Systems Development Audit. Principles  To check that they system is producing the expected results  Ensure that the appropriate controls are operating.

Slides:

Advertisements

Similar presentations

Information Management and Technology

Advertisements

Presented to the Tallahassee ISACA Chapter

NERC Security Requirements – What Vendors Should Provide James W. Sample, CISSP, CISM Manager of Information Security California ISO.

Information Technology Control Day IV Afternoon Sessions.

Information Systems Audit Program (cont.). PHYSICAL SECURITY CONTROLS.

Auditing Computer-Based Information Systems

Professional Behaviour

Group 3 John Gregory John Marsh Gerri Houston Samantha McNeily.

Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.

Auditing Computer Systems

9 - 1 Computer-Based Information Systems Control.

The Islamic University of Gaza

Corrective & Preventive Action Programme l Corrective and preventive action managed by one programme l Closely linked to the internal audit programme l.

Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.

Reliability Week 11 - Lecture 2. What do we mean by reliability? Correctness – system/application does what it has to do correctly. Availability – Be.

Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.

Managing the Information Technology Resource Jerry N. Luftman

Computer Security: Principles and Practice

Concepts of Database Management Seventh Edition

Factors to be taken into account when designing ICT Security Policies

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Chapter 1 Introduction to Databases

Session 3 – Information Security Policies

Initial Findings  Secure all contracts with third party vendors immediately  Develop a strong understanding of the ‘Flow of PHI’ within and outside of.

Audit Programme. Audit Assertions  As part of the planning stage, auditors need to prepare audit tests to test the account areas.  To assist the auditors.

Information Technology Service Management

ICT School Policies 6 th November Suggested Policies for Schools Not always a requirement, but useful to cover you, your school and the students.

Today’s Lecture application controls audit methodology.

Use of Country Systems in Europe and Central Asia Use of Treasury System for implementation of Bank-financed projects.

Chapter 10: Computer Controls for Organizations and Accounting Information Systems

TO ENSURE  THE EFFICIENT & EFFECTIVE DEVELOPMENT / MAINTENANCE OF IT SYSTEMS  PROPER IMPLEMENTATION OF IT SYSTEMS  PROTECTION OF DATA AND PROGRAMS.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Computer Based Information Systems Control UAA – ACCT 316 – Fall 2003 Accounting Information Systems Dr. Fred Barbee.

Concepts of Database Management Sixth Edition

Portfolio Committee on the Department of Police Auditor’s General perspective 2 March 2010.

© Grant Thornton | | | | | Guidance on Monitoring Internal Control Systems COSO Monitoring Project Update FEI - CFIT Meeting September 25, 2008.

Supervision and Oversight in Procurement as a Tool of Efficient Project Implementation.

The University of California UC Financial Management Jim Corkill Controller, Accounting Services & Controls University of California, Santa Barbara November,

Information Systems Security Operational Control for Information Security.

Nick Simms Director, Cornwood Risk Management

MODULE 12 Control Audit And Security Of Information System 12.1 Controls in Information systems 12.2 Need and methods of auditing Information systems 12.3.

I.Information Building & Retrieval Learning Objectives: the process of Information building the responsibilities and interaction of each data managing.

DEPARTMENT OF DEFENCE Briefing on Audit Outcomes Year ended 31 March 2010 AGSA AUDIT TEAM.

Using the Supplier Portal Updated September 12, 2011 Using the Supplier Portal.

Risk Management & Corporate Governance 1. What is Risk?  Risk arises from uncertainty; but all uncertainties do not carry risk.  Possibility of an unfavorable.

College Reviews An Overview Presented by Howard Lutwak, CIA Director of Internal Audit January 2004.

Today’s Lecture Covers

Database Administration

+ Security Concerns Chapter Security types Physical security Access security Database security.

Project management Topic 3 Quality.

The Importance of Proper Controls. 5 Network Controls Developing a secure network means developing mechanisms that reduce or eliminate the threats.

Chapter 8 Auditing in an E-commerce Environment

This Lecture Covers Roles of –Management –IT Personnel –Users –Internal Auditors –External Auditors.

Network Security Philadelphia UniversitylAhmad Al-Ghoul Module 7 Module 7 Data Base Security  MModified by :Ahmad Al Ghoul  PPhiladelphia.

Chapter 8-1 Chapter 8 Accounting Information Systems Information Technology Auditing Dr. Hisham madi.

1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.

Learners Support Publications www. lsp4you.com Database Users and Administrator.

COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.

Welcome to the ICT Department Unit 3_5 Security Policies.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.

AUDIT EVIDENCE AND FINANCIAL STATEMENT ASSERTIONS 1.

Review of IT General Controls

Information Technology (IT) Audits

Internal Control.

Managing the IT Function

County HIPAA Review All Rights Reserved 2002.

Keeping Member Data Safe

PLANNING A SECURE BASELINE INSTALLATION

Presentation transcript:

Systems Development Audit

Principles  To check that they system is producing the expected results  Ensure that the appropriate controls are operating correctly

Audit of computer system development  Internal control and audit requirements fall into 2 categories: 1.Ensuring that the development takes place within an approved structure and under management control 2.Ensuring that the systems once developed are suitable and controllable.

Features of systems development audits  Ensure that the project is led by a senior operational manager with adequate understanding of IT  Ensure a project team representing all concerned at senior level.  Insist that suppliers and contractors are reputable, financially sound and that the contract is sound  Ensure that the progress of the project is monitored and reviewed by management  Ensure that the project is justified on financial grounds and that all concerned understand the objectives of the project.

Objectives of a systems development audit  To ensure that predetermined standards for development are satisfactory and have been observed.  Reviewing the controls that are being built into the new system to ensure that the new system is: –Reliable and secure –Easily auditable

Principles of auditing a new computer system  First priority is understanding the system and its workings, and being able to confirm that the system in use is the system documented.  The next is to ascertain how the system can be tested. A simple approach is the use of test packs.  Other approached include reviewing how system management and database management staff make their own checks on the system operation  Security needs to be reviewed. Networks require the security of effective password control, including regular changing of passwords and control of password security for system access and a DBMS limiting access to certain parts of the data.  Data may have to be encrypted.

Principles of auditing a new computer system  Access of terminals to other computer systems needs to be controlled  Some check must be made on the accuracy of information generated by the system.  Message acknowledgement/confirmation systems.  Back up of some form is the first step towards system security and preventing disaster. Back up may be in the form of an overnight back up and a log of the days transactions  Recovery procedures will need to cover central processor, terminal and line failure.