Professional Documents
Culture Documents
Criteria of IT system
Completeness: transactions recorded are complete.
Authorization: Only authorized transactions are recorded; Only authorized personnel have
access.
Accuracy: All transactions recorded are accurate; Periodic checks to ensure accuracy.
Timeliness: All transactions are recorded timely; Periodic checks to ensure operational
efficiency.
Occurrence: Only transactions that occur have been recorded; Reflect real assets and liabilities.
Efficiency: Cost benefit analysis; Scalable systems.
Components of AIS
IT infrastructure & architecture: LAN, WAN, DBMS, Mainframe, hardware.
Software: Systems and Applications.
People: CIO, Development and maintenance personnel. Quality assurance personnel, security
personnel.
Procedures: accounting procedures, user procedures, system operations procedures.
Information: ownership and classification, access.
Internal controls & security measures: discussed throughout.
Advantages of DBMS
Data independence
Data redundancy in storage reduced
Increases data accessibility
Disadvantages of BDMS
Costly
Slower processing
Longer Periodic updates
Chapter 2
Sources of IT problems
Incomplete design
Software crash or glitch
Hardware malfunctioning
Incorrect system use and operation
Poor maintenance or upgrade issues
Environmental and Acts of God
Inherent risk
1. This is the first year of the information system in operation. Therefore, there is a greater risk of
inherent risk because it has not been evaluated or tested in the past for completeness and
accuracy.
2. The system is spread over five branches across the country in addition to the head office, which,
inherent risk due to greater threat of system failure, software crash and glitch, or system hack.
3. Increases in automation decreases paper trail and thereby inherently increases risk.
Control risk
1. Back up of data uses tape system the tape may be damaged.
2. Customers complete applications online which without having to be in person and validate their
verification.
3. The bar codes may be misused or mishandled by skipping items.
4. No indication of type or strength of password.
5. System ID and passwords are sent by mail.
6. Poor segregation of duties.
Detection risk
1. The system incorporates multiple features including order entry, invoicing, receivables and
collection. Therefore, there is a greater risk of detecting a misstatement due to a high number of
features.
2. WAN requires technical knowledge which increases detection risk.
What is IT strategy
What is IT governance
Systems development
Computer operations
Quality assurance
Security
Database administration
Hardware support
Server administration
Database administration
Network operations
Operations scheduling and monitoring
Data backup and retention
Help desk
Capacity planning
Incident response
Why does IT require segregation of duties?
Warm = Hardware
Soft = FUCKKKED
Progressive Realtors Ltd.
From: CPA
This report serves to provide recommendations to adequately control the activities of the Information
Technology Division, including the ASP operation.
Issue: Important functions such as the mortgage system can be accessed from any of the 300
workstations.
Risks:
There is a greater threat of data theft
There is a threat to data confidentiality
Recommendations:
Data ownership and classification should be defined so only required personnel can access the
data.
There should be a log-in process including password protection.
Issue: Files are sometimes updated by the users with non-essential" data issued by a user department
clerk without hard copy documentation.
Risks:
Risk of human error.
Non-essential data is still useful.
Recommendations:
The employee should submit a signed form, which, should be processed and stored in the
employees file.
Chapter 4
What can go wrong with poor systems development?
Inaccurate bookkeeping
Excessive operating costs
Built-in fraud
Budget overruns
Erroneous management decisions