VCS we check the healthy of your computer and internet connection for security reasons.
Systems audit, is an examination of the management controls within an Information technology (IT) infrastructure. The evaluation of obtained evidence determines if the information systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve the organization’s goals or objectives.
There are five areas of risk in an organization’s information systems as identified here:
- Overall (General)
- System development, acquisition and modification
- The working of the programs in the system (processing)
- The capture and input of data into the system (source data)
- The storage of data that has been input (data files)
- Systems review
- Inspecting computer sites.
- Interviewing personnel.
- Reviewing policies and procedures.
- Examining access logs, insurance policies, and the disaster recovery plan.
Auditors test security controls by:
- Observing procedures.
- Verifying that controls are in place and work as intended.
OVERALL SECURITY Evaluate General Controls
Control procedures to minimize general risks:
- Developing an information security/protection plan.
- Restricting physical and logical access.
- Encrypting data.Protecting against viruses.
- Implementing firewalls.
- Instituting data transmission controls.
- Preventing and recovering from system failures or disasters, including:
(i)Designing fault-tolerant systems.
(ii)Preventive maintenance.Backup and recovery procedures.
(iii)Disaster recovery plans.Adequate insurance.
- Processing test data.
- Involves testing a program by processing a hypothetical series of valid and invalid transactions.
- The program should:
a. Process all the valid transactions correctly.
b. Identify and reject the invalid ones.
- All logic paths should be checked for proper functioning by one or more test transactions, including:
(I) Records with missing data.
(II) Fields containing unreasonably large amounts.
(III) Invalid account numbers or processing codes.
(IV) Non-numeric data in numeric fields.
(V)Records out of sequence.
restrictions on physical access to data files
Logical access (access by program) controls using passwords
Encryption of highly confidential data
Use of virus protection software
Maintenance of backup copies of all data files in an off-site location
Effective handling of source data [input documents] input by data entry dept personnel
User authorization of source data input
Logging of the receipt, movement, and disposition of source data input
Effective procedures for correcting and resubmitting erroneous data
Computer audit software (CAS) or generalized audit software (GAS) are computer programs that have been written especially for auditors.
Two of the most popular:
Audit Control Language (ACL)
Based on auditor’s specifications, CAS generates programs that perform the audit function.
CAS is ideally suited for examination of large data files to identify records needing further audit scrutiny.