Summary
Summary GENERAL CONTROLS FOR AUDIT378
- Institution
- Stellenbosch University (SUN)
GENERAL CONTROLS FOR AUDIT378
[Show more]
Seller
Follow
Content preview
Auditing 378General Controls
Organisational and Staff System Development and Access Controls Business Continuity Standards and
Practices Change Controls Operational Controls
Responsibility level, Request & authorisation, Preventative Internal Preventative Internal Scheduling and
corporate structure and needs assessment and Controls Controls production
reporting lines strategy selection Security Operating runs/processing
Segregation of duties Planning and design management and Environment protect Operating activities
- between departments Development and Testing policy against and use of assets
and Implementation Physical (i) physical and Librarian controls
- within departments Post implementation and access/controls (ii) non-physical dangers Logs and registers
Staffing practices training - Facilities and Corrective Internal Disaster recovery plan
- system Controls
Supervision and review and backup
Logical controls Repair after disaster
- Data) by
Detective Internal (i) backups and
Controls (ii) recovery plans
Logs and reviews
Librarian controls
Organisational Controls
- Objective: To establish an organisational framework for Information Systems activities
- This framework governs:
1. Levels of responsibility (structure)
Management MUST establish responsibility
at Directors’ Meetings,
through Computer Steering Committee
- Overall control, priorities, management policy
- Communication channel: users & IS department
And by speaking to the IS Manager who runs the processes on a day-to-day basis)
Management MUST also establish clear reporting levels (who reports to who – top-down
approach) and
must have a fixed policy on the documentation and clear communication channels to be
used in the business.
2. Segregation of duties
There should be separation between IS and users department
, Eg. IS department may not authorize transactions, change Master files, or correct
errors.
Users department checks and reviews masterfiles
Separate IS department
Organisationally independent of users
Report directly to top management
Separation within computer environment
Segregation between initiation, authorisation, custody and the reporting functions
Separation within CIS department
Minimum segregation of duties required
Development/programming AND
Operations
Separation should look as follows: [Ideal separate individuals are:]
System development (Analysts and programmers)
Operations (Operators)
Librarian
Data control (Data control clerks and Database Administrators)
Users
3. Supervision and review
The IS Manager and department heads should do regular system surveys (to check that
everything is in order), as well as after every change in the system.
ALSO, the users must check the IS department’s programs, using sample data, to determine
whether the program is functioning as needed.
4. Personnel practices
There should be written practices regarding:
Employment (hiring) processes
Staff scheduling policies and processes
Regular leave policies
Rotation of duties (cross-training)
Continuous evaluation & training (of IS personnel – to make sure that they stay
relevant)
Policies regarding dismissals or resignations
RISKS:
Conducting unauthorised transactions
Collusion to commit and hide fraud
Multiple functions performed by a single application (previously performed by separate individuals)
Errors are not detected
Untrustworthy or incompetent persons
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through EFT, credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying this summary from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller nosizwenoceemadoda. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy this summary for R120,00. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
60904 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy summaries for 14 years now