ICAB - ITK Chapter 5 Set 1 - Internal Control in IT Systems
Download as PPTX, PDF3 likes698 views
This document discusses internal controls for computer-based business systems. It defines internal control as processes, policies, and standards that ensure effective administration of an organization. The key purposes of internal control are to promote effective and efficient operations, safeguard resources, ensure adherence to laws and regulations, and produce reliable financial reporting. The five key components of internal control are the control environment, risk assessment, control activities, information and communication, and monitoring. The document also outlines various types of IT audits conducted to evaluate internal controls, such as operational audits, development audits, and disaster recovery audits.
ICAB - ITK Chapter 5 Set 1 - Internal Control in IT Systems
- 1. IT KNOWLEDGE CA Professional Stage - Knowledge Level, ICAB Tutor: Mohammad Abdul Matin Chapter 5 Internal Control in Computer Based Business System
- 2. Chapter Outline ๏ง Control, IT Internal Control, IT Internal Audit ๏ง Responsibility of Control ๏ง Control Objectives and Techniques ๏ง Control over Acquisition, Implementation and Changes ๏ง Risk Assessment ๏ง Business Continuity Plan ๏ง Overview of ERP
- 3. Internal Control What is Internal Control? ๏ง The process of ensuring effective administration of unit through developing processes, policies and standards and monitoring the compliances of the same. Internal control strives to achieve: โ Effectiveness and efficiency of operations โ Reliability and compliance with applicable laws and regulations
- 4. Purpose of Internal Control ๏ง Promote orderly, economical, efficient and effective operations, and produce quality products and services consistent with the organizationโs mission. ๏ง Safeguard resources against loss due to waste, abuse, mismanagement, errors, and frauds. ๏ง Promote adherence to laws, regulations, contracts and management directives. ๏ง Develop and maintain reliable financial and management data, and accurately present that data in timely reports.
- 5. Key Components of Internal Control 1. Control Environment โ integrity, ethical values, competence of the company, management philosophy and operating style. 2. Risk Assessment โ Identifying and analyzing the risks 3. Control Activities โ approvals, authorizations, verifications, reconciliations, reviews of โ Performance of operations โ Security of assets โ Segregation of duties (roles)
- 6. Key Components of Internal Control 4. Information and Communication โ identification, capture and exchange of information. Information flow controls, e.g. top-down, bottom-up, workflow, etc. 5. Monitoring โ ongoing (regular), separate evaluations, or combinations.
- 7. Elements of a Good System ๏ง Separation of Duties โ To establish accountability and optimize performance as an organization ๏ง Authorization โ To prevent invalid transactions and establish responsibility ๏ง Documentation โ To help achieving accuracy, completeness of transactions, control of assets and review of performance records ๏ง Reconciliation โ To compare and ensure accuracy, completeness and compliance of records, transactions and activities.
- 8. Main Types of IT Audit ๏ง Operational Computer/Network Audits Operating system, network, firewall, crypto, etc. ๏ง IT Installation Audits Security, usage, risks, etc. related to establishments hosting IT facilities. ๏ง Developing Systems Audits Development procedural controls. Sometimes, project time plan or resource plan reviews. ๏ง IT Management Audits Organization structure, budgeting, strategy, work plans, etc.
- 9. Main Types of IT Audit ๏ง IT Process Audits Processes within IT functions like backup-restoration, issue resolution, testing, etc. ๏ง Change Management Audits Technical change processes, back off plans, PIRs, etc. ๏ง Information Security & Control Audits Confidentiality, integrity and availability. ๏ง IT Legal Compliance Audits Copyright, protection of personal data, etc.
- 10. Main Types of IT Audit ๏ง Certification & Other Compliance Audits ISO certifications, industry standard certifications for security and/or compliances. ๏ง Disaster Contingency, BCP and IT DR Audits Approach to risk management in terms of quick and effective recovery / restoration of business critical services. ๏ง IT Strategy Audits Review and validation of IT strategies, objectives and their alignment to the business vision. ๏ง Special Investigations Investigations against frauds, misappropriations, security breaches. Also, due diligence of IT asset evaluation in case of M&As.
- 11. Exam Questions ๏ง What is control? What are the purposes of internal control? Explain the five key components required for effective internal control. ๏ง What is Audit Trail? Explain its objectives. ๏ง Describe Post Implementation Review (PIR). ๏ง Why is information system security important? ๏ง Explain โvulnerability managementโ and โthreat managementโ in management of IT security ๏ง What is disaster recovery plan? Describe major areas of a disaster recovery planning document.
- 12. Thank You Next class will continue with Chapter 5