Download presentation
Presentation is loading. Please wait.
Published byShon Watson Modified over 9 years ago
1
1 SOFTWARE & IT’S SECURITY ISSUES & PROFESSIONAL OPPORTUNITIES ____________________ CA. RAMESHA SHETTY FCA, MBA, DISA, CISA(USA)
2
AREAS 2 - Back up of Data - Anti Virus - Blue tooth Security - MS Outlook - Password Rules - Security Awareness & Training - Mobile Computing - PDF - Digital Signatures - CAAT’s - Benefits of Tally - Internet Security - Websites
3
BACKING UP DATA 3 Loss due to- Physical Failure Floppy disks, CD’s Power failure or spikes Virus Attacks Why you should back up of data Back up of data from Phone
4
4
5
Anti Virus 5 Viruses can spoil - Functionality of your machines Precautions – - Faulty configuration - update all time Helps to provide- Data Confidential and secure Surf uptodate information Real time virus updates Scan you PC’s and systems, etc.
6
Bluetooth Security 6 WIRELESS TECHNOLOGY Merits – Ease of Access Security & Control Free Access(capability) Speed – 1mb ps rate Risks- Bluejacking Bluesnarfing
7
PDF 7 Printer Drivers Choose to create a PDF document Printed Electronically Digital Signatures Reconvert back into Word, Excel or PPT
8
8
9
DIGITAL SIGNATURES 9 An electronic signature Cannot be repudiate Cannot be altered Integrity Legally Enforceable
10
CAATs 10 CAATs are computer programs and data that the auditor uses as part of the audit procedures to process data of audit significance, contained in an entity's information systems. Important tools for auditor in performing audits. Used in performing various auditing procedures CAATs allow the auditor to: Gain access to data without dependence on the client Test reliability of client software, and Perform audit tests more efficiently
11
Impracticability of Manual Tests 11 Some audit procedures may not be possible to perform manually because they rely on complex processing (for example, volumnious transactions/analysis) or involve amounts of data that would overwhelm any manual procedure. Many computer information systems perform tasks for which no hard copy evidence is available Lack of hard copy evidence may occur at different stages in the business cycle.
12
Impracticability of Manual Tests 12 Some transactions, such as discounts and interest calculations, may be generated directly by computer programs with no specific authorization of individual transactions. System may not produce a visible audit trail providing assurance as to completeness and accuracy of transactions processed. For example, a computer program might match delivery notes and suppliers’ invoices. Programmed controlled procedures, such as checking customer credit limits, may provide hard copy evidence only on an exception basis. System may not produce hard copy reports. Printed report may contain only summary totals while computer files retain the supporting details
13
Usage of CAATs 13 Tests of details of transactions/balances Example: Use of audit software for recalculating interest or the extraction of invoices over a certain value from computer records; Tests of general controls Example: Testing set-up or configuration of operating system or access procedures to program libraries or by using code comparison software to check that version of the program in use is version approved by management
14
Usage of CAATs 14 Analytical procedures Example: Identifying inconsistencies or significant fluctuations Sampling programs to extract data for audit testing Example: identifying specific invoices for vouching based on random sample/value Re-performing calculations performed by the entity’s accounting systems Example: Re-computation of Income tax, interest, balancing
15
Considerations in Use of CAATs 15 IT knowledge, expertise and experience of the audit team Availability of CAATs and suitable computer facilities and data Impracticability of manual tests Effectiveness and efficiency and Time constraints
16
Effectiveness and Efficiency 16 Effectiveness and efficiency of auditing procedures may be improved by using CAATs to obtain and evaluate audit evidence. CAATs are often an efficient means of testing a large number of transactions or controls over large populations by: Analyzing and selecting samples from a large volume of transactions Applying analytical procedures; and Performing substantive procedures.
