Ebook Brink’s modern internal auditing (7th edition): Part 2
➤ Gửi thông báo lỗi ⚠️ Báo cáo tài liệu vi phạmNội dung chi tiết: Ebook Brink’s modern internal auditing (7th edition): Part 2
Ebook Brink’s modern internal auditing (7th edition): Part 2
partỴImpact of InformationTechnology on InternalAuditingCHAPTER ỊgIT General Controls and ITILBest PracticesIn today’s world of information technology Ebook Brink’s modern internal auditing (7th edition): Part 2y (IT) processes and computer systems, ranging from applications to control an enterprise's accounting general ledger to the all-pervasive Internet, internal auditors must have a strong understanding of IT internal control techniques. Although the lines of separation arc sometimes difficult to under Ebook Brink’s modern internal auditing (7th edition): Part 2stand, we generally can think of IT controls on two broad levels: application controls that cover a specific process, such as an accounts payable applEbook Brink’s modern internal auditing (7th edition): Part 2
ication to pay invoices from purchases, and what arc called general IT controls. This latter category covers internal controls that are important for partỴImpact of InformationTechnology on InternalAuditingCHAPTER ỊgIT General Controls and ITILBest PracticesIn today’s world of information technology Ebook Brink’s modern internal auditing (7th edition): Part 2 concept of IT general controls goes back to the 1960s and the early days of centralized, mainframe computers. In those days, internal auditors sometimes looked for such things as an access control lock on a computer center door as a general control that covered all processes and applications operat Ebook Brink’s modern internal auditing (7th edition): Part 2ing within the centralized IT operations center. Today, we often think of the processes that covers all enterprise IT operations as the IT infrastructEbook Brink’s modern internal auditing (7th edition): Part 2
ure. Because of the many possiblevariations in IT techniques today, there is really no one set of rights and wrongs that covers all IT general controlpartỴImpact of InformationTechnology on InternalAuditingCHAPTER ỊgIT General Controls and ITILBest PracticesIn today’s world of information technology Ebook Brink’s modern internal auditing (7th edition): Part 2hapter looks at IT general controls from an internal audit perspective and with an emphasis on IT general controls based on the worldwide recognized set of best practices called the information technology infrastructure library (III I.). These rm. recommended best practices outline rhe type of frame Ebook Brink’s modern internal auditing (7th edition): Part 2work internal audit should consider when reviewing IT internal control risks and recommending effective I I general controls improvements.I laving a gEbook Brink’s modern internal auditing (7th edition): Part 2
eneral knowledge of IT general controls should Ise an essential common body of know ledge (CBOK) requirement for all internal auditors. Many internal partỴImpact of InformationTechnology on InternalAuditingCHAPTER ỊgIT General Controls and ITILBest PracticesIn today’s world of information technology Ebook Brink’s modern internal auditing (7th edition): Part 2internal auditors should have a CBOK level of understanding of IT general controls as well as the other IT issues discussed in chapters in this part of the volume.381382IT General Controls and n il. Best Practices18.1 Importance of IT General ControlsInternal auditors became involved with early IT a Ebook Brink’s modern internal auditing (7th edition): Part 2udit and control procedures—then called data-processing controls—when accounting applications were first installed on early punched-card-input computeEbook Brink’s modern internal auditing (7th edition): Part 2
r systems. Those early systems were often installed in glass-walled rooms within corporate lobbies to impress visitors with the enterprise’s “sophistipartỴImpact of InformationTechnology on InternalAuditingCHAPTER ỊgIT General Controls and ITILBest PracticesIn today’s world of information technology Ebook Brink’s modern internal auditing (7th edition): Part 2ology, would “audit around the computer." That is. internal auditors might look at input controls procedures and the application's outputs to check whether the inputs balanced to the output reports. In this era, there was little question about the accuracy and controls of reports produced by a compu Ebook Brink’s modern internal auditing (7th edition): Part 2ter systems. Internal auditors would just focus on the inputs and outputs while going around the actual computer program processing procedures.ThingsEbook Brink’s modern internal auditing (7th edition): Part 2
changed in the early 1970s with an extremely fast-growing Californiabased insurance company. Equity Funding. Some people believed the company was growpartỴImpact of InformationTechnology on InternalAuditingCHAPTER ỊgIT General Controls and ITILBest PracticesIn today’s world of information technology Ebook Brink’s modern internal auditing (7th edition): Part 2 The result was the discovery of a massive fraud with invalid data recorded on IT application files. Under management direction, fictitious insurance policy data had been entered on computer files. Equity Funding's external auditors had previously audited around the computer system, relying on print Ebook Brink’s modern internal auditing (7th edition): Part 2ed computer system output reports, with no supporting procedures to verify the correctness of computer programs and files. In the aftermath of the EquEbook Brink’s modern internal auditing (7th edition): Part 2
