IT KNOWLEDGECA Professional Stage - Knowledge Level, ICABTutor: Mohammad Abdul Matin

Chapter 5Internal Control in Computer Based Business System

Chapter Outline Control, IT Internal Control, IT Internal Audit Responsibility of Control Control Objectives and Techniques Control over Acquisition, Implementation

and Changes Risk Assessment Business Continuity Plan Overview of ERP

Internal ControlWhat is Internal Control? The process of ensuring effective

administration of unit through developing processes, policies and standards and monitoring the compliances of the same. Internal control strives to achieve:– Effectiveness and efficiency of operations– Reliability and compliance with applicable laws

and regulations

Purpose of Internal Control Promote orderly, economical, efficient and

effective operations, and produce quality products and services consistent with the organization’s mission.

Safeguard resources against loss due to waste, abuse, mismanagement, errors, and frauds.

Promote adherence to laws, regulations, contracts and management directives.

Develop and maintain reliable financial and management data, and accurately present that data in timely reports.

Key Components of Internal Control1. Control Environment – integrity, ethical

values, competence of the company, management philosophy and operating style.

2. Risk Assessment – Identifying and analyzing the risks

3. Control Activities – approvals, authorizations, verifications, reconciliations, reviews of – Performance of operations– Security of assets– Segregation of duties (roles)

Key Components of Internal Control4. Information and Communication –

identification, capture and exchange of information. Information flow controls, e.g. top-down, bottom-up, workflow, etc.

5. Monitoring – ongoing (regular), separate evaluations, or combinations.

Elements of a Good System Separation of Duties– To establish accountability and optimize performance as

an organization Authorization– To prevent invalid transactions and establish

responsibility Documentation– To help achieving accuracy, completeness of

transactions, control of assets and review of performance records

Reconciliation– To compare and ensure accuracy, completeness and

compliance of records, transactions and activities.

Main Types of IT Audit Operational Computer/Network Audits

Operating system, network, firewall, crypto, etc. IT Installation Audits

Security, usage, risks, etc. related to establishments hosting IT facilities.

Developing Systems AuditsDevelopment procedural controls. Sometimes, project time plan or resource plan reviews.

IT Management AuditsOrganization structure, budgeting, strategy, work plans, etc.

Main Types of IT Audit IT Process Audits

Processes within IT functions like backup-restoration, issue resolution, testing, etc.

Change Management AuditsTechnical change processes, back off plans, PIRs, etc.

Information Security & Control AuditsConfidentiality, integrity and availability.

IT Legal Compliance AuditsCopyright, protection of personal data, etc.

Main Types of IT Audit Certification & Other Compliance Audits

ISO certifications, industry standard certifications for security and/or compliances.

Disaster Contingency, BCP and IT DR AuditsApproach to risk management in terms of quick and effective recovery / restoration of business critical services.

IT Strategy AuditsReview and validation of IT strategies, objectives and their alignment to the business vision.

Special InvestigationsInvestigations against frauds, misappropriations, security breaches. Also, due diligence of IT asset evaluation in case of M&As.

Exam Questions What is control? What are the purposes of

internal control? Explain the five key components required for effective internal control.

What is Audit Trail? Explain its objectives. Describe Post Implementation Review (PIR). Why is information system security

important? Explain “vulnerability management” and

“threat management” in management of IT security

What is disaster recovery plan? Describe major areas of a disaster recovery planning document.

Thank You

Next class will continue with Chapter 5