17
MS Outlook 17 You should create a logical folder structure in which to store your messages One method for keeping messages organized and the Inbox uncluttered is to move a message out of the Inbox as soon as you have dealt with it Rather than manually filing messages, you can create rules that specify how Outlook should process and organize them Each rule includes three parts: the conditions that determine if a message is to be acted on, the actions that should be applied to qualifying messages, and any exceptions that remove a message from the qualifying group
18
MS Outlook 18 Back up
19
19
20
20
21
21
22
22
23
Password – Better Way One-way encrypted using a strong algorithm Never displayed (except ***) Never written down and retained near terminal or in desk Passwords should be changed every 30 days, by notifying user in advance A history of passwords should prevent user from using same password in 1 year Passwords should be >= 8 characters, including 3 of: alpha, numeric, upper/lower case, and special characters Passwords should not be identifiable with user, e.g., family member or pet name 23
24
Security Awareness & Training Training covers what is expected of employees Why policy & procedures How is policy enforced? New employee orientation Determine effectiveness by interviewing employees 24
25
Mobile Computing Engrave a serial number and company name/logo on laptop using engraver or tamper-resistant tags Back up critical/sensitive data Use cable locking system Encrypt sensitive files Allocate passwords to individual files Consider if password forgotten or person leaves company…? Establish a theft response team for when a laptop is stolen. Report loss of laptop to police Determine effect of lost or compromised data on company, clients, third parties 25
26
Internet Fraud – Bank A/c 26 PhishingVishing Thru e-mail:- -Unsuspecting customers are sent e- mails that look similar to the authentic e-mails sent by their bank -The customers are asked to click on a link in these e-mails, which takes them to fake website that resembles their bank’s website -They are then asked to key in their confidential banking details like use id’s, pw, etc on the fake website Thru phone:- -Fraudsters posing as bank officials call up customers and ask them for their confidential banking details under some pretext. -The customers part with the details, believing that the call is from a genuine bank official
27
Internet Fraud - Bank A/c 27 Once the requested information is received, the fraudster uses it to carry out online financial transactions on the customers account Precautions- - Change your internet banking password immediately -Call your customer care and inform -Lodge complaint Remember no bank ask for your confidential information thru email, SMS or phone
28
Security - Good tips… 28 If you shop online: Look for the padlock. Look for https.www (website address) this indicates a secure site. Don’t enter personal information if you don’t know the site is secure.
29
Important Internet Facts Anyone can publish information on the Internet. You are responsible for evaluating the information you find. 29
30
Tips for Evaluating Websites 30 Ask yourself these two questions: Who wrote or published the information? Is this author or publisher a reliable source of information?
31
TALLY - Remote Access 31
32
Remote Access 32 Connect to clients data from your office or anywhere Use Audit Features at clients office also Use full audit capabilities from any system – even on an evaluation version of Tally No risk of data theft – both systems are Internet clients Both user’s Tally data is hack proof Use your local printer for printing any report Customisations and changes done by client automatically reflect on your system
33
TALLY – Audit Tools 33 Tax Audit 44AB Audit Form 3CD Statutory Audit Data Analysis Auditing Schedule VI reports Statutory Compliance
34
34 Tax Audit - 44AB Audit Clause 16: Bonus, PF, ESI Recoveries Clause 17(h): Amounts inadmissible u/s 40A(3) Clause 18 Payments to Specified Persons Clause 21: Payment under section 43B Employer’s Contribution TDS Service tax VAT Clause 24(a): Loans/Deposits accepted Clause 24(b) Loans/Deposits Repaid Clause 27: Tax Deducted at source Annexure II - Fringe Benefit Tax Form 3CD – create, save, print Complete Form as approved by the IT Department Annexure to Form 3CD
35
TALLY 35 Statutory Compliance tool VAT/CST Verification of Ledgers Verification of Vouchers Service Tax Verification of Ledgers Verification of Vouchers TCS Verification of Ledgers Verification of Vouchers
36
36 PROFESSIONAL OPPORTUNITIES
37
A. Process Review/Audit: 37 IT / Security Policy /Procedures System administration Database Administration Security Administration Change management Backup & Restoration procedures BCP/DR Alternate delivery channels like ATM, Internet banking Vendor management/SLA Inventory management Help Desk Function
38
B. Security review/Audit 38 Application security Network Security Database security Vulnerability assessment of Critical servers External non intrusive Penetration Testing of critical equipments- Physical & Environment controls
39
Others 39 C. Concurrent audit & Systems Audit: Migration audit Physical & Environment controls D. Data Mining: Analysis – bank what is the no. of accounts/warehouse facilities across the country E. Fraud & Forensic accounting E. XBRL
40
Empanelment Opportunities 40 All Nationalised and other banks Due Diligence ERP – SAP/Peoplesoft Consultants Tally Consultants – There are reports available for tax audit, etc Sarbanes Oxley Act and Clause 49 of the listing requirements Business Process Re-engineering - ERP Consulting, IT Governance Systems Audit of Stock Brokers of NSE/ BSE. Computer Emergency Response Team of India (CERT-In) has recognized the D.I.S.A. (ICAI) qualification for empanelment of IS Auditors. SEBI – Mutual fund audits IRDA
41
COURSES 41 Course Available after DISA: CISA CISM CEGEIT CISSP CFE G-SEC
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.