Register for SEMESTER JANUARY 2013
CBKM3103 KNOWLEDGE MODELING AND REPRESENTATION
CBSC4103 SOFTWARE CONSTRUCTION
CBSN4103 NETWORK SECURITY AND DESIGN
-Good Luck!!!-
Personal Blog : My OUM(Open University Malaysia) journey starting from Jan 2011 till graduate.
Everyone can copy the contents in this blog and please leave some credit or a backlink to me... -Thank You-
Everyone can copy the contents in this blog and please leave some credit or a backlink to me... -Thank You-
Thursday, December 27, 2012
Thursday, December 6, 2012
Audit Approach
INTRODUCTION TO IS AUDIT,SECURITY AND CONTRO - Audit Approach
1.0 Introduction.
In the task this time, I will discuss in detail about the audit, Procedures, and Controls audit evidence collection methods for each audit procedure. The case study is based on the bank system failure in phase 1 of the loan system and is building a second phase involving savings and current accounts. Before we go in depth, in advance is very necessary for us to understand the meaning of audit procedures. Audit Procedures is the review process and to test the accuracy and validity of financial data in a company. During the audit process, a data sample will be tested to ensure accuracy and error in the control system. If the number of errors detected in the data model first, second data series to be tested to prove the offense is on the first account of the data series.
1.0 Introduction.
In the task this time, I will discuss in detail about the audit, Procedures, and Controls audit evidence collection methods for each audit procedure. The case study is based on the bank system failure in phase 1 of the loan system and is building a second phase involving savings and current accounts. Before we go in depth, in advance is very necessary for us to understand the meaning of audit procedures. Audit Procedures is the review process and to test the accuracy and validity of financial data in a company. During the audit process, a data sample will be tested to ensure accuracy and error in the control system. If the number of errors detected in the data model first, second data series to be tested to prove the offense is on the first account of the data series.
2.0 Audit Procedure
Generally there are five types of audit procedure used to evaluate the effectiveness of operations and information systems used. I will customize these five procedures based assignment.
Generally there are five types of audit procedure used to evaluate the effectiveness of operations and information systems used. I will customize these five procedures based assignment.
2.1 Procedure to obtain an understanding of audit plan.
This is to understand the internal controls in the organization. This is to understand the internal controls in the organization. As we know, money management behind the counter in a bank involves three parties: teller, officer and branch manager. Each of them has different duties and functions depending on their rank. For the management of savings and current accounts, teller job is to make sure the money received is calculated correctly and sufficiently. This is to ensure that there is a shortage of money received from customers.
Apart from that, the documents received from customers as deposits and withdrawals receipts should be checked properly and carefully.
This is to understand the internal controls in the organization. This is to understand the internal controls in the organization. As we know, money management behind the counter in a bank involves three parties: teller, officer and branch manager. Each of them has different duties and functions depending on their rank. For the management of savings and current accounts, teller job is to make sure the money received is calculated correctly and sufficiently. This is to ensure that there is a shortage of money received from customers.
Apart from that, the documents received from customers as deposits and withdrawals receipts should be checked properly and carefully.
Meanwhile, the officials job to inspect the documents received prior to confirmed. This is to ensure that no errors occur, particularly when they relate to the customer's personal records. Task branch officials are more focused on the overall supervision. He needs to monitor the entire operation under the supervision of branches so that all transactions run smoothly. For example, in the event of power supply is not stable, he should stop all transactions involving the application system and it is carried out manually.
2.2 Test of controls
Test control to ensure internal controls are followed by all staff and running smoothly. This is to avoid the duties are not in accordance with prescribed procedures. In this way, negligent or inadvertent errors can be avoided.
Test control to ensure internal controls are followed by all staff and running smoothly. This is to avoid the duties are not in accordance with prescribed procedures. In this way, negligent or inadvertent errors can be avoided.
2.3 Substantive tests of detail of transaction
This is done by the auditor to determine whether there is a fault or loss that may occur on the customer account data. This is done on the efficacy and effectiveness of the system based on the system used. This involves hardware, software, support staff and system users. These include the need to train staff to be competent in using the new system applications. During the test run, auditors should also ensure that critical errors are identified.
