Automated Controls The Value of Automated Controls Common Testing Approaches ITGC considerations The Concept
More informationPART 5: INFORMATION TECHNOLOGY RECORDS
PART 5: INFORMATION TECHNOLOGY RECORDS SECTION 5 1: RECORDS OF AUTOMATED APPLICATIONS GR5800 01 AUDIT TRAIL RECORDS Files needed for electronic data audits such as files or reports showing transactions
More informationChapter 2 Introduction to Transaction Processing
Chapter 2 Introduction to Transaction Processing TRUE/FALSE 1. Processing more transactions at a lower unit cost makes batch processing more efficient than real-time systems. T 2. The process of acquiring
More informationUni Hamburg Mainframe Summit 2010 z/os The Mainframe Operating. Part 4 z/os Overview
Uni Hamburg Mainframe Summit 2010 z/os The Mainframe Operating Part 4 z/os Overview Redelf Janßen IBM Technical Sales Mainframe Systems Redelf.Janssen@de.ibm.com Course materials may not be reproduced
More information"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary
Course Summary Description In this course, you will perform evaluations of organizational policies, procedures, and processes to ensure that an organization's information systems align with overall business
More information26 February Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, NW Washington, DC
3701 Algonquin Road, Suite 1010 Telephone: 847.253.1545 Rolling Meadows, Illinois 60008, USA Facsimile: 847.253.1443 Web Sites: www.isaca.org and www.itgi.org 26 February 2007 Office of the Secretary Public
More informationMIS 5121: Business Process, ERP Systems & Controls Week 9: Security: User Management, Segregation of Duties (SOD)
MIS 5121: Business Process, ERP Systems & Controls Week 9: Security: User Management, Segregation of Duties (SOD) Edward Beaver Edward.Beaver@temple.edu ff Video: Record the Class Discussion v Something
More informationISACA CISA Review Course CHAPTER 1 THE IS AUDIT PROCESS
ISACA The recognized global leaders in IT governance, control and assurance 1 2007 CISA Review Course CHAPTER 1 THE IS AUDIT PROCESS 2 1 Chapter Overview 1. Introduction Organization of the IS audit function
More informationADVANCED AUDIT AND ASSURANCE
ADVANCED AUDIT AND ASSURANCE CPA PROGRAM SUBJECT OUTLINE The Advanced Audit and Assurance subject provides a body of knowledge for you to understand the nature and diversity of audit and assurance engagements.
More informationThe CIA Challenge Exam. August 2018
The CIA Challenge Exam August 2018 The IIA is committed to providing a clearly defined, professionally relevant suite of global certifications to support internal auditors as they progress through their
More informationGEORGIA DEPARTMENT OF CORRECTIONS Standard Operating Procedures IIA (204.07) Authority: Effective Date: Page 1 of Bryson/Jacobs 04/21/15 6
GEORGIA DEPARTMENT OF CORRECTIONS Standard Operating Procedures Facility /Education Subject: Inmate Use of Computers (204.07) Revises Previous Authority: Page 1 of Bryson/Jacobs I. POLICY: It is the policy
More informationCASH MANAGEMENT TRAINING FY2018
CASH MANAGEMENT TRAINING FY2018 Katie Mahoney katherine.mahoney@maine.edu 780-4484 The Office of Finance & Administration University of Southern Maine University of Maine System - 1 - Cash Collection The
More informationIntroduction to Automated Controls
Introduction to Automated Controls Matthew Hatch, Oliver Petri Agenda Defining Automated Controls The Value of Automated Controls Common Testing Approaches The Concept of 'Benchmarking Questions / Comments
More informationFigure 1-1a Data in context. Context helps users understand data
Chapter 1: The Database Environment Modern Database Management 9 th Edition Jeffrey A. Hoffer, Mary B. Prescott, Heikki Topi 2009 Pearson Education, Inc. Publishing as Prentice Hall 1 Definition of terms
More informationBusiness Continuity Planning
Information Systems Audit and Control Association www.isaca.org Business Continuity Planning AUDIT PROGRAM & INTERNAL CONTROL QUESTIONNAIRE The Information Systems Audit and Control Association With more
More informationMaking trust evident Reporting on controls at Service Organizations
