ch15.ppt - Controlling Computer-Based Information Systems Part I Features of a CBIS environment and the control objectives in SAS 78 Threats to the

ch15.ppt - Controlling Computer-Based Information Systems...

This preview shows page 1 - 13 out of 45 pages.

Controlling Computer-Based Information Systems, Part I
Image of page 1
Features of a CBIS environment and the control objectives in SAS 78 Threats to the operating system and controls used to minimize exposures Techniques used to control access to the database Incompatible functions in a CBIS environment Controls necessary to regulate systems development and maintenance activities Controls of an organization’s computer facilities and the disaster recovery options
Image of page 2
Transaction authorization may be embedded into the programs Segregation of duties Duties that must be separated in a manual system may be combined in a computerized setting. The computer-based functions of programming, processing, and maintenance must be separated.
Image of page 3
Transaction authorization is separate from transaction processing. Asset custody is separate from record-keeping responsibilities. The sub-tasks needed to process the transactions are separated so that no individual or group is responsible for transaction authorization, transaction recording, and asset custody.
Image of page 4
Authorization Authorization Authorization Processing Custody Recording Task 1 Task 2 Task 3 Task 4 Custody Recording Control Objective 1 Control Objective 3 Control Objective 2 TRANSACTION
Image of page 5
Supervision - more supervision is typically necessary in a CBIS because: highly skilled employees generally have a higher turnover rate highly skilled employees are often in positions of authority physical observation of employees working with the system is often difficult or impractical
Image of page 6
Accounting records Source documents and ledgers may be stored magnetically with no “paper trail.” Expertise is required to understand the links. Access control Tight control is necessary over access to programs and files. Fraud is easier to commit since records are located in one data repository.
Image of page 7
Independent verification need to review the internal logic of programs and comparison of accounting records and physical assets management must assess: the performance of individuals the integrity of the transaction processing system the correctness of data contained in accounting records
Image of page 8
10 control components need to be addressed: operating system data management organizational structure systems development systems maintenance computer center security internet and Intranet EDI personal computer applications
Image of page 9
Operating System Data Management Systems Development Systems Maintenance Organizational Structure Internet & Intranet EDI Trading Partners Personal Computers Computer Center Security Applications Internet & Intranet General Control Framework for CBIS Exposures
Image of page 10
Operating System Data Management Systems Development Systems Maintenance Organizational Structure Internet & Intranet EDI Trading Partners Personal Computers Computer Center Security Applications Internet & Intranet General Control Framework for CBIS Exposures
Image of page 11
Image of page 12
Image of page 13

You've reached the end of your free preview.

Want to read all 45 pages?

  • Fall '16
  • james reyes
  • Center Security, General Control Framework

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture