Scribd
Upload
183 views6 pages

It Controls Section 1) 1.1) Background

The document discusses IT controls and their importance for organizations. It describes the three classes of IT controls as preventive, detective, and corrective. It also discusses various types of IT controls including input controls, application controls, processing controls, data access controls, data manipulation controls, and output controls. The document concludes that organizations should determine which specific IT control areas to implement and develop appropriate policies and procedures to support those control measures.

Uploaded by

Noora Al Shehhi
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
183 views6 pages

It Controls Section 1) 1.1) Background

The document discusses IT controls and their importance for organizations. It describes the three classes of IT controls as preventive, detective, and corrective. It also discusses various types of IT controls including input controls, application controls, processing controls, data access controls, data manipulation controls, and output controls. The document concludes that organizations should determine which specific IT control areas to implement and develop appropriate policies and procedures to support those control measures.

Uploaded by

Noora Al Shehhi
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
You are on page 1/ 6

IT CONTROLS Section 1) Introduction 1.

1) Background Information technology (IT) control is about a process that will be providing assurance for information services and related information. This will be also including helping to mitigate the potential risks that are associated with the technology use. The reason that IT controls are very important is because it enables assessment of IT controls such as reviewing the current system security and reviewing the application control. At the same time, the auditors should ensure that the data are reliable in a computer system before actually relying on it. Some of the organizations are depending on internationally developed systems so there will be need for internal audit or self-assessment that might help in reducing audit findings1. 1.2) Purpose, Aim and Objectives

The purpose of project is to identify IT control and to analyze their actions in assisting for preventing or detecting errors and frauds. Therefore, the aims are maintaining and enforcing code of ethics, maintaining a system that is according to accounting internal controls, and maintaining a system that is about IT controls2. The general purposes of IT controls are applying in all the information systems. The major objectives are to make sure that computer programs are approved, authorized and tested before usage, and to make sure that access to such programs or data are with limited accessibility to authorized users3. IT controls provides assurance such as changes or development of computer programs, restriction in access, accuracy and completeness4. Section 2) IT Controls Discussion and Findings 2.1) The Three Classes of IT Controls The three classes of IT controls are preventive controls, detective controls, and corrective controls as described below: 1) Preventive controls are for preventing security, omissions and errors incidents to happen5; 2) Detective controls are for detecting incidents or errors that might elude implemented preventive controls6;

Texas State Agency Internal Audit Forum. (2009). Internal Control Requirements for the American Recovery and Reinvestment Act (ARRA). Retrieved 25 October 2009 from http://www2.dir.state.tx.us/SiteCollectionDocuments/SponsoredSites/StateAgencyCoordinatingCommittee/StateAgencyInter nalAuditForum(SAIAF)/Overview-InternalControls07-27-09.ppt
2

Turner, W. (1997). Accounting Information Systems, Chapter 3: Fraud, Ethics, and Internal Control. Retrieved 25 October 2009 from http://higheredbcs.wiley.com/legacy/college/turner/0471479519/ppt/ch03.ppt
3

Bradford, M. (1996). Core Concepts of AIS. Retrieved 25 October 2009 from http://www.uamont.edu/FacultyWeb/Hammett/ppt/AIS/ch12.ppt
4

Bradford, M. (1996). Chapter 9: Computer Controls for Accounting Information Systems. Retrieved 25 October 2009 from http://www.cba.ua.edu/~jomason/ac389/389-Ch09.ppt
5

Crumbley, L. (1996). Forensic Accounting: Strategies for Detecting & Controlling Fraud. Retrieved 25 October 2009 from http://www.bus.lsu.edu/accounting/faculty/lcrumbley/Malaysia_Spring2009_02042009.ppt
6

Crumbley, L. (1996). Forensic Accounting: Strategies for Detecting & Controlling Fraud. Retrieved 25 October 2009 from http://www.bus.lsu.edu/accounting/faculty/lcrumbley/Malaysia_Spring2009_02042009.ppt

Information Technology Controls


3) Corrective controls are for correcting incidents, omissions, and errors after detecting it7. 2.2) Information Technology Control Activities and Control Concerns

According to figure 1, it shows IT control concerns and their explanation to be taken under consideration:

Figure1: IT Control Concerns and their Explanation8 IT control activities are general and application controls, backup data, disaster recovery, and business continuity over information systems that will be including end-user, mainframe and network environments9. 2.3) Internal Controls

The organization should have IT internal controls such as the relationship between application controls and general controls as shown in figure 2 and their categories of control type explained in figure 3:

