100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Previously searched by you
Previously searched by you
logo
Summary GENERAL CONTROLS FOR AUDIT378 $6.82   Add to cart
Quickly navigate to
Preview
  2.  
  3. Stellenbosch University (SUN)
  4.  
  5. Auditing 378 / Ouditkunde 378 (AUDIT378)

Summary

Summary GENERAL CONTROLS FOR AUDIT378
 30 views  0 purchase
  • Course
  • Auditing 378 / Ouditkunde 378 (AUDIT378)
  • Institution
  • Stellenbosch University (SUN)

GENERAL CONTROLS FOR AUDIT378

Preview 2 out of 11  pages

Document information

  • July 14, 2022
  • 11
  • 2017/2018
  • Summary

Subjects

  • audit
  • auditing
  • audit378
  • general controls
  • audit general controls

Written for

  • Stellenbosch University (SUN)
  • Auditing 378 / Ouditkunde 378 (AUDIT378)
All documents for this subject (19)

Seller

avatar-seller
nosizwenoceemadoda

Content preview

Auditing 378
General Controls




Organisational and Staff System Development and Access Controls Business Continuity Standards and
Practices Change Controls Operational Controls
 Responsibility level,  Request & authorisation, Preventative Internal Preventative Internal  Scheduling and
corporate structure and needs assessment and Controls Controls production
reporting lines strategy selection  Security  Operating runs/processing
 Segregation of duties  Planning and design management and Environment protect  Operating activities
- between departments  Development and Testing policy against and use of assets
and  Implementation  Physical (i) physical and  Librarian controls
- within departments  Post implementation and access/controls (ii) non-physical dangers  Logs and registers
 Staffing practices training - Facilities and Corrective Internal  Disaster recovery plan
- system Controls
 Supervision and review and backup
 Logical controls  Repair after disaster
- Data) by
Detective Internal (i) backups and
Controls (ii) recovery plans
 Logs and reviews
 Librarian controls



Organisational Controls
- Objective: To establish an organisational framework for Information Systems activities
- This framework governs:
1. Levels of responsibility (structure)
 Management MUST establish responsibility
 at Directors’ Meetings,
 through Computer Steering Committee
- Overall control, priorities, management policy
- Communication channel: users & IS department
 And by speaking to the IS Manager who runs the processes on a day-to-day basis)
 Management MUST also establish clear reporting levels (who reports to who – top-down
approach) and
 must have a fixed policy on the documentation and clear communication channels to be
used in the business.

2. Segregation of duties
 There should be separation between IS and users department

,  Eg. IS department may not authorize transactions, change Master files, or correct
errors.
 Users department checks and reviews masterfiles
 Separate IS department
 Organisationally independent of users
 Report directly to top management
 Separation within computer environment
 Segregation between initiation, authorisation, custody and the reporting functions
 Separation within CIS department
 Minimum segregation of duties required
 Development/programming AND
 Operations
 Separation should look as follows: [Ideal separate individuals are:]
 System development (Analysts and programmers)
 Operations (Operators)
 Librarian
 Data control (Data control clerks and Database Administrators)
 Users

3. Supervision and review
 The IS Manager and department heads should do regular system surveys (to check that
everything is in order), as well as after every change in the system.
 ALSO, the users must check the IS department’s programs, using sample data, to determine
whether the program is functioning as needed.

4. Personnel practices
 There should be written practices regarding:
 Employment (hiring) processes
 Staff scheduling policies and processes
 Regular leave policies
 Rotation of duties (cross-training)
 Continuous evaluation & training (of IS personnel – to make sure that they stay
relevant)
 Policies regarding dismissals or resignations
RISKS:
 Conducting unauthorised transactions
 Collusion to commit and hide fraud
 Multiple functions performed by a single application (previously performed by separate individuals)
 Errors are not detected
 Untrustworthy or incompetent persons

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller nosizwenoceemadoda. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $6.82. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

60904 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$6.82
  • (0)
  Add to cart