This is done by the auditor to determine whether there is a fault or loss that may occur on the customer account data. This is done on the efficacy and effectiveness of the system based on the system used. This involves hardware, software, support staff and system users. These include the need to train staff to be competent in using the new system applications. During the test run, auditors should also ensure that critical errors are identified.
2.4 Substantive tests of detail of account balances
This measure is intended to obtain audit evidence conducted by the counter clerk. The evidence collected is used to make the decision to get a stable system and no errors. For example, the auditor may make a survey for the teller about their satisfaction in using the new system. Improvements will be done directly based on a survey obtained.
This measure is intended to obtain audit evidence conducted by the counter clerk. The evidence collected is used to make the decision to get a stable system and no errors. For example, the auditor may make a survey for the teller about their satisfaction in using the new system. Improvements will be done directly based on a survey obtained.
2.5 Analytic review procedures
In this step, the auditor will provide advice if there is a mistake in the management of the current account or savings account. It obtained during tests conducted over time. This procedure is important as the system to be in use in the time frame of 12 months.. Analitic reviews conducted after the balance of the account and the operations were carried out within a certain period successfully.
In this step, the auditor will provide advice if there is a mistake in the management of the current account or savings account. It obtained during tests conducted over time. This procedure is important as the system to be in use in the time frame of 12 months.. Analitic reviews conducted after the balance of the account and the operations were carried out within a certain period successfully.
3.0 Expected Controls
3.1 Programming Management Controls - Testing Phase
3.1 Programming Management Controls - Testing Phase
Based on the phase 1 of cases involving loan system, there is loss of customer records and improper loan balance in the new system. This shows the weakness that has occurred during the test phase of the system is developed which does not do well. This may occur because the test was not done in the program life cycle that requires system tested at each time there is a change of code. Major activities that would normally carried in the "program life cycle" is:
Preparation of test data
Program testing
Documentation of test result
Repairing of bugs identified through testing
Final release of correct code
Program testing
Documentation of test result
Repairing of bugs identified through testing
Final release of correct code
Above five steps to be followed so that errors can be detected and corrected before the system is given to the teller.
3.2 Operation management control – Audit consideration for data conversion
There are some records lost during the migration phase 1 is done. This result clearly occur because auditors do not provide clear procedures made during system development and cause a loss of customer account data in the loan system.
There are some records lost during the migration phase 1 is done. This result clearly occur because auditors do not provide clear procedures made during system development and cause a loss of customer account data in the loan system.
In order to ensure data savings accounts and current accounts of all customers are not lost, auditors should ensure that the projects discussed include the issues, strategies and data conversion. Procedures for data transition should also be documented and followed properly. In addition, backups have to be made to secure customer data security. As we know, savings and current account data involving money is very sensitive. Therefore, the system should also be tested at random to ensure that it runs as expected.
3.3 Management Control – Socio-technical design approach & Staff ability
Weaknesses of a system lies in the system itself or its users. Habit that occurs from users is due to sabotage and negligence-based systems. In the management of savings and current account, it is very important to ensure that no errors occur due to poor handling by the teller system.
Some of the long serving staff difficult to understand the new system. Sometimes they also refuse / are unable to accept a new way of working changes introduced by management. For example, those who are older or pension may not be able to use the new system more efficiently because they lack the skills to understand the new system. To ensure that the system can be used by multiple layers of generations of workers, organizations need to provide ongoing training to employees. In this way the workers themselves will be able to equip themselves with the new system.
In other words, the management needs to give serious attention to training and motivation of employees to ensure that all staff involved with the new system can use it without any hesitation. Indirectly act as sabotage will not occur among workers who can affect the organization's reputation.
