Unauthorized modification or use of programs and data

Info icon This preview shows pages 18–21. Sign up to view the full content.

● Unauthorized modification or use of programs and data files ● Interruption of crucial business activities Control Procedures ● Information security/protection plan ● Limiting of physical access to computer equipment ● Limiting of logical access to system using authentication and authorization controls ● Data storage and transmission controls ● Virus protection procedures ● File backup and recovery procedures ● Fault-tolerant systems design ● Disaster recovery plan ● Preventive maintenance ● Firewalls ● Casualty and business interruption insurance
Image of page 18

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

Audit Procedures: System Review ● Inspect computer sites ● Review the information security/protection and disaster recovery plans ● Interview information system personnel about security procedures ● Review physical and logical access policies and procedures ● Review file backup and recovery policies and procedures ● Review data storage and transmission policies and procedures ● Review procedures employed to minimize system downtime ● Review vendor maintenance contracts ● Examine system access logs ● Examine casualty and business interruption insurance policies Audit Procedures: Tests of Controls ● Observe and test computer-site access procedures ● Observe the preparation of and off-site storage of backup files ● Test assignment and modification procedures for user IDs and passwords ● Investigate how unauthorized access attempts are dealt with ● Verify the extent and effectiveness of data encryption ● Verify the effective use of data transmission controls ● Verify the effective use of firewalls and virus protection procedures ● Verify the use of preventive maintenance and an uninterruptible power supply ● Verify amounts and limitations on insurance coverage ● Examine the results of disaster recovery plan test simulations Compensating Controls ● Sound personnel policies, including segregation of incompatible duties ● Effective user controls
Image of page 19
Objective 2: Program Development and Acquisition Types of Errors and Fraud ● Inadvertent programming errors or unauthorized program code Control Procedures ● Review of software license agreements ● Management authorization for program development and software acquisition ● Management and user approval of programming specifications ● Thorough testing of new programs, including user acceptance tests ● Complete systems documentation, including approvals Audit Procedures: System Review ● Independent review of the systems development process ● Review of systems development/acquisition policies and procedures ● Review of systems authorization and approval policies and procedures
Image of page 20

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

Image of page 21
This is the end of the preview. Sign up to access the rest of the document.
  • Summer '14
  • audit results

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern