SlideShare une entreprise Scribd logo

Information Systems Audit - Ron Weber chapter 1

Télécharger en tant que PPTX, PDF
S
Sreekanth Narendran

Visit www.lifein01.com for presentations of all chapters. Auditing is the process of assessment of financial, operational, strategic goals and processes in organizations to determine whether they are in compliance with the stated principles, regulatory norms, rules, and regulations.

Technologie
1  sur  35
Information Systems Audit (Chapter 1)
Contents • Introduction • Need for control and audit of computers • Information systems auditing defined • Effects of computer on internal controls • Effect/advantages of computer in audit techniques
Introduction Auditing is the process of assessment of financial, operational, strategic goals and processes in organizations to determine whether they are in compliance with the stated principles ,regulatory norms, rules and regulations.
• Aim of information audit is to safe guard the assets, to maintain data integrity, to achieve system effectiveness and to achieve system efficiency. • The audit can be conducted internally by employees of the organization, or externally by an outside firm.
Need for control and Audit of computers computers assist in the processing of data and decision making. Factors: 1)Organizational cost of data loss 2)Incorrect decision making 3)Cost of computer abuse 4)Value of hardware, software 5)High costs of computer error 6)Maintainance of privacy 7)Controlled evolution of computer use
Organizational cost of data loss • Data provides the organization with an image of itself its environment, its history and its future. • If the Data is inaccurate or lost the organization can incur substantial losses. • There should be proper backup of computer files.
Incorrect decision making • Decision making depends on the quality of data and quantity of decision rules that exists in the computer based information system. • Inaccurate data causes costly, unnecessary investigations and out of control process can also remain undetected. Example: If the algorithm that the bank uses to give interest rates if incorrect the bank will undergo substantial loss.
• Not just management but parties who have interest in an organization also have an impact of incorrect data. Example: Shareholders might make poor investment decisions if they are provided with inaccurate financial information.
Costs of computer abuse Hacking: A person gaining unauthorized access of system to modify or delete program or to disrupt services. Viruses: It is a program that attaches itself to executable files or data files and replicate themselves and causes disruption.
Illegal physical access: A person gaining unauthorized physical access in the system.(can cause physical damage or make copies of data) Abuse of privileges: A person uses privileges for unauthorized purposes.(making copies of sensitive data they are permitted to access)
Consequences of Abuse: 1)Destruction of assets 2)Theft of assets 3)Modification of assets 4)Privacy violation 5)Unauthorized use of assets
Value of computer hardware and software • In addition to data Hardware and software are critical organizational resources. • Some intentional or unintentional loss of hardware can cause disruption in functioning of organization • If the software is corrupted the confidential information could be stolen could be disclosed to competitors.
High cost of computer error • Computers automatically perform many critical functions. Example: Computers allow banks to provide ATM services, online banking and accurate tracking and verification of funds.
Maintenance of privacy • All the important data of an individual like financial information, personal data everything is stored on computers • If there is some breach in the system all the private data will be gone in seconds thus making it important to protect and maintain the privacy.
Impact of ISA 1)Improved safeguard of assets 2)Improved data integrity 3)Improved system effectiveness 4)Improved system efficiency
Asset safeguarding objective • The information system assets of an organization includes hardware, software, people(knowledge),data files and system documentation. • These assets play a major role in organizational growth thus making it necessary to safeguard these assets.
Data integrity objective • Data integrity is an fundamental concept of information system auditing. • It is a state implying data has certain attributes like: completeness, soundness, purity and veracity. • If the integrity of an organization’s data is low it could suffer a great loss.
Three major factors affect the value of data : 1)The value of information content of the data item for individual decision makers. 2)The extent to which data item is shared among decision makers. 3)The value of data item to competitors.
System effectiveness objective • The effectiveness is the measure for deciding whether the system provides the desired output or not. Being effective means producing the right output in terms of quantity and quality. • Effectiveness auditing is done usually after the system has been running for sometime. • It can be carried out during the design stages of system.
System efficiency objectives • The efficiency indicates the manner in which the inputs are used by the system. Being efficient means the system uses inputs in a `right' way. • An efficient information system uses minimum resources to achieve its required objectives.
Effects of computers on internal control • The goals can be achieved only if an organization’s management sets up a system of internal control. • There is a huge impact of computers on the internal control components.
Components of internal control • Separation of duties • Delegation of authority • Competent and trustworthy personal • System of authorizations • Adequate documents and records • Physical control over assets and records • Adequate management supervision • Independent checks on performance
Separation of duties • In manual system separate individuals must be responsible for initiating transactions, recording transactions and maintaining the assets. • It prevents and detects errors and irregularity • Separation of duties must exist in different forms • The capability to run the program and change the program should be separated(privileges).
Delegation of authority and responsibility In a computer system delegating authority and responsibility is difficult because some resources are shared among various users. Example: In a database various users can access the same data. But by this the integrity is somehow violated. It is not possible to trace who is responsible for corrupting the data and who is responsible for identifying and correcting the errors.
Competent and trustworthy personnel • Substantial power is given to persons responsible for computer based information system developed, implemented, operated and maintained within organization. • Sometimes the personnel not only lacks skills but also well developed sense of ethics.
• In computer system it is difficult to assess whether the authority assigned to individual is consistent with the management’s goals. Example: Users can formulate queries on database that could fetch them contents of confidential data.
System of authorizations Management issues two types of authorizations: 1) general authorizations 2)specific authorizations
Adequate documents and records The systems should be designed in a way to maintain a record of all events and should be easily accessible in order to have effective auditing process.
Physical control over assets and records Computer system differs from manual systems in a way they concentrate all the information systems assets and records of an organization. Example: In manual system if a person wants to commit fraud he’ll have to go to different physical locations whereas in computer based all the data will be available in single site. Thus making it easy to execute the fraud.
Adequate management supervision • In computer based system supervision needs to be carried out remotely. • Managers must examine and do periodic auditing to check for unauthorized actions.
Independent checks on performance • The control emphasis should be on ensuring the veracity of program code. • Auditors must must evaluate controls established for program development, modification operation and maintenance.
Effects of computers on auditing 1)Changes to evidence collection 2)Changes to evidence evaluation
Foundation of information systems auditing 1)Traditional auditing 2)Information system management 3)Behavioral science 4)Computer science
Advantages of using computers in audit techniques • Increase the accuracy of audit tests • Perform audit tests more efficiently • Enable the audit team to test a large volume of data accurately and quickly • Reduce the level of human error in testing • Provide a better quality of audit evidence
Thank you

