Strengthening Technology Controls to Prevent Fraud

Slides:



Advertisements
Similar presentations
Dr Lami Kaya ISO Information Security Management System (ISMS) Certification Overview Dr Lami Kaya
Advertisements

Chapter 6 Computer Assisted Audit Tools and Techniques
Presented to the Tallahassee ISACA Chapter
Security Vulnerabilities and Conflicts of Interest in the Provider-Clearinghouse*-Payer Model Andy Podgurski and Bret Kiraly EECS Department & Sharona.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.
Auditing Computer Systems
9 - 1 Computer-Based Information Systems Control.
Chapter 10: Auditing the Expenditure Cycle
Security Controls – What Works
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.
Chapter 14 System Controls. A Quote “The factory of the future will have only two employees, a man and a dog. The man will be there to feed the dog. The.
Objectives of Internal Controls Protect the firm’s assets Ensure reliability of accounting records Promote operating efficiency Ensure adherence with management’s.
Principles of Information Systems, Seventh Edition2 An organization’s TPS must support the routine, day-to- day activities that occur in the normal course.
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.
Controls for Information Security
Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.
Introduction to Management Information Systems I Overview of Business Processes.
Chapter 10 Information Systems Controls for System Reliability—Part 3: Processing Integrity and Availability Copyright © 2012 Pearson Education, Inc.
End User Computer Controls Marc Engel, CPA, CISA, CFE Risk Management Advisory Services LLC
Spreadsheet Management. Sarbanes-Oxley Act (SOX, 2002) Requires “an effective system of internal control” for financial reporting in publicly- held companies.
Chapter 13 Prepared by Richard J. Campbell Copyright 2011, Wiley and Sons Auditing Human Resources Processes: Personnel and Payroll in Service Industries.
1 LOGICAL ACCESS FOR University Medical Group Saint Louis University Click the Speaker Icon for Audio.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
SEC835 Database and Web application security Information Security Architecture.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
TO ENSURE  THE EFFICIENT & EFFECTIVE DEVELOPMENT / MAINTENANCE OF IT SYSTEMS  PROPER IMPLEMENTATION OF IT SYSTEMS  PROTECTION OF DATA AND PROGRAMS.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Computer Based Information Systems Control UAA – ACCT 316 – Fall 2003 Accounting Information Systems Dr. Fred Barbee.
The Islamic University of Gaza
Transaction Processing and the Internal Control Process Small Business Information Systems Professor Barry Floyd.
HIPAA PRIVACY AND SECURITY AWARENESS.
Presented to President’s Cabinet. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an.
Chapter 5 Internal Control over Financial Reporting
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Chapter 7 Internal Control and Cash
InstantGMP: Electronic Batch Records System for GMP Manufacturing InstantGMP™ Inventory Control Module for GMP Manufacturing.
Information Systems Security Operational Control for Information Security.
Understanding the IT environment of the entity. Session objectives Defining contours of financial accounting in an IT environment and its characteristics.
I.Information Building & Retrieval Learning Objectives: the process of Information building the responsibilities and interaction of each data managing.
S4: Understanding the IT environment of the entity.
Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.
Custom Corporate Consulting and Training Fraud: Detecting and Preventing Presented October 30, 2010 To University of Texas at Arlington Executive MBA Students.
Chapter 10 THE ACQUISITION CYCLE— PURCHASE INVOICES AND PAYMENTS.
Chapter 8 Transaction Processing, Electronic Commerce, and Enterprise Resource Planning Systems.
The “F” Word: Fraud Presented by: Donna Mayes, CPA.
Auditing the Revenue Cycle. Learning Objectives After studying this chapter, you should: Understand the operational tasks associated with the revenue.
AUDIT IN COMPUTERIZED ENVIRONMENT
IT Risks and Controls Revised on Content Internal Control  What is internal control?  Objectives of internal controls  Types of internal controls.
OBJECTIVES  To understand the concept of Electronic Payment System and its security services.  To bring out solution in the form of applications to.
Deck 10 Accounting Information Systems Romney and Steinbart Linda Batch March 2012.
CPT 123 Internet Skills Class Notes Internet Security Session B.
Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.
IT Audit for non-IT auditors Cornell Dover Assistant Auditor General 31 March 2013.
Principles of Information Systems Eighth Edition
Controlling Computer-Based Information Systems, Part II
Chapter 7 Part 1 Internal Control
Managing the IT Function
Enterprise Single Sign-On
Final HIPAA Security Rule
Chapter 10: Auditing the Expenditure Cycle
County HIPAA Review All Rights Reserved 2002.
INFORMATION SYSTEMS SECURITY and CONTROL
Neopay Practical Guides #2 PSD2 (Should I be worried?)
Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.
Presentation transcript:

Strengthening Technology Controls to Prevent Fraud Brad Belcher Systems Analyst & Hardware Technician Jeff Brandenburg, CPA, CFE Clifton Gunderson LLP

General Controls (ITGC) Ensure reliability of data generated by IT systems and support assertion that systems operate as intended and that output is reliable. Control environment – controls designed to shape the corporate culture or “tone at the top” Change management procedures – controls designed to ensure changes meet business requirements and are authorized Source code/document version control procedures – controls designed to protect the integrity of program code a1

General Controls (ITGC) Software development life cycle standards – controls designed to ensure IT projects are effectively managed Security policies, standards and processes – controls designed to secure access based on business need Incident management policies and procedures – controls designed to address operational processing errors Technical support policies and procedures – policies to help users perform more efficiently and report a1

Application Controls (ITAC) Performed automatically by the system and designed to ensure the complete and accurate processing of data. May also ensure privacy and security of data transmitted between applications. a1

Application Controls (ITAC) Completeness checks – controls that ensure all records were processed from initiation to completion Validity checks – controls that ensure only valid data is input or processed Identification – controls that ensure all users are uniquely and irrefutably identified Authentication – controls that provide an authentication mechanism in the application system a1

Application Controls (ITAC) Authorization – controls that ensure only approved business users have access to the application system Problem management – controls that ensure all application problems are recorded and managed in a timely manner Change management – controls that ensure all changes on production environment are implemented with preserved data integrity. Input controls – controls that ensure data integrity fed from upstream sources into the application system a1

Specific Applications Accounts Receivable Limit those who can credit accounts New account set-ups Payment application Exception reports a1

Specific Applications Inventory Limit those who can process adjustments Exception reports Set controls to identify problems when entered a1

Specific Applications Accounts Payable Limit access Restrict new vendor set-up Create exception reports Check gaps Vendor payment limits Vendor check activity a1

Specific Applications Payroll Limit access Employee hires Employee terminations – get them out! Pay ranges Activity reports a1

Specific Applications General Limit journal entry authorization and track who makes them Limit system access and create “roadmap” of who can do what Monitor who is accessing what Internet/computer/cell phone policies Monitor and enforce Consider risks associated with “Keys to the Kingdom” a1

Contact Brad Belcher AgVantage Software Rochester, Minnesota 877.282.6353 Jeff Brandenburg, CPA, CFE Clifton Gunderson LLP Middleton, Wisconsin 608.662.8667 Jeff.Brandenburg@cliftoncpa.com a1

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.