www.pwc.com Making trust evident Reporting on controls at Service Organizations 1 Does this picture look familiar to you? User Entity A User Entity B User Entity C Introduction and background Many entities
More informationYear-end closing procedures for General Ledger in
Page 1 of 18 Year-end closing procedures for General Ledger in Microsoft Dynamics GP Summary This article outlines the recommended year-end closing procedures for Microsoft Dynamics GP. This article contains
More informationTest bank for accounting information systems 1st edition by richardson chang and smith
Test bank for accounting information systems 1st edition by richardson chang and smith Chapter 04 Relational Databases and Enterprise Systems True / False Questions 1. Three types of data models used today
More informationSECTION 15 KEY AND ACCESS CONTROLS
15.1 Definitions A. The definitions in this section shall apply to all sections of the part unless otherwise noted. B. Definitions: Access Badge / Card a credential used to gain entry to an area having
More informationMicrosoft Dynamics GP: General Ledger Year-End Closing Procedures
Microsoft Dynamics GP: General Ledger Year-End Closing Procedures Introduction This article outlines the recommended year-end closing procedures for Microsoft Dynamics GP. This article contains a checklist
More informationAdvanced Corporate Reporting. Corporate Reporting. Financial Accounting. Management in Organisations
CPA Syllabus 018: Auditing Stage: Professional 1 Subject Title: Auditing Examination Duration: 3 Hours Aim The aim of this subject is to introduce students to the concepts and principles of the audit process
More informationChapter 12. Databases. McGraw-Hill/Irwin. Copyright 2008 by The McGraw-Hill Companies, Inc. All rights reserved.
Chapter 12 Databases McGraw-Hill/Irwin Copyright 2008 by The McGraw-Hill Companies, Inc. All rights reserved. 1 Introduction to Databases Much like a library, secondary storage is designed to store information.
More informationIT Attestation in the Cloud Era
IT Attestation in the Cloud Era The need for increased assurance over outsourced operations/ controls April 2013 Symeon Kalamatianos M.Sc., CISA, CISM Senior Manager, IT Risk Consulting Contents Introduction
More informationChapter 8: SDLC Reviews and Audit Learning objectives Introduction Role of IS Auditor in SDLC
Chapter 8: SDLC Reviews and Audit... 2 8.1 Learning objectives... 2 8.1 Introduction... 2 8.2 Role of IS Auditor in SDLC... 2 8.2.1 IS Auditor as Team member... 2 8.2.2 Mid-project reviews... 3 8.2.3 Post
More informationThe risk of SQL forms within the Oracle Applications- How did that Happen?
The risk of SQL forms within the Oracle Applications- How did that Happen? Alfredo Pantaleon, Sr. Principal- GRC Services, KBACE Jeffrey Hare, CPA CISA CIA - ERP Seminars March 26, 2009 1. Presenter Alfredo
More informationPeopleSoft Finance Access and Security Audit
PeopleSoft Finance Access and Security Audit City of Minneapolis Internal Audit Department September 20, 2016 1 Contents Page Background... 3 Objective, Scope and Approach... 3 Audit Results and Recommendations...
More informationTRAINING SEMINAR COURSE OUTLINE October
TRAINING SEMINAR COURSE OUTLINE October 10-12 2016 FACILITATOR S BIOGRAPHY SHAWNA M FLANDERS CRISC, CISM, CISA, CSSGB, SSBB Shawna is the Founder and CEO of Business Technology Guidance Associates, LLC.,
More informationMicrosoft Certified Professional Transcript
Microsoft Certified Professional Transcript Last Activity Recorded September 26, 2013 Microsoft Certification ID 1004726 JANE HOWELL F1 Computing Systems Ltd 3 Kelso Place Upper Bristol Road Bath BA1 3AU
More informationCourse list for the Bachelor of Computer Science in INFORMATION SYSTEM
Course list for the Bachelor of Computer Science in INFORMATION SYSTEM Course Objectives: Preparing graduates with knowledge, skills and competencies in the field of information systems, especially in
More informationHow Internal Control Translates into RACF
How Internal Control Translates into RACF New York and Tampa Bay RACF User Group David Hayes U.S. Government Accountability Office 15 March 2017 1 Speaker Introduction David Hayes is an information systems