Figure 2: IT Internal Controls10

Crumbley, L. (1996). Forensic Accounting: Strategies for Detecting & Controlling Fraud. Retrieved 25 October 2009 from http://www.bus.lsu.edu/accounting/faculty/lcrumbley/Malaysia_Spring2009_02042009.ppt
8

Bradford, M. (1996). Core Concepts of AIS. Retrieved 25 October 2009 from http://www.uamont.edu/FacultyWeb/Hammett/ppt/AIS/ch12.ppt
9

Texas State Agency Internal Audit Forum. (2009). Internal Control Requirements for the American Recovery and Reinvestment Act (ARRA). Retrieved 25 October 2009 from http://www2.dir.state.tx.us/SiteCollectionDocuments/SponsoredSites/StateAgencyCoordinatingCommittee/StateAgencyInter nalAuditForum(SAIAF)/Overview-InternalControls07-27-09.ppt

age 2 of 6

Information Technology Controls

Figure 3: Control Type Categories11 2.4) Types of Controls

2.4.1. Input Controls The input controls are attempting to ensure that there is completeness, accuracy and validity of the data as entered into an AIS. The categories include additional input controls, edit tests, and transcription, observation and recording of data12. 2.4.2. Application Controls for Transaction Processing The reason for designing application controls are for correcting errors, correcting irregularities, along with detecting and preventing them. This will be taking place in transactions such as data processing stages of input, processing and output13. 2.4.3. Processing Controls The focus of processing controls is on the accounting data manipulation after the input event to the computer system. There are two kinds of processing controls: data manipulation controls and data access controls14. 2.4.4. Data-Access Control Totals within Processing Controls Data access controls include control procedures such as record count, hash total, financial and nonfinancial control total, and batch control total15.

10

Beasley, Elder, & Arens. (2012). The Impact of Information Technology on the Audit Process. Retrieved 25 October 2009 from http://www.cwu.edu/~rublem/acct_460Powerpoint_files/PP%20460%20Ch12.ppt
11

Beasley, Elder, & Arens. (2012). The Impact of Information Technology on the Audit Process. Retrieved 25 October 2009 from http://www.cwu.edu/~rublem/acct_460Powerpoint_files/PP%20460%20Ch12.ppt
12

Bradford, M. (1996). Chapter 9: Computer Controls for Accounting Information Systems. Retrieved 25 October 2009 from http://www.cba.ua.edu/~jomason/ac389/389-Ch09.ppt
13

Bradford, M. (1996). Chapter 9: Computer Controls for Accounting Information Systems. Retrieved 25 October 2009 from http://www.cba.ua.edu/~jomason/ac389/389-Ch09.ppt
14

Bradford, M. (1996). Chapter 9: Computer Controls for Accounting Information Systems. Retrieved 25 October 2009 from http://www.cba.ua.edu/~jomason/ac389/389-Ch09.ppt

age 3 of 6

Information Technology Controls


2.4.5. Data Manipulation Control In order to produce useful output, the data that was validated should be manipulated in some way. The data manipulation controls include test data, compiler, flow charts and diagrams, and software documentation16. 2.4.6. Output Control The output control ensures17: Completeness, Accuracy, and Validity. 2.5) Controls for Personal Computers

The controls for personal computers involves analyzing physical security, computers classification according to exposures and risks, utilizing applications, taking an inventory of personal computers18. Section 3) Conclusion

In conclusion, IT controls have several areas as discussed earlier. Therefore, the organization should determine the specific areas they need to implement IT controls. Accordingly, they should set procedures and policies supporting those IT control measures. We have also discussed IT controls in general and application.

15

Bradford, M. (1996). Chapter 9: Computer Controls for Accounting Information Systems. Retrieved 25 October 2009 from http://www.cba.ua.edu/~jomason/ac389/389-Ch09.ppt
16

Bradford, M. (1996). Chapter 9: Computer Controls for Accounting Information Systems. Retrieved 25 October 2009 from http://www.cba.ua.edu/~jomason/ac389/389-Ch09.ppt
17

Bradford, M. (1996). Chapter 9: Computer Controls for Accounting Information Systems. Retrieved 25 October 2009 from http://www.cba.ua.edu/~jomason/ac389/389-Ch09.ppt
18

