Auditing in CIS Environment Self Test) initially to test all the hardware and then performs booting processing

with the help of bootstrap code stored in the ROM.

Test 1: Identify Software or Hardware 10 points.
5. Secondary storage device (hard disk, floppies, optical disks) - The secondary
Major components of and Information System
storage device such as hard disk, optical disk, floppy disk, etc is used to stored
A typical information system records, processes, stores and disseminates
data in large quantities for long term use. the secondary memory can store an
information system that consists if the methods and records established to record,
enormous amount of data and cheaper as compared to the main memory.
process, summarize, and report an entity’s transactions and to maintain
however, the secondary storage is much slower than the main memory.
accountability for the related assets, liabilities, and equity.
6. Input devices (keyboard, mouse, touchpad) - The primary function of an
Generally, all information systems are comprised of the following major
input device is to receive the raw data from the user for processing. The
components:
different input devices used in the computer system are keyboard, mouse,
1. Hardware
microphone, scanner, etc.
This refers to the computer and peripheral equipment for input, output and
storage data.
7. Output devices (monitor) - The job of the output device is to display
meaningful results after processing is done. The different output devices used in
Different Hardware Components of a Computer
the computer are monitor printer, multimedia projector, speakers, etc.
The main hardware components of a computer are as under:
1. Central Processing Unit (CPU) - The central processing unit or the processor
8. SMPS (Switch Mode Power Supply) - SMPS stands for Switched
is the brain of the Computer. It is the main think tank where all the calculations
Mode Power Supply. It provides a regulated power supply to the sensitive parts
and logical decisions are made. The modern processor consists of millions of
of the computer. The different voltages are supplied to the computer
semiconductor transistors. The processor comes in many variants depending on
motherboard by the SMPS. The main DC regulated voltages generated by
their processing speed. The example of CPU is Intel Pentium, Intel Celeron,
SMPS are: 5volt DC, 12volt DC, 3volt DC, power good signal, etc.
Dual-Core processor, etc.

2. Motherboard - The motherboard is the primary printed multilayered circuit

When we look at the inside of any computer, all these hardware can be physically
board. It holds all the associated components of a computer system such as
seen and touched by our hands.
processor, memory, SMPS, input-output ports, etc. Motherboards come with
different form factors that define their size and the components on the
2. Software
motherboard.
This refers to the series of programs that provide instructions for operating
the computer or tell the computer equipment what to do:
3. Main memory (RAM) - The purpose of the main memory also called RAM in
a computer system is to store information. RAM is volatile and cannot retain its
Software id of two major types:
memory when the system is powered off. RAM stores all the files and programs
a) System software which controls the operations the operations of
that are currently running. Dynamic RAM is used for the main memory. The
the computer itself (e.g., the operating system which schedules
different variants of main memory available in the modern computer systems
tasks, executes application and controls connected devices and
are DDR, DDR2, DDR3 SDRAM, etc.
b) Application software which is designed to perform specific tasks
(e.g., payroll/application).
4. BIOS (ROM) - BIOS stands for Basic Input Output System. It is a ROM which
stores firmware to start up the computer system. It performs a POST (Power On

Application Software Type
Word processing
software: Tools that are used to
create word sheets and type
documents etc.
Spreadsheet software: Software
used to compute quantitative data.
Examples
Microsoft Word, WordPad,
AppleWorks and Notepad
Apple Numbers, Microsoft Excel
and Quattro Pro
software is not used by end-users like you. It only runs in the background of
your device, at the most basic level while you use other application
software. This is why system software is also called “low-level software”.
Operating systems are an example of system software. All of your
computer-like devices run on an operating system, including your desktop,
laptop, smartphone, and tablet, etc. Here is a list of examples of an
operating system. Let’s take a look and you might spot some familiar names
of desktop software :