More informationNational Wood Products, Inc. FSC Chain of Custody NWP CENTRAL OFFICE Standard Operating Procedure REVIEW DATE: August 17, 2013
National Wood Products, Inc. NWP CENTRAL OFFICE Standard Operating Procedure REVIEW DATE: August 17, 2013 ORIGINAL DOCUMENT DATE: August 11, 2008 Prepared By: Tanya Coy C:\Users\tcoy\Documents\FSC CERTIFICATION\NWP
More informationQuick Start Guide SYSTEM REQUIREMENTS GETTING STARTED NAVIGATION THE WIZARD
SYSTEM REQUIREMENTS Windows Windows 2000 Service Pack 4 or later, XP, or Vista 500 MHz Pentium class processor or better Sun Java Runtime Environment (JRE) Version 6 Update 2 or later 256MB RAM 1024 x
More informationExposure Draft The Auditor s Responsibility to Consider Fraud in an Audit of Financial Statements
Chartered Accountants of Canada Comptables agréés du Canada The Canadian Institute of Chartered Accountants 277 Wellington Street West Toronto, Ontario Canada M5V 3H2 Tel: (416) 977-3222 Fax: (416) 977-8585
More informationISACA Cincinnati Chapter March Meeting
ISACA Cincinnati Chapter March Meeting Recent and Proposed Changes to SOC Reports Impacting Service and User Organizations. March 3, 2015 Presenters: Sayontan Basu-Mallick Lori Johnson Agenda SOCR Overview
More informationPlease note these differences are broadly categorized and discussed as such under the following headings:
Introduction This article explains how to troubleshoot differences observed between the VAT Control account, or total of all VAT Control accounts balances (if relevant), and the Tax Reports Tax Report.
More informationGeneral Dynamics Information Technology, Inc.
General Dynamics Information Technology, Inc. GS-35F-080CA SIN 132-100 Ancillary Services Labor Category Requirements and Descriptions Rev 12-5-17 LABOR CATEGORIES, EDUCATION AND YEARS OF EXPERIENCE *These
More informationTechnology Competence Initiative
THE INSTITUTE OF CHARTERED ACCOUNTANTS OF NIGERIA (Established by Act of Parliament No. 15 of 1965) Technology Competence Initiative Initial Implementation of IFAC Education Guideline No 11 on Information
More informationCCSA, CFSA, CGAP Transition FAQs
CCSA, CFSA, CGAP Transition FAQs July 2018 Frequently Asked Questions (FAQ) Q. How is the Certified Government Auditing Professional (CGAP) certification changing? A. The CGAP certification will be repositioned
More informationAuditing and assurance
Auditing and assurance Higher School of Economics, ICEF Lecturer: Anna Pirozhkova Seminars: Tatiana Shurchkova Contacts +7 (916) 468 33 99 (Anna), ann.pirozhkova@gmail.com Target audience 4th Year students.
More informationApex Information Security Policy
Apex Information Security Policy Table of Contents Sr.No Contents Page No 1. Objective 4 2. Policy 4 3. Scope 4 4. Approval Authority 5 5. Purpose 5 6. General Guidelines 7 7. Sub policies exist for 8
More informationSTATE OF NORTH CAROLINA
STATE OF NORTH CAROLINA AUDIT OF APPLICATION CONTROLS EMPLOYMENT SECURITY COMMISSION DECEMBER 2008 OFFICE OF THE STATE AUDITOR LESLIE W. MERRITT, JR., CPA, CFP STATE AUDITOR AUDIT OF APPLICATION CONTROLS
More informationFull file at https://fratstock.eu
TEACHING TIPS Chapter 2 SYSTEMS TECHNIQUES AND DOCUMENTATION I normally introduce flowcharting symbols with simple examples on the board. I first introduce a very simple manual flowchart involving only
More informationFSC STANDARD. Standard for Multi-site Certification of Chain of Custody Operations. FSC-STD (Version 1-0) EN
FOREST STEWARDSHIP COUNCIL INTERNATIONAL CENTER FSC STANDARD Standard for Multi-site Certification of Chain of Custody Operations FSC-STD-40-003 (Version 1-0) EN 2007 Forest Stewardship Council A.C. All
More informationStreamlined Sales and Use Tax Agreement (11/12/02) Certification and Auditing Standards
Streamlined Sales and Use Tax Agreement (11/12/02) Certification and Auditing Standards D R A F T (rev 5/6/03) SECTION I - INTRODUCTION Article V, Section 501, of the Streamlined Sales and Use Tax Agreement,
More informationRecommendations for Implementing an Information Security Framework for Life Science Organizations
