Term
approach to discussing IT controls |
|
Definition
4 step appraoch: 1- heading of the control/environemnt 2- case fact about the weakness 3- tell the marker what implication the weakness may indicate or the increased risk from the implication 4- recommendation to fix the weakness |
|
|
Term
4 key control areas for IT controls: |
|
Definition
1- general control envrionemnt 2- input controls 3- processing controls (machine made:data in computer and has to be moved somewhere) 4- output controls (where reports fo and if they are used appropriatley) |
|
|
Term
General Control Environment |
|
Definition
training, PRIVACY, supervision, type of hardware, virus/firewall protection, IT polocies, passwords -possible headers (program changes, access controls, physical security, data security) |
|
|
Term
|
Definition
digit checks (credit card#, sin #), validations checks or input data, positive / negative sign checks, limit checks, sequentail numbersing checks (specific headers that may be applicable- Customer ordering, order entry) |
|
|
Term
Processing controls (machine made: data in computer has to be moved somewhere) |
|
Definition
-data limit tests (internally calculates and ensures data is appropriate) footing detailed listing to listing reports, ensurings inventory has not negative amounts once all info is inputted. possible headers (system uploads) |
|
|
Term
Output controls (where reports go and if they are used appropriiatley) |
|
Definition
- reports are valid and used, reconciliation of reports, appropriate and responsible people receive the reports, visual incpection of reports -possible headers (financial presentation) |
|
|