Recommandé

Conducting an Information Systems Audit
Conducting an Information Systems Audit Conducting an Information Systems Audit
Conducting an Information Systems Audit Sreekanth Narendran
 
03.2 application control
03.2 application control03.2 application control
03.2 application controlMulyadi Yusuf
 
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...Sreekanth Narendran
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Hendri Eka Saputra
 
Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1Yasir Khan
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Dinesh O Bareja
 
Information Systems Control and Audit - Chapter 4 - Systems Development Manag...
Information Systems Control and Audit - Chapter 4 - Systems Development Manag...Information Systems Control and Audit - Chapter 4 - Systems Development Manag...
Information Systems Control and Audit - Chapter 4 - Systems Development Manag...Sreekanth Narendran
 
Auditing SOX ITGC Compliance
Auditing SOX ITGC ComplianceAuditing SOX ITGC Compliance
Auditing SOX ITGC Complianceseanpizzy
 

Recommandé

Conducting an Information Systems Audit
Conducting an Information Systems Audit Conducting an Information Systems Audit
Conducting an Information Systems Audit Sreekanth Narendran
 
03.2 application control
03.2 application control03.2 application control
03.2 application controlMulyadi Yusuf
 
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...Sreekanth Narendran
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Hendri Eka Saputra
 
Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1Yasir Khan
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Dinesh O Bareja
 
