Home Up Principals Get Your Files Cost of Service Feedback Search Contents

Audit of IS Security
Up 2004 Tax News Business Resources Consulting Tax Services Tax Help & Tips Tax Problems Non for Profit Accounting Svc. Audit Service Estate Planning Pay on-line

Home
Up

  

 

Operational Audit:

Assesses the use of the whole organization and/or particular unit resources to evaluate whether those resources are being used in the most efficient and effective way to fulfill the mission and objectives.

We will identify the objectives of the process being reviewed and then assess the controls in place to ensure those objectives are being met and the obstacles that prevent them from being met.  Based on this analysis, recommendations and planned actions can be formulated.

Computer Security:

We will inspect and review the physical and logical security measures, parameters, plans, practices, and policies placed by the organization over the computer resources, and we will review how security is established for computer platforms, Networks and communication. The security of computer applications is also assessed when the related system review is being done.

Application Reviews

Assessing both manual and programmed internal controls related to application systems. There are four primary areas of audit coverage for an application being reviewed (see the computer controls questionnaire used for application reviews):

Control environment: This includes reviewing the systems security, its operating platform, system documentation and the interacess it has with other systems.

Data Input Controls: This involves reviewing the controls which ensure that data entered into the system is accurate, complete and valid. Examples include manual procedures for authorizing data and ensuring its accuracy and data entry edits such as verifying data to system tables.

Processing Controls: These controls ensure that the data is properly processed, that data is not lost and that automatic calculations performed by the system are accurate. This is tested by assessing controls built into the programs and by processing test data through the system and comparing the results of processing with expected results.

Output Controls: We review the system generated reports to ensure they are accurate and to ensure that the reports produced are reliable, timely and relevant. We also assess whether cost savings can be achieved by reducing either the number of the quantity of reports produced.

Systems Development/Acquisition and Implementation

We will review the process used to evaluate the need for a new system, to identify system requirements, to source vendors, select a product or develop one and to implement the system. We will work with organization IS Department and/or Computer Services to develop a system implementation checklist that users can use when they are going to implement a new system. This checklist is in accordance with Organization system implementation standards.


Other services can be rendered in this area include providing assistance in utilizing the Organizations system implementation standards as well as to provide a consultative role during the system implementation process to ensure that the new system includes appropriate internal controls.

 

Organization Administrative System Security Reviews


The audit process can also include a Services reviews the operating system controls and add-on security tools to ensure that they provide adequate protection to Organization data and assets. The objective of this type of review is to ensure that the computer operating platforms provide adequate security which prevents unauthorized access and ensures the integrity of data. Other areas that could be included are telecommunications, the Internet and database security.

Local Area Network Security

We will assess the security controls on Organization Local Area Networks. The objective of this review is to ensure that data stored on the Network is secure and that the Network is administered in accordance with Organization policies.

Audit steps conducted related to the Network are listed in Faculty/Department Administrative Controls.

 

 

 

Home ] Up ]

Send mail to Webmaster@txcpa.net with questions or comments about this web site.
Copyright © 1998 - 20004 Richard A. Chichakli, P.C. Certified Public Accountants & Information System Auditors
Last modified: February 19, 2007