Computer Control & Audit

1. Computer Control & Audit An overview 2001

2. Computer Control & Audit • Risks & exposures • Preferred IT management practices • Study & evaluation of internal control • Other assurance services • Computer-assisted audit techniques

3. Preferred IT Management Practices • Planning, organizing, staffing & budgeting • Leading, directing • Assessing risk • Communicating • Monitoring & controlling

4. Study & Eval’n of Internal Control • Documenting Systems • General controls • Management responsibilities • Systems dev, acq’n & maintenance • Security (physical and logical/electronic access) • Availability (backup, recovery, insurance) • Operations (infrastructure, personnel, software, data, procedures) • Application controls • Input, process, storage, output, aud trails

5. Application Controls

6. Other Assurance Services • Service organizations (s. 5900) • SysTrust • WebTrust • System quality • Relevance + Reliability • 3e’s: efficiency, effectiveness, economy

7. Computer-Assisted Audit Techniques • Audit planning and administration • System understanding • System-oriented tests • Test data • Data-oriented tests • Data extraction and analysis, parallel simulation • Problem solving and decision support