Recommendations for Implementing an Information Security Framework for Life Science Organizations Introduction Doug Shaw CISA, CRISC Director of CSV & IT Compliance Azzur Consulting Agenda Why is information
More informationSystems auditability and control in an EFTS environment
Systems auditability and control in an EFTS environment by RUSSELL DEWEY SRI International Menlo Park, California INTRODUCTION Losses from accidental and intentional acts involving computers and data communications
More informationMinnesota State Colleges and Universities System Procedures Chapter 5 Administration
Minnesota State Colleges and Universities System Procedures Chapter 5 Administration 5.25.1 Use of Electronic Part 1. Purpose. This procedure establishes requirements for the consistent, secure implementation
More informationAppendix II Labor Categories
Appendix II Labor Categories The following section describes the labor categories to be provided under the RFP. Administrator, Systems Duties: Monitor and coordinate all data system operations, including
More informationITSS Model Curriculum. - To get level 3 -
ITSS Model Curriculum - To get level 3 - (Corresponding with ITSS V3) IT Skill Standards Center IT Human Resources Development Headquarters Information-Technology Promotion Agency (IPA), JAPAN Company
More informationAT FIRST VIEW C U R R I C U L U M V I T A E. Diplom-Betriebswirt (FH) Peter Konrad. Executive Partner Senior Consultant
Our Contact Details IT-SCAN GMBH c/o: DOCK3 Hafenstrasse 25-27 68159 Mannheim E: info@it-scan.de W: www.it-scan.de Nationalität Berufserfahrung C U R R I C U L U M V I T A E Diplom-Betriebswirt (FH) Peter
More informationA Global Look at IT Audit Best Practices
A Global Look at IT Audit Best Practices 2015 IT Audit Benchmarking Survey March 2015 Speakers Kevin McCreary is a Senior Manager in Protiviti s IT Risk practice. He has extensive IT audit and regulatory
More informationFull file at
CHAPTER 2 INTRODUCTION TO TRANSACTION PROCESSING REVIEW QUESTIONS 1. The expenditure cycle, conversion cycle, and revenue cycle. 2. Purchases/accounts payable system, cash disbursements system, and payroll
More informationCHAPTER 2 INTRODUCTION TO TRANSACTION PROCESSING
CHAPTER 2 INTRODUCTION TO TRANSACTION PROCESSING REVIEW QUESTIONS 1. The expenditure cycle, conversion cycle, and revenue cycle. 2. Purchases/accounts payable system, cash disbursements system, and payroll
More informationInternationally recognised. Financial and Quantitative qualifications
Financial and Quantitative qualifications Internationally recognised Financial and Quantitative qualifications Contents About LCCI International Qualifications from EDI Financial qualifications Quantitative
More informationRevolution User Manual - Management Information
Revolution User Manual - Management Information 1 Management Information Contents 3. Tips for using this manual and Revolution 4. Till balancing using cashouts Running a cashout 5. Reports 6. General Reports:
More informationNotes By: Shailesh Bdr. Pandey, TA, Computer Engineering Department, Nepal Engineering College
FLOWCHARTING The flowchart is a means of visually presenting the flow of data through an information processing systems, the operations performed within the system and the sequence in which they are performed.
More informationInformation Security Policy
April 2016 Table of Contents PURPOSE AND SCOPE 5 I. CONFIDENTIAL INFORMATION 5 II. SCOPE 6 ORGANIZATION OF INFORMATION SECURITY 6 I. RESPONSIBILITY FOR INFORMATION SECURITY 6 II. COMMUNICATIONS REGARDING
More informationModern Systems Analysis and Design
Modern Systems Analysis and Design Sixth Edition Jeffrey A. Hoffer Joey F. George Joseph S. Valacich Designing Databases Learning Objectives Concisely define each of the following key database design terms:
More informationCHAPTER 2 INTRODUCTION TO TRANSACTION PROCESSING. 1. The expenditure cycle, conversion cycle, and revenue cycle.
Solution Manual for Accounting Information Systems 9th Edition by Hall Link full download: http://testbankair.com/download/solution-manual-foraccounting-information-systems-9th-edition-by-hall/ CHAPTER
More information