Information Systems Control and Audit - Chapter 4 - Systems Development Manag...
Information Systems Control and Audit - Chapter 4 - Systems Development Manag...Information Systems Control and Audit - Chapter 4 - Systems Development Manag...
Information Systems Control and Audit - Chapter 4 - Systems Development Manag...Sreekanth Narendran
 
Auditing SOX ITGC Compliance
Auditing SOX ITGC ComplianceAuditing SOX ITGC Compliance
Auditing SOX ITGC Complianceseanpizzy
 
Information System audit
Information System auditInformation System audit
Information System auditPratapchandra
 
IT Control Objectives for SOX
IT Control Objectives for SOXIT Control Objectives for SOX
IT Control Objectives for SOXMahesh Patwardhan
 
IT Audit methodologies
IT Audit methodologiesIT Audit methodologies
IT Audit methodologiesgenetics
 
Information systems application control Framework.ppt
Information systems application control Framework.pptInformation systems application control Framework.ppt
Information systems application control Framework.pptr209777z
 
IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsEd Tobias
 
Security audit
Security auditSecurity audit
Security auditRosaria Dee
 
3c 2 Information Systems Audit
3c 2 Information Systems Audit3c 2 Information Systems Audit
3c 2 Information Systems AuditRajeswaran Muthu Venkatachalam
 
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)Muhammad Azmy
 
The information security audit
The information security auditThe information security audit
The information security auditDhani Ahmad
 
SOX- IT Perspective
SOX- IT PerspectiveSOX- IT Perspective
SOX- IT PerspectiveNeelabh Srivastava
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security AuditMufaddal Nullwala
 
03.1 general control
03.1 general control03.1 general control
03.1 general controlMulyadi Yusuf
 
It audit methodologies
It audit methodologiesIt audit methodologies
It audit methodologiesSalih Islam
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewNaresh Rao
 
Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6Sharah Ayumi
 
Chap2 2007 Cisa Review Course
Chap2 2007 Cisa Review CourseChap2 2007 Cisa Review Course
Chap2 2007 Cisa Review CourseDesmond Devendran
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001Imran Ahmed
 
Cobit
CobitCobit
Cobitifourkhushbooshah
 
Compliance audit
Compliance auditCompliance audit
Compliance auditEmma Yaks
 
Information systems audit and control
Information systems audit and controlInformation systems audit and control
Information systems audit and controlKashif Rana ACCA
 
Information 2nd lesson
Information 2nd lessonInformation 2nd lesson
Information 2nd lessonAnne ndolo
 
CISA_WK_4.pptx
CISA_WK_4.pptxCISA_WK_4.pptx
CISA_WK_4.pptxdotco
 

Contenu connexe

Tendances

Information System audit
Information System auditInformation System audit
Information System auditPratapchandra
 
IT Control Objectives for SOX
IT Control Objectives for SOXIT Control Objectives for SOX
IT Control Objectives for SOXMahesh Patwardhan
 
IT Audit methodologies
IT Audit methodologiesIT Audit methodologies
IT Audit methodologiesgenetics
 
Information systems application control Framework.ppt
Information systems application control Framework.pptInformation systems application control Framework.ppt
Information systems application control Framework.pptr209777z
 
IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsEd Tobias
 
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)Muhammad Azmy
 
The information security audit
The information security auditThe information security audit
The information security auditDhani Ahmad
 
03.1 general control
03.1 general control03.1 general control
03.1 general controlMulyadi Yusuf
 
It audit methodologies
It audit methodologiesIt audit methodologies
It audit methodologiesSalih Islam
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewNaresh Rao
 
Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6Sharah Ayumi
 
Chap2 2007 Cisa Review Course
Chap2 2007 Cisa Review CourseChap2 2007 Cisa Review Course
Chap2 2007 Cisa Review CourseDesmond Devendran
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001Imran Ahmed
 
Compliance audit
Compliance auditCompliance audit
Compliance auditEmma Yaks
 
Information systems audit and control
Information systems audit and controlInformation systems audit and control
Information systems audit and controlKashif Rana ACCA
 