3.4 Operation management controls – Network operation
Nowadays, the use of internet banking is very popular used by almost everyone. Among them are used for money transfers, bill payments, credit card payments, loans and so on. All these transactions occur using a savings account and current account users. Thus the stability of the system and an internet connection is necessary to ensure that the system can be used by users without any access interference. Operational management should ensure a few things taken care of to ensure smooth running of the internet online 24 hours a day. Among the controls that must be made is:
Nowadays, the use of internet banking is very popular used by almost everyone. Among them are used for money transfers, bill payments, credit card payments, loans and so on. All these transactions occur using a savings account and current account users. Thus the stability of the system and an internet connection is necessary to ensure that the system can be used by users without any access interference. Operational management should ensure a few things taken care of to ensure smooth running of the internet online 24 hours a day. Among the controls that must be made is:
Control to prevent unauthorized access – Mandating the use of ID and strong password to avoid encroachment
Monitoring network activity – Increase the bandwidth when necessary
Performing backup of files saved in the network – Backup data stored by users on-line.
Monitor levels of corrupted data – Damaged data control so as not to disrupt the smooth lines
Monitor traffic activity – Ensure uncrowded online traffic that can slow down transactions online
Monitoring network activity – Increase the bandwidth when necessary
Performing backup of files saved in the network – Backup data stored by users on-line.
Monitor levels of corrupted data – Damaged data control so as not to disrupt the smooth lines
Monitor traffic activity – Ensure uncrowded online traffic that can slow down transactions online
4.0 Methods of evidence collection
Several methods are identified to prevent data from being lost or go wrong during a transaction performed by the user. No matter whether it is running on-line, or transactions that occur in the automatic teller machine, errors caused by system weaknesses should not happen. To avoid a system failure, the method used for the purpose of gathering evidence to improve the quality system and therefore ensure that the new system does not have any weaknesses. These methods are Code reviews, Test data and Code Comparison.
Several methods are identified to prevent data from being lost or go wrong during a transaction performed by the user. No matter whether it is running on-line, or transactions that occur in the automatic teller machine, errors caused by system weaknesses should not happen. To avoid a system failure, the method used for the purpose of gathering evidence to improve the quality system and therefore ensure that the new system does not have any weaknesses. These methods are Code reviews, Test data and Code Comparison.
4.1 Code Reviews
Auditors examine the source code to ensure that there are no mistakes in the logic of the program and no codes are not required in the system. It is intended to ensure that the system is developed according to the requirements set function. In general, this method can make the system more robust and rugged thus increasing the speed of the system itself.
Auditors examine the source code to ensure that there are no mistakes in the logic of the program and no codes are not required in the system. It is intended to ensure that the system is developed according to the requirements set function. In general, this method can make the system more robust and rugged thus increasing the speed of the system itself.
4.2 Test Data
For this purpose, the auditor uses sample data to see the whole process through the system output. Deficiency in this way is that the auditor uses sample data to test the system. This causes all program logic can not be tested to the full.
For this purpose, the auditor uses sample data to see the whole process through the system output. Deficiency in this way is that the auditor uses sample data to test the system. This causes all program logic can not be tested to the full.
However, auditors are faced with some problems to build test data. Such as: If the test needs to be done is increasing, then the test data that needs to be built to be more numerous and not repeated. This is something that is difficult because in order to provide a lot of data is needed time and a large workforce to include sample data. Apart from that, the auditors also face problems if the resources available are limited. This situation will affect the results of tests carried out by the auditor and cause the system can not be tested
in the right way.
in the right way.
Among the ways to test data using the substantive test. Both the substantive test in the audit procedures carried out as described in the preceding paragraph.
4.3 Code Comparison
There are two types of code Comparison: Program Source Code Comparison and Object Code Comparison. Both methods are intended to identify any confusion. The program source code is done by comparing two program source code. While Object Code Program is conducted by comparing two object code. In the audit procedures there is a way to ensure that no errors when the program is checked and tested code. It is the Procedure to Obtain an Understanding of the audit plan. In this procedure the program
code tested to demonstrate that there is no error.
There are two types of code Comparison: Program Source Code Comparison and Object Code Comparison. Both methods are intended to identify any confusion. The program source code is done by comparing two program source code. While Object Code Program is conducted by comparing two object code. In the audit procedures there is a way to ensure that no errors when the program is checked and tested code. It is the Procedure to Obtain an Understanding of the audit plan. In this procedure the program
code tested to demonstrate that there is no error.