ity Funding affair, the American Institute of Certified Public Accountants (AICPA) and the Institute of Internal Auditors (IIA) began to emphasize thepartỴImpact of InformationTechnology on InternalAuditingCHAPTER ỊgIT General Controls and ITILBest PracticesIn today’s world of information technology Ebook Brink’s modern internal auditing (7th edition): Part 2those early days of business data processing, most computer systems were considered to lx' "large." and standard sets of auditor control objectives and procedures were developed for reviewing controls. Many of these objectives arc still applicable today, but internal auditors must look at these IT c Ebook Brink’s modern internal auditing (7th edition): Part 2ontrol objectives from a somewhat different perspective when reviewing controls in a modem IT environment. The profession Ix'gan to think of IT controEbook Brink’s modern internal auditing (7th edition): Part 2
ls within specific applications and general controls surrounding all IT operations. IT general controls cover all information systems operations and ipartỴImpact of InformationTechnology on InternalAuditingCHAPTER ỊgIT General Controls and ITILBest PracticesIn today’s world of information technology Ebook Brink’s modern internal auditing (7th edition): Part 2pter, these controls often depend on the nature and management of the specific size and type of systems used.■Integrity of data. Processes should lx- in place to ensure a level of integrity over all data used in various application programs. This control objective is a combination of the general ope Ebook Brink’s modern internal auditing (7th edition): Part 2rations controls discussed in this chapter as well as specific application controls discussed in Chapter 19.■Integrity of programs. New or revised proEbook Brink’s modern internal auditing (7th edition): Part 2
grams should lx* developed in a well-controlled manner to provide accurate processing results. These integrity control issues include the overall procpartỴImpact of InformationTechnology on InternalAuditingCHAPTER ỊgIT General Controls and ITILBest PracticesIn today’s world of information technology Ebook Brink’s modern internal auditing (7th edition): Part 2Controls383■Controls of the proper development and implementation of systems. Controls should lx- in place to ensure the orderly development of new and revised information systems. These control issues are discussed in Chapter 19.■Continuity of processing. Controls should be in place to back up key Ebook Brink’s modern internal auditing (7th edition): Part 2systems and to recover operations in the event of an unexpected outage—what was called disaster recovery planning and is often known today as businessEbook Brink’s modern internal auditing (7th edition): Part 2
continuity planning. These control issues are discussed in chapter 22.This chapter discusses general controls over in-house information systems operapartỴImpact of InformationTechnology on InternalAuditingCHAPTER ỊgIT General Controls and ITILBest PracticesIn today’s world of information technology Ebook Brink’s modern internal auditing (7th edition): Part 2fer in size and management, all should lx? subject to the same general control needs. In addition to discussing general controls procedures, this chapter also discusses some related computer hardware types and characteristics. Tile aim of this discussion is to encourage internal auditors to ask or l Ebook Brink’s modern internal auditing (7th edition): Part 2ook for the correct information in an information systems environment.18.2 Client-Server and Smaller Systems’ General IT ControlsInternal auditors traEbook Brink’s modern internal auditing (7th edition): Part 2
ditionally have had problems evaluating general controls in smaller IT operations, ranging from client-server systems to enterprise desktop systems. TpartỴImpact of InformationTechnology on InternalAuditingCHAPTER ỊgIT General Controls and ITILBest PracticesIn today’s world of information technology Ebook Brink’s modern internal auditing (7th edition): Part 2le internal auditors typically have looked for general IT controls in terms of the more traditional, larger mainframe IT environment. That is. they arc looking for the strong physical security, gtxxl revision, and proper separation of duties controls that often do not exist or arc only partially imp Ebook Brink’s modern internal auditing (7th edition): Part 2lemented in many smaller systems environments. This less formal approach may have lx*cn adequate when small business or desktop systems were used primEbook Brink’s modern internal auditing (7th edition): Part 2
arily for single office accounting or similar low-audit-risk applications. The large capacity and capability of today’s smaller systems, the growth ofpartỴImpact of InformationTechnology on InternalAuditingCHAPTER ỊgIT General Controls and ITILBest PracticesIn today’s world of information technology Ebook Brink’s modern internal auditing (7th edition): Part 2ng controls in smaller computer systems settings, internal auditors sometimes revert to the traditional, almost cooklxx)k types of controls recommendations. That is. they recommend that desktop systems lx? placed in locked rooms or that a small, two-person IT development staff should lie expanded to Ebook Brink’s modern internal auditing (7th edition): Part 2 four in order to ensure proper separation of duties. While there may be situations where such controls are appropriate, often they are not applicableEbook Brink’s modern internal auditing (7th edition): Part 2
in small business settings. Internal audit can easily lose credibility if its control recommendations are not appropriate to the risks found in smallGọi ngay
Chat zalo
Facebook