Tendances (20)

Information System audit
Information System auditInformation System audit
Information System audit
 
IT Control Objectives for SOX
IT Control Objectives for SOXIT Control Objectives for SOX
IT Control Objectives for SOX
 
IT Audit methodologies
IT Audit methodologiesIT Audit methodologies
IT Audit methodologies
 
Information systems application control Framework.ppt
Information systems application control Framework.pptInformation systems application control Framework.ppt
Information systems application control Framework.ppt
 
IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT Auditors
 
Security audit
Security auditSecurity audit
Security audit
 
3c 2 Information Systems Audit
3c 2 Information Systems Audit3c 2 Information Systems Audit
3c 2 Information Systems Audit
 
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
 
The information security audit
The information security auditThe information security audit
The information security audit
 
SOX- IT Perspective
SOX- IT PerspectiveSOX- IT Perspective
SOX- IT Perspective
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security Audit
 
03.1 general control
03.1 general control03.1 general control
03.1 general control
 
It audit methodologies
It audit methodologiesIt audit methodologies
It audit methodologies
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overview
 
Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6
 
Chap2 2007 Cisa Review Course
Chap2 2007 Cisa Review CourseChap2 2007 Cisa Review Course
Chap2 2007 Cisa Review Course
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001
 
Cobit
CobitCobit
Cobit
 
Compliance audit
Compliance auditCompliance audit
Compliance audit
 
Information systems audit and control
Information systems audit and controlInformation systems audit and control
Information systems audit and control
 

Similaire à Information Systems Audit - Ron Weber chapter 1

Information 2nd lesson
Information 2nd lessonInformation 2nd lesson
Information 2nd lessonAnne ndolo
 
CISA_WK_4.pptx
CISA_WK_4.pptxCISA_WK_4.pptx
CISA_WK_4.pptxdotco
 
Information system audit 2
Information system audit 2 Information system audit 2
Information system audit 2 Jayant Dalvi
 
Information systems audit n control introduction.ppt
Information systems audit n control introduction.pptInformation systems audit n control introduction.ppt
Information systems audit n control introduction.pptr209777z
 
Lecture 2 - Security Requirments.ppt
Lecture 2 - Security Requirments.pptLecture 2 - Security Requirments.ppt
Lecture 2 - Security Requirments.pptDrBasemMohamedElomda
 
Chapter-2-Control-Audit-Security-ioenotes.pptx
Chapter-2-Control-Audit-Security-ioenotes.pptxChapter-2-Control-Audit-Security-ioenotes.pptx
Chapter-2-Control-Audit-Security-ioenotes.pptxToxicHawk
 
LOW LEVEL DESIGN INSPECTION SECURE CODING
LOW LEVEL DESIGN INSPECTION SECURE CODINGLOW LEVEL DESIGN INSPECTION SECURE CODING
LOW LEVEL DESIGN INSPECTION SECURE CODINGSri Latha
 
CISA_WK_1.pptx
CISA_WK_1.pptxCISA_WK_1.pptx
CISA_WK_1.pptxdotco
 
crisc_wk_5.pptx
crisc_wk_5.pptxcrisc_wk_5.pptx
crisc_wk_5.pptxdotco
 
Security Architecture
Security ArchitectureSecurity Architecture
Security ArchitecturePriyank Hada
 
Chapter 4 : Auditing and the information technology environment
Chapter 4 : Auditing and the information technology environmentChapter 4 : Auditing and the information technology environment
Chapter 4 : Auditing and the information technology environmentKugendranMani
 
Overview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptxOverview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptxJoshJaro
 
CONTROL AND AUDIT
CONTROL AND AUDITCONTROL AND AUDIT
CONTROL AND AUDITRos Dina
 
Internal Controls Over Information Systems
Internal Controls Over Information Systems Internal Controls Over Information Systems
Internal Controls Over Information Systems Jeffrey Paulette
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROLshinydey
 