References
http://www.ehow.com/facts_5494359_description-auditing.html
Open University Malaysia (2012). Introduction to IS Audit, Security and Control. Unit 1 ~ 8. Pearson
http://www.ehow.com/how-does_5296119_steps-audit-process.html
http://www.wisegeek.com/what-are-the-different-types-of-audit-procedures.htm
http://www.ehow.com/facts_5494359_description-auditing.html
Open University Malaysia (2012). Introduction to IS Audit, Security and Control. Unit 1 ~ 8. Pearson
http://www.ehow.com/how-does_5296119_steps-audit-process.html
http://www.wisegeek.com/what-are-the-different-types-of-audit-procedures.htm
Introduction
Bus is very important in order for the computer equipment to function properly. Bus seems like a cable that carries data signals from one place to another. Without Bus computer equipment could not send a signal to the processor to execute the next instruction. In other words, the bus acts as an intermediary between the processor instruction equipment for the action to be carried out. According to pccomputernotes.com, they define bus as “a set of electronic signal pathways that allows information and signals to travel between components inside or outside of a computer.” Computer bus is divided into two types, namely Internal and external bus. Generally Internal buses connect the equipment available in the computer chassis such as system memory, processors and other components connected to the main board. While the external bus is also known as the expansion bus. External bus connecting the different equipment with input-output ports, expansions lots and connection to another drive. In general, external buss lower than the system bus.
Bus is very important in order for the computer equipment to function properly. Bus seems like a cable that carries data signals from one place to another. Without Bus computer equipment could not send a signal to the processor to execute the next instruction. In other words, the bus acts as an intermediary between the processor instruction equipment for the action to be carried out. According to pccomputernotes.com, they define bus as “a set of electronic signal pathways that allows information and signals to travel between components inside or outside of a computer.” Computer bus is divided into two types, namely Internal and external bus. Generally Internal buses connect the equipment available in the computer chassis such as system memory, processors and other components connected to the main board. While the external bus is also known as the expansion bus. External bus connecting the different equipment with input-output ports, expansions lots and connection to another drive. In general, external buss lower than the system bus.
Advantages of bus
2.1 Simple & versatile:
The new device can be added easily when needed. For example, we could add input or output device if required. Bus system will act to bring instructions or data sent by the new equipment added earlier.
2.1 Simple & versatile:
The new device can be added easily when needed. For example, we could add input or output device if required. Bus system will act to bring instructions or data sent by the new equipment added earlier.
2.2 The device can be moved when necessary
The device can be transferred between computers using the same standard bus system. Bus system will read the same device even if the device has been transferred to another computer. These advantages save money as could avoid spending more to buy a lot of devices to meet the needs of computer users.
The device can be transferred between computers using the same standard bus system. Bus system will read the same device even if the device has been transferred to another computer. These advantages save money as could avoid spending more to buy a lot of devices to meet the needs of computer users.
2.3 Low Cost
A single set of wires is shared in multiple ways - This explains that the cost used is very low compared with other methods for the device to send / receive signals from the processor. Manage complexity by partitioning the design – If many devices need a bus at the same time, then it will be broken up into several sections that allow processors to receive and send commands required by the device.
A single set of wires is shared in multiple ways - This explains that the cost used is very low compared with other methods for the device to send / receive signals from the processor. Manage complexity by partitioning the design – If many devices need a bus at the same time, then it will be broken up into several sections that allow processors to receive and send commands required by the device.
3.0 Disadvantages of bus
3.1 Communication bottleneck
The bandwidth of that bus can limit the maximum I/O throughput. In this case, if the bus bandwidth is insufficient or can not meet demand device, the failure to deliver the next instruction will occur. In other words, the device is notable to use the bus when it is needed. This will affect the actual input output required by the device. The maximum bus speed is largely limited by:
3.1 Communication bottleneck
The bandwidth of that bus can limit the maximum I/O throughput. In this case, if the bus bandwidth is insufficient or can not meet demand device, the failure to deliver the next instruction will occur. In other words, the device is notable to use the bus when it is needed. This will affect the actual input output required by the device. The maximum bus speed is largely limited by:
- The length of the bus.