Bradford, M. (1996). Core Concepts of AIS. Retrieved 25 October 2009 from http://www.uamont.edu/FacultyWeb/Hammett/ppt/AIS/ch12.ppt

age 4 of 6

Information Technology Controls


References 1) Texas State Agency Internal Audit Forum. (2009). Internal Control Requirements for the American Recovery and Reinvestment Act (ARRA). Retrieved 25 October 2009 from http://www2.dir.state.tx.us/SiteCollectionDocuments/SponsoredSites/StateAgencyCoordi natingCommittee/StateAgencyInternalAuditForum(SAIAF)/OverviewInternalControls07-27-09.ppt 2) Turner, W. (1997). Accounting Information Systems, Chapter 3: Fraud, Ethics, and Internal Control. Retrieved 25 October 2009 from http://higheredbcs.wiley.com/legacy/college/turner/0471479519/ppt/ch03.ppt 3) Bradford, M. (1996). Core Concepts of AIS. Retrieved 25 October 2009 from http://www.uamont.edu/FacultyWeb/Hammett/ppt/AIS/ch12.ppt 4) Bradford, M. (1996). Chapter 9: Computer Controls for Accounting Information Systems. Retrieved 25 October 2009 from http://www.cba.ua.edu/~jomason/ac389/389-Ch09.ppt 5) Crumbley, L. (1996). Forensic Accounting: Strategies for Detecting & Controlling Fraud. Retrieved pt 6) Crumbley, L. (1996). Forensic Accounting: Strategies for Detecting & Controlling Fraud. Retrieved pt 7) Crumbley, L. (1996). Forensic Accounting: Strategies for Detecting & Controlling Fraud. Retrieved pt 8) Bradford, M. (1996). Core Concepts of AIS. Retrieved 25 October 2009 from http://www.uamont.edu/FacultyWeb/Hammett/ppt/AIS/ch12.ppt 9) Texas State Agency Internal Audit Forum. (2009). Internal Control Requirements for the American Recovery and Reinvestment Act (ARRA). Retrieved 25 October 2009 from http://www2.dir.state.tx.us/SiteCollectionDocuments/SponsoredSites/StateAgencyCoordi natingCommittee/StateAgencyInternalAuditForum(SAIAF)/OverviewInternalControls07-27-09.ppt 25 October 2009 from http://www.bus.lsu.edu/accounting/faculty/lcrumbley/Malaysia_Spring2009_02042009.p 25 October 2009 from http://www.bus.lsu.edu/accounting/faculty/lcrumbley/Malaysia_Spring2009_02042009.p 25 October 2009 from http://www.bus.lsu.edu/accounting/faculty/lcrumbley/Malaysia_Spring2009_02042009.p

age 5 of 6

Information Technology Controls


10) Beasley, Elder, & Arens. (2012). The Impact of Information Technology on the Audit Process. Retrieved 25 October 2009 from http://www.cwu.edu/~rublem/acct_460Powerpoint_files/PP%20460%20Ch12.ppt 11) Beasley, Elder, & Arens. (2012). The Impact of Information Technology on the Audit Process. Retrieved 25 October 2009 from http://www.cwu.edu/~rublem/acct_460Powerpoint_files/PP%20460%20Ch12.ppt 12) Bradford, M. (1996). Chapter 9: Computer Controls for Accounting Information Systems. Retrieved 25 October 2009 from http://www.cba.ua.edu/~jomason/ac389/389-Ch09.ppt 13) Bradford, M. (1996). Chapter 9: Computer Controls for Accounting Information Systems. Retrieved 25 October 2009 from http://www.cba.ua.edu/~jomason/ac389/389-Ch09.ppt 14) Bradford, M. (1996). Chapter 9: Computer Controls for Accounting Information Systems. Retrieved 25 October 2009 from http://www.cba.ua.edu/~jomason/ac389/389-Ch09.ppt 15) Bradford, M. (1996). Chapter 9: Computer Controls for Accounting Information Systems. Retrieved 25 October 2009 from http://www.cba.ua.edu/~jomason/ac389/389-Ch09.ppt 16) Bradford, M. (1996). Chapter 9: Computer Controls for Accounting Information Systems. Retrieved 25 October 2009 from http://www.cba.ua.edu/~jomason/ac389/389-Ch09.ppt 17) Bradford, M. (1996). Chapter 9: Computer Controls for Accounting Information Systems. Retrieved 25 October 2009 from http://www.cba.ua.edu/~jomason/ac389/389-Ch09.ppt 18) Bradford, M. (1996). Core Concepts of AIS. Retrieved 25 October 2009 from http://www.uamont.edu/FacultyWeb/Hammett/ppt/AIS/ch12.ppt

age 6 of 6

You might also like