MS Lecture 9 information technology
MS Lecture 9 information technologyMS Lecture 9 information technology
MS Lecture 9 information technologyEst
 
Information system audit
Information system audit Information system audit
Information system audit Jayant Dalvi
 

Similaire à Information Systems Audit - Ron Weber chapter 1 (20)

Information 2nd lesson
Information 2nd lessonInformation 2nd lesson
Information 2nd lesson
 
CISA_WK_4.pptx
CISA_WK_4.pptxCISA_WK_4.pptx
CISA_WK_4.pptx
 
Information system audit 2
Information system audit 2 Information system audit 2
Information system audit 2
 
Chapter 7
Chapter 7Chapter 7
Chapter 7
 
audit_it_250759.pdf
audit_it_250759.pdfaudit_it_250759.pdf
audit_it_250759.pdf
 
Information systems audit n control introduction.ppt
Information systems audit n control introduction.pptInformation systems audit n control introduction.ppt
Information systems audit n control introduction.ppt
 
Lecture 2 - Security Requirments.ppt
Lecture 2 - Security Requirments.pptLecture 2 - Security Requirments.ppt
Lecture 2 - Security Requirments.ppt
 
A075434624
A075434624A075434624
A075434624
 
Chapter-2-Control-Audit-Security-ioenotes.pptx
Chapter-2-Control-Audit-Security-ioenotes.pptxChapter-2-Control-Audit-Security-ioenotes.pptx
Chapter-2-Control-Audit-Security-ioenotes.pptx
 
LOW LEVEL DESIGN INSPECTION SECURE CODING
LOW LEVEL DESIGN INSPECTION SECURE CODINGLOW LEVEL DESIGN INSPECTION SECURE CODING
LOW LEVEL DESIGN INSPECTION SECURE CODING
 
CISA_WK_1.pptx
CISA_WK_1.pptxCISA_WK_1.pptx
CISA_WK_1.pptx
 
crisc_wk_5.pptx
crisc_wk_5.pptxcrisc_wk_5.pptx
crisc_wk_5.pptx
 
Security Architecture
Security ArchitectureSecurity Architecture
Security Architecture
 
Chapter 4 : Auditing and the information technology environment
Chapter 4 : Auditing and the information technology environmentChapter 4 : Auditing and the information technology environment
Chapter 4 : Auditing and the information technology environment
 
Overview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptxOverview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptx
 
CONTROL AND AUDIT
CONTROL AND AUDITCONTROL AND AUDIT
CONTROL AND AUDIT
 
Internal Controls Over Information Systems
Internal Controls Over Information Systems Internal Controls Over Information Systems
Internal Controls Over Information Systems
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROL
 
MS Lecture 9 information technology
MS Lecture 9 information technologyMS Lecture 9 information technology
MS Lecture 9 information technology
 
Information system audit
Information system audit Information system audit
Information system audit
 

Plus de Sreekanth Narendran

Transactional vs transformational leadership
Transactional vs transformational leadershipTransactional vs transformational leadership
Transactional vs transformational leadershipSreekanth Narendran
 
ECGC, Exim Bank, RBI, FEDAI, FEMA and SWIFT.
ECGC, Exim Bank, RBI, FEDAI, FEMA and SWIFT.ECGC, Exim Bank, RBI, FEDAI, FEMA and SWIFT.
ECGC, Exim Bank, RBI, FEDAI, FEMA and SWIFT.Sreekanth Narendran
 

Plus de Sreekanth Narendran (17)

Quantum cryptography
Quantum cryptographyQuantum cryptography
Quantum cryptography
 
Nmap
NmapNmap
Nmap
 
Transactional vs transformational leadership
Transactional vs transformational leadershipTransactional vs transformational leadership
Transactional vs transformational leadership
 
ECGC, Exim Bank, RBI, FEDAI, FEMA and SWIFT.
ECGC, Exim Bank, RBI, FEDAI, FEMA and SWIFT.ECGC, Exim Bank, RBI, FEDAI, FEMA and SWIFT.
ECGC, Exim Bank, RBI, FEDAI, FEMA and SWIFT.
 