Database software: Used to store Oracle, MS Access and FileMaker For desktop computers, laptops and tablets:
data and sort information. Pro  Microsoft Windows
 Mac Application (for Apple devices)
Application Suites: A collection  Linux
of related programs sold as a
package. OpenOffice, Microsoft Office For smartphones:
 Apple’s iOS
Multimedia software: Tools used  Google’s Android
for a mixture of audio, video,  Windows Phone OS
image and text content. Real Player, Media Player
Other than operating systems, some people also classify programming
Communication Software: Tools software and driver software as types of system software. However, we will
that connect systems and allow discuss them individually in the next two sections.
text, audio, and video-based
communication. MS NetMeeting, IRC, ICQ
Test 2: ENUMERATION 25 points
Internet Browsers: Used to Netscape Navigator, MS Internet Major Components of an Information System (HSDPPN)
access and view websites. Explorer, and Google Chrome
1. Hardware
Email Programs: Software used Microsoft Outlook, Gmail, Apple 2. Software
for emailing. Mail 3. Data
4. People
System Software 5. Procedures
System software helps the user, hardware, and application software to 6. Networks
interact and function together. These types of computer software allow an
environment or platform for other software and applications to work in. Functions of an Information System (CPC3)
This is why system software is essential in managing the whole computer
system. 1. Capture Input
2. Process
When you first power up your computer, it is the system software that is 3. Convey Output
initially loaded into memory. Unlike application software, the System 4. Collect Feedback
 5. Controls Five categories of General Control
Characteristics of various types of IT-Based Systems 1. Organization and Operations Controls
2. System development and Documentation Controls
1. Butch Processing
3. Hardware and Systems Software Controls
2. Real-time or Online Processing
4. Access Controls
3. Online Transaction Processing (OTP)
5. Data and Procedural Controls
4. Designing Support System
5. Expert System Segregation of Duties. The key function:
6. Centralized Processing System
1. System Analysts
7. Decentralized Processing Systems
2. Application Programmer
8. Client or Server Architecture (IT Architecture)
3. System Programmer
9. Local Area Network (LAN)
4. Operator
10. Wide Area Network
5. Data Librarian
11. Cloud Computing
6. Quality Assurance
12. Virtualized Client or Server Infrastructure
7. Control Group
13. Electronic Data Infrastructure or EDI
8. Data Security
Auditors Responsibilities 9. Database Administrator
10. Network Technician
1. Result in transaction trails that exist for a short period of time or only in
computer readable form; Two common controls over system change include the following:
2. Include program error that cause uniform mishandling of transactions-
clerical error become less frequent; 1. Design Methodology
3. Include computer controls that need to be relied upon instead of 2. Change Control Process
segregation of functions;
4. Involve increased difficulty in detecting an authorized access; Hardware and systems software controls
5. Allow increased management supervisory potential resulting from more 1. Parity Check
timely reports; 2. Echo Check
6. Include less documentation of initiation and execution of transactions;
3. Diagnostic Routines
7. Include computer controls that affect the effectiveness of related manual
4. Boundary Protection
control procedures that use computer output.
5. Periodic Maintenance

Internal Control in an IT Environment Test 3: Essay 15 points

1. General Control Activities 1. Briefly discuss the Application control activities.

2. Application control activities ANSWER: Application controls are controls that relate to a specific
3. User Control Activities application instead of multiple applications. Each accounting application that
is processed in an IT system is controlled during three steps within IT: input,
processing, and output. The input step converts human-readable information,
input data should be properly authorized and approved. Ensuring the integrity
of the information in the computer is critical during the processing step,
processing controls that are established during the input step and are revised or
checked during processing include counts, hash totals, and control totals.
Presentation of the results of processing to the user and retention of data for
future use occurs in the output step. Output should be scanned and tested by
comparison to original source documents.
2. Briefly discuss the General control activities.
ANSWER: General controls encompass those measures that exert influence
across various application systems, such as payroll, accounts payable, and
accounts receivable. They serve to delineate responsibilities between the IT
Department and user departments, thereby achieving optimal segregation of
duties. It's imperative to segregate roles like System Analysts, Data Librarians,
Operators, Programmers, Designers, etc., as each plays distinct functions
within the IT environment, essential for its seamless operation.
3. Briefly discuss the User control activities.
ANSWER: User controls refer to measures implemented to regulate and
monitor the actions and access of individual users. These controls are designed
to ensure that users can only perform authorized activities within the system
and that their actions are logged and auditable. User controls may include
mechanisms such as user authentication (e.g., usernames and passwords),
access permissions (e.g., assigning specific levels of access to different users
or groups), session management (e.g., automatically logging users out after a
period of inactivity), and activity logging (e.g., recording user actions for later
review). By implementing robust user controls, organizations can mitigate the
risk of unauthorized access, data breaches, and misuse of IT resources.