- The number of devices on the bus.
- The need to support a range of devices.
In centralized Arbitration, the device closest to the arbitrator has a higher priority than the remote. Indirectly bus devices that require fast action but away from the arbitrator is unable to perform the desired direction. If this happens, it can slow down the process of receiving and transmitting from the device.
3.3 Priorities are fixed
In Decentralized Arbitration, it is possible that the device has a low priority do not get a bus for a long time. Total device is also limited to the bus line.
4.0 Bus arbitration problem
Before we go further on bus arbitration, we need to under stand the true meaning of bus arbitration. Bus Arbitration is a method to determine the priority of the access signal transmitted from computer equipment to the motherboard through a bus. According to answers.com, “In a single bus architecture when more than one device requests the bus, a controller called bus arbiter decides who gets the bus, this is called the bus arbitration”. Bus Arbitration has several problems that can not be avoided when several devices simultaneously execute instructions. 2 problems that often occur in the bus Arbitration is:
(i) It will happen when all the bus wants to be the leader of the other buses. So when no priority is given, then the congestion to get the bus going to happen and in turn will slow down the process of getting and sending bus requested by devices.
In Decentralized Arbitration, it is possible that the device has a low priority do not get a bus for a long time. Total device is also limited to the bus line.
4.0 Bus arbitration problem
Before we go further on bus arbitration, we need to under stand the true meaning of bus arbitration. Bus Arbitration is a method to determine the priority of the access signal transmitted from computer equipment to the motherboard through a bus. According to answers.com, “In a single bus architecture when more than one device requests the bus, a controller called bus arbiter decides who gets the bus, this is called the bus arbitration”. Bus Arbitration has several problems that can not be avoided when several devices simultaneously execute instructions. 2 problems that often occur in the bus Arbitration is:
(i) It will happen when all the bus wants to be the leader of the other buses. So when no priority is given, then the congestion to get the bus going to happen and in turn will slow down the process of getting and sending bus requested by devices.
(ii) The more difficult if each device has a bus requester and sender. Each device will want a fast bus. This situation requires a quick arbitrator to deal with this problem.
To overcome the problems mentioned above, I will describe two types of bus Arbitration: Centralized Arbitration scheme and Decentralized Arbitration scheme.
5.0 Centralized Arbitration scheme
Bus centralized require hardware or arbitrator authorized the bus to perform the tasks required by the device. In this case, the hardware is probably from the CPU itself or devices available on the motherboard. There are three types of centralized Arbitration.
(a) A single shared bus request Line
Figure 1:A centralized one-level bus arbiter using daisy chaining
Just use a line bus. Arbiter function to receive signals from the device and the transmission path to the input-output bus closest to the arbitrator. If the device is denied bus received, then it will be given to the device I / O to another inline to receive the bus.
(b) Multiple shared bus request but with different priority levels
Figure 2 :A centralized two-level bus arbiter using daisy chaining
Each level has priority needs bus and the bus grant. Each device fitted to the bus at every level where it was needed bus devices will be given high priority level. If many requests are required by the devices simultaneously, arbitrator will provide a bus to the devices really need. But if all devices have interests / priorities are equal, the daisy chaining is used (The bus grant line - from one device to the next).
For example, based on the diagram above, if level 2 has a higher priority than level 1, then the order of priority is 3 -> 5 -> 1 -> 2 -> 4.
(c) Independent bus request lines
Figure 3: A centralized bus arbitration with independent bus request and grant lines
Such configuration used in the PCI bus. Each device has a bus request and bus grant. Arbitrator shall give preference to several bus. Arbitration faster because the bus is not shared. Arbiter also consider the policy priorities of the requesting device. However, it would take a high cost due to more complex and a lot of hose needed to be implemented. Based on Figure 3.0, all devices share the same arbitrator centrally. All devices also do not share the bus, then this allows bus request and bus grant can occur more rapidly.