Web services for banks
Web services for banksWeb services for banks
Web services for banks
 
Virus vs worms vs trojans
Virus vs worms vs trojansVirus vs worms vs trojans
Virus vs worms vs trojans
 
Business process reengineering
Business process reengineeringBusiness process reengineering
Business process reengineering
 
Hash cat
Hash catHash cat
Hash cat
 
Phishing
PhishingPhishing
Phishing
 
International banking
International bankingInternational banking
International banking
 
Master Data Management
Master Data ManagementMaster Data Management
Master Data Management
 
Maltego Information Gathering
Maltego Information Gathering Maltego Information Gathering
Maltego Information Gathering
 
Leadership traits
Leadership traitsLeadership traits
Leadership traits
 
Network Miner Network forensics
Network Miner Network forensicsNetwork Miner Network forensics
Network Miner Network forensics
 
Autopsy Digital forensics tool
Autopsy Digital forensics toolAutopsy Digital forensics tool
Autopsy Digital forensics tool
 
Organizational development
Organizational developmentOrganizational development
Organizational development
 
Indigo Case study
Indigo Case study Indigo Case study
Indigo Case study
 

Dernier

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 

Dernier (20)

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 

Information Systems Audit - Ron Weber chapter 1

  • 2. Contents • Introduction • Need for control and audit of computers • Information systems auditing defined • Effects of computer on internal controls • Effect/advantages of computer in audit techniques
  • 3. Introduction Auditing is the process of assessment of financial, operational, strategic goals and processes in organizations to determine whether they are in compliance with the stated principles ,regulatory norms, rules and regulations.
  • 4. • Aim of information audit is to safe guard the assets, to maintain data integrity, to achieve system effectiveness and to achieve system efficiency. • The audit can be conducted internally by employees of the organization, or externally by an outside firm.
  • 5. Need for control and Audit of computers computers assist in the processing of data and decision making. Factors: 1)Organizational cost of data loss 2)Incorrect decision making 3)Cost of computer abuse 4)Value of hardware, software 5)High costs of computer error 6)Maintainance of privacy 7)Controlled evolution of computer use
  • 6. Organizational cost of data loss • Data provides the organization with an image of itself its environment, its history and its future. • If the Data is inaccurate or lost the organization can incur substantial losses. • There should be proper backup of computer files.
  • 7. Incorrect decision making • Decision making depends on the quality of data and quantity of decision rules that exists in the computer based information system. • Inaccurate data causes costly, unnecessary investigations and out of control process can also remain undetected. Example: If the algorithm that the bank uses to give interest rates if incorrect the bank will undergo substantial loss.
  • 8. • Not just management but parties who have interest in an organization also have an impact of incorrect data. Example: Shareholders might make poor investment decisions if they are provided with inaccurate financial information.
  • 9. Costs of computer abuse Hacking: A person gaining unauthorized access of system to modify or delete program or to disrupt services. Viruses: It is a program that attaches itself to executable files or data files and replicate themselves and causes disruption.
  • 10. Illegal physical access: A person gaining unauthorized physical access in the system.(can cause physical damage or make copies of data) Abuse of privileges: A person uses privileges for unauthorized purposes.(making copies of sensitive data they are permitted to access)
  • 11. Consequences of Abuse: 1)Destruction of assets 2)Theft of assets 3)Modification of assets 4)Privacy violation 5)Unauthorized use of assets
  • 12. Value of computer hardware and software • In addition to data Hardware and software are critical organizational resources. • Some intentional or unintentional loss of hardware can cause disruption in functioning of organization • If the software is corrupted the confidential information could be stolen could be disclosed to competitors.
  • 13. High cost of computer error • Computers automatically perform many critical functions. Example: Computers allow banks to provide ATM services, online banking and accurate tracking and verification of funds.
  • 14. Maintenance of privacy • All the important data of an individual like financial information, personal data everything is stored on computers • If there is some breach in the system all the private data will be gone in seconds thus making it important to protect and maintain the privacy.
  • 15. Impact of ISA 1)Improved safeguard of assets 2)Improved data integrity 3)Improved system effectiveness 4)Improved system efficiency
