Transcript Internal control - CICA - Mgt discharges respon.

This Lecture Covers
• Roles of
–
–
–
–
–
Management
IT Personnel
Users
Internal Auditors
External Auditors
Senior Mgmt Role in IS
•
Planning and coordinating - financial and resource planning;
synchronizing and harmonizing
- especially important due to rapid IT change,
major systems expected life could be 5 yrs
- use of steering committees
- assimilate IT function into entity - ensure there is mutual
understanding/communication between IT and others
•
Organizing and staffing - provide appropriate organizational
structure and adequate segregation of duties with
programming and system design being separate from
operations, need adequate training, career paths
- 3 functions - operations, dev/mtnce, innovation
Senior Mgmt Role in IS
•
Directing and Leading - Ensuring proper standards
• System design and analysis - to ensure well organized approach
and to ensure that accounting records are accurate and reliable
- without them wrong equip, software, excessive reliance on one person
• Standards for programming - defining each person’s responsibilities and
how they are to be attained
- without them can be logic errors, loss of audit trail,
- include structure requirements, testing procedures and documentation
• Standards for processing - to prevent loss/manipulation of data
- procedures for data conversion, data control,
computer operations and file storage and control.
Senior Mgmt Role in IS
•
Standards for documentation needed
• at system level - to facilitate maintenance and ensure that
effective systems developed
• at program level - to make sure source code maintained,
control unauthorized changes
• at operations level - to make sure processing errors can't
go undetected
• at user level - to decrease user error
rates, turnover, etc.
Risk Management
•
A: Enterprise-wide risk culture to support identification,
assessment and management of IT risk
•
B: Manage IT risk at all levels
•
C: Effective/efficient IT planning process
•
D: IT strategic and tactical plans integrated with business plans
•
E: Develop and communicate IT strategic and tactical plans
•
F: Implement IT plans and monitor results
•
G: Measure IT performance
Control
•
Financial control - use budgets (costs and times), schedules, etc.
- make sure IT is separate cost control and is accountable
•
Reliable systems
– availability
– security
– integrity
– maintainability
Roles of IT Personnel
•
CIO appointment
•
IS Development and Acquisition project mgmt, system investigation, requirement analysis/
initial design, development, implementation and maintenance
•
Info Sys Op’n - production (data/workflow), operations,
facility planning and processing support
•
IS support - security,
dbase administration,
continuity/disaster recovery planning
Role of Users
•
Ensure app controls are performed
•
Get involved in system development -
make sure needs addressed, etc.
•
Increasing control over own environment
Role of Internal Audit
•
Key monitoring role
•
Preventive approach to IS auditing
•
Various levels of involvement from just reviewing general
controls and security to testing general/application controls,
testing new system development, testing transactions using
embedded audit routines, audit software
Role of External Audit
• Limited time for systems
• Increasing reliance on I/A
• Still try to audit around computer at times
• But, new assurance services
– SysTrust
– WebTrust
External Auditor
• Increased participation in systems
development
–
–
–
–
–
–
–
assess adequacy of IC in new system
assess adequacy of mgmt trails
assess appropriateness of acct principles
supplemental communication link - mgmt and IS
assess compliance with sys. dev. standards
monitor systems conversions
monitor adequacy of IC once system implemented (post
implementation)