6.0 Decentralized arbitration scheme
Decentralized Arbitration does not require arbitrator. So the device should make sure who goes first. This condition causes the device task becomes more complex and complicated. Indirectly, the bus trip to be quite slow. However, this saves cost because it has no arbitrator as happened with centralized bus.
Figure 4.0 : Decentralized arbitration
Based on Figure 4.0 above, the requester bus line is usually given priority according to numbers 0 to 3. So if the device requires bus simultaneously, then the devices will know which are the highest priority will get first bus. And so on happen to other devices.
7.0 Conclusion
Based on a written paragraph above, all types of buses has its own advantages and disadvantages. Respectively, were adjusted according to the need of bus technology that can respond immediately. For example, for banking hardware used must be made up of the best device and the bus. While the computer for home use may only use the device and mediumspeed bus. All this depends on the engineers who built the device and the bus for any hardware to be used.
Refferences
http://fcit.usf.edu/network/chap5/chap5.htm#LinearBusnetwork
http://www.pccomputernotes.com/system_bus/bus01.htm
http://www.sm.luth.se/csee/courses/smd/137/slides/F12/bus.pdf
http://www.answer.com
To overcome the problems mentioned above, I will describe two types of bus Arbitration: Centralized Arbitration scheme and Decentralized Arbitration scheme.
5.0 Centralized Arbitration scheme
Bus centralized require hardware or arbitrator authorized the bus to perform the tasks required by the device. In this case, the hardware is probably from the CPU itself or devices available on the motherboard. There are three types of centralized Arbitration.
(a) A single shared bus request Line
Figure 1:A centralized one-level bus arbiter using daisy chaining
Just use a line bus. Arbiter function to receive signals from the device and the transmission path to the input-output bus closest to the arbitrator. If the device is denied bus received, then it will be given to the device I / O to another inline to receive the bus.
(b) Multiple shared bus request but with different priority levels
Figure 2 :A centralized two-level bus arbiter using daisy chaining
Each level has priority needs bus and the bus grant. Each device fitted to the bus at every level where it was needed bus devices will be given high priority level. If many requests are required by the devices simultaneously, arbitrator will provide a bus to the devices really need. But if all devices have interests / priorities are equal, the daisy chaining is used (The bus grant line - from one device to the next).
For example, based on the diagram above, if level 2 has a higher priority than level 1, then the order of priority is 3 -> 5 -> 1 -> 2 -> 4.
(c) Independent bus request lines
Figure 3: A centralized bus arbitration with independent bus request and grant lines
Such configuration used in the PCI bus. Each device has a bus request and bus grant. Arbitrator shall give preference to several bus. Arbitration faster because the bus is not shared. Arbiter also consider the policy priorities of the requesting device. However, it would take a high cost due to more complex and a lot of hose needed to be implemented. Based on Figure 3.0, all devices share the same arbitrator centrally. All devices also do not share the bus, then this allows bus request and bus grant can occur more rapidly.
6.0 Decentralized arbitration scheme
Decentralized Arbitration does not require arbitrator. So the device should make sure who goes first. This condition causes the device task becomes more complex and complicated. Indirectly, the bus trip to be quite slow. However, this saves cost because it has no arbitrator as happened with centralized bus.
Figure 4.0 : Decentralized arbitration
Based on Figure 4.0 above, the requester bus line is usually given priority according to numbers 0 to 3. So if the device requires bus simultaneously, then the devices will know which are the highest priority will get first bus. And so on happen to other devices.
7.0 Conclusion
Based on a written paragraph above, all types of buses has its own advantages and disadvantages. Respectively, were adjusted according to the need of bus technology that can respond immediately. For example, for banking hardware used must be made up of the best device and the bus. While the computer for home use may only use the device and mediumspeed bus. All this depends on the engineers who built the device and the bus for any hardware to be used.
Refferences
http://fcit.usf.edu/network/chap5/chap5.htm#LinearBusnetwork
http://www.pccomputernotes.com/system_bus/bus01.htm
http://www.sm.luth.se/csee/courses/smd/137/slides/F12/bus.pdf
http://www.answer.com
Subscribe to:
Posts (Atom)