  • 16. Asset safeguarding objective • The information system assets of an organization includes hardware, software, people(knowledge),data files and system documentation. • These assets play a major role in organizational growth thus making it necessary to safeguard these assets.
  • 17. Data integrity objective • Data integrity is an fundamental concept of information system auditing. • It is a state implying data has certain attributes like: completeness, soundness, purity and veracity. • If the integrity of an organization’s data is low it could suffer a great loss.
  • 18. Three major factors affect the value of data : 1)The value of information content of the data item for individual decision makers. 2)The extent to which data item is shared among decision makers. 3)The value of data item to competitors.
  • 19. System effectiveness objective • The effectiveness is the measure for deciding whether the system provides the desired output or not. Being effective means producing the right output in terms of quantity and quality. • Effectiveness auditing is done usually after the system has been running for sometime. • It can be carried out during the design stages of system.
  • 20. System efficiency objectives • The efficiency indicates the manner in which the inputs are used by the system. Being efficient means the system uses inputs in a `right' way. • An efficient information system uses minimum resources to achieve its required objectives.
  • 21. Effects of computers on internal control • The goals can be achieved only if an organization’s management sets up a system of internal control. • There is a huge impact of computers on the internal control components.
  • 22. Components of internal control • Separation of duties • Delegation of authority • Competent and trustworthy personal • System of authorizations • Adequate documents and records • Physical control over assets and records • Adequate management supervision • Independent checks on performance
  • 23. Separation of duties • In manual system separate individuals must be responsible for initiating transactions, recording transactions and maintaining the assets. • It prevents and detects errors and irregularity • Separation of duties must exist in different forms • The capability to run the program and change the program should be separated(privileges).
  • 24. Delegation of authority and responsibility In a computer system delegating authority and responsibility is difficult because some resources are shared among various users. Example: In a database various users can access the same data. But by this the integrity is somehow violated. It is not possible to trace who is responsible for corrupting the data and who is responsible for identifying and correcting the errors.
  • 25. Competent and trustworthy personnel • Substantial power is given to persons responsible for computer based information system developed, implemented, operated and maintained within organization. • Sometimes the personnel not only lacks skills but also well developed sense of ethics.
  • 26. • In computer system it is difficult to assess whether the authority assigned to individual is consistent with the management’s goals. Example: Users can formulate queries on database that could fetch them contents of confidential data.
  • 27. System of authorizations Management issues two types of authorizations: 1) general authorizations 2)specific authorizations
  • 28. Adequate documents and records The systems should be designed in a way to maintain a record of all events and should be easily accessible in order to have effective auditing process.
  • 29. Physical control over assets and records Computer system differs from manual systems in a way they concentrate all the information systems assets and records of an organization. Example: In manual system if a person wants to commit fraud he’ll have to go to different physical locations whereas in computer based all the data will be available in single site. Thus making it easy to execute the fraud.
  • 30. Adequate management supervision • In computer based system supervision needs to be carried out remotely. • Managers must examine and do periodic auditing to check for unauthorized actions.
  • 31. Independent checks on performance • The control emphasis should be on ensuring the veracity of program code. • Auditors must must evaluate controls established for program development, modification operation and maintenance.
  • 32. Effects of computers on auditing 1)Changes to evidence collection 2)Changes to evidence evaluation
  • 33. Foundation of information systems auditing 1)Traditional auditing 2)Information system management 3)Behavioral science 4)Computer science
  • 34. Advantages of using computers in audit techniques • Increase the accuracy of audit tests • Perform audit tests more efficiently • Enable the audit team to test a large volume of data accurately and quickly • Reduce the level of human error in testing • Provide a better quality of audit evidence