INTRODUCTION TO IS AUDIT,SECURITY AND CONTRO - Audit Approach
1.0 Introduction.
In the task this time, I will discuss in detail about the audit, Procedures, and Controls audit evidence collection methods for each audit procedure. The case study is based on the bank system failure in phase 1 of the loan system and is building a second phase involving savings and current accounts. Before we go in depth, in advance is very necessary for us to understand the meaning of audit procedures. Audit Procedures is the review process and to test the accuracy and validity of financial data in a company. During the audit process, a data sample will be tested to ensure accuracy and error in the control system. If the number of errors detected in the data model first, second data series to be tested to prove the offense is on the first account of the data series.
1.0 Introduction.
In the task this time, I will discuss in detail about the audit, Procedures, and Controls audit evidence collection methods for each audit procedure. The case study is based on the bank system failure in phase 1 of the loan system and is building a second phase involving savings and current accounts. Before we go in depth, in advance is very necessary for us to understand the meaning of audit procedures. Audit Procedures is the review process and to test the accuracy and validity of financial data in a company. During the audit process, a data sample will be tested to ensure accuracy and error in the control system. If the number of errors detected in the data model first, second data series to be tested to prove the offense is on the first account of the data series.
2.0 Audit Procedure
Generally there are five types of audit procedure used to evaluate the effectiveness of operations and information systems used. I will customize these five procedures based assignment.
Generally there are five types of audit procedure used to evaluate the effectiveness of operations and information systems used. I will customize these five procedures based assignment.
2.1 Procedure to obtain an understanding of audit plan.
This is to understand the internal controls in the organization. This is to understand the internal controls in the organization. As we know, money management behind the counter in a bank involves three parties: teller, officer and branch manager. Each of them has different duties and functions depending on their rank. For the management of savings and current accounts, teller job is to make sure the money received is calculated correctly and sufficiently. This is to ensure that there is a shortage of money received from customers.
Apart from that, the documents received from customers as deposits and withdrawals receipts should be checked properly and carefully.
This is to understand the internal controls in the organization. This is to understand the internal controls in the organization. As we know, money management behind the counter in a bank involves three parties: teller, officer and branch manager. Each of them has different duties and functions depending on their rank. For the management of savings and current accounts, teller job is to make sure the money received is calculated correctly and sufficiently. This is to ensure that there is a shortage of money received from customers.
Apart from that, the documents received from customers as deposits and withdrawals receipts should be checked properly and carefully.
Meanwhile, the officials job to inspect the documents received prior to confirmed. This is to ensure that no errors occur, particularly when they relate to the customer's personal records. Task branch officials are more focused on the overall supervision. He needs to monitor the entire operation under the supervision of branches so that all transactions run smoothly. For example, in the event of power supply is not stable, he should stop all transactions involving the application system and it is carried out manually.
2.2 Test of controls
Test control to ensure internal controls are followed by all staff and running smoothly. This is to avoid the duties are not in accordance with prescribed procedures. In this way, negligent or inadvertent errors can be avoided.
Test control to ensure internal controls are followed by all staff and running smoothly. This is to avoid the duties are not in accordance with prescribed procedures. In this way, negligent or inadvertent errors can be avoided.
2.3 Substantive tests of detail of transaction
This is done by the auditor to determine whether there is a fault or loss that may occur on the customer account data. This is done on the efficacy and effectiveness of the system based on the system used. This involves hardware, software, support staff and system users. These include the need to train staff to be competent in using the new system applications. During the test run, auditors should also ensure that critical errors are identified.
This is done by the auditor to determine whether there is a fault or loss that may occur on the customer account data. This is done on the efficacy and effectiveness of the system based on the system used. This involves hardware, software, support staff and system users. These include the need to train staff to be competent in using the new system applications. During the test run, auditors should also ensure that critical errors are identified.
2.4 Substantive tests of detail of account balances
This measure is intended to obtain audit evidence conducted by the counter clerk. The evidence collected is used to make the decision to get a stable system and no errors. For example, the auditor may make a survey for the teller about their satisfaction in using the new system. Improvements will be done directly based on a survey obtained.
This measure is intended to obtain audit evidence conducted by the counter clerk. The evidence collected is used to make the decision to get a stable system and no errors. For example, the auditor may make a survey for the teller about their satisfaction in using the new system. Improvements will be done directly based on a survey obtained.
2.5 Analytic review procedures
In this step, the auditor will provide advice if there is a mistake in the management of the current account or savings account. It obtained during tests conducted over time. This procedure is important as the system to be in use in the time frame of 12 months.. Analitic reviews conducted after the balance of the account and the operations were carried out within a certain period successfully.
In this step, the auditor will provide advice if there is a mistake in the management of the current account or savings account. It obtained during tests conducted over time. This procedure is important as the system to be in use in the time frame of 12 months.. Analitic reviews conducted after the balance of the account and the operations were carried out within a certain period successfully.
3.0 Expected Controls
3.1 Programming Management Controls - Testing Phase
3.1 Programming Management Controls - Testing Phase
Based on the phase 1 of cases involving loan system, there is loss of customer records and improper loan balance in the new system. This shows the weakness that has occurred during the test phase of the system is developed which does not do well. This may occur because the test was not done in the program life cycle that requires system tested at each time there is a change of code. Major activities that would normally carried in the "program life cycle" is:
Preparation of test data
Program testing
Documentation of test result
Repairing of bugs identified through testing
Final release of correct code
Program testing
Documentation of test result
Repairing of bugs identified through testing
Final release of correct code
Above five steps to be followed so that errors can be detected and corrected before the system is given to the teller.
3.2 Operation management control – Audit consideration for data conversion
There are some records lost during the migration phase 1 is done. This result clearly occur because auditors do not provide clear procedures made during system development and cause a loss of customer account data in the loan system.
There are some records lost during the migration phase 1 is done. This result clearly occur because auditors do not provide clear procedures made during system development and cause a loss of customer account data in the loan system.
In order to ensure data savings accounts and current accounts of all customers are not lost, auditors should ensure that the projects discussed include the issues, strategies and data conversion. Procedures for data transition should also be documented and followed properly. In addition, backups have to be made to secure customer data security. As we know, savings and current account data involving money is very sensitive. Therefore, the system should also be tested at random to ensure that it runs as expected.
3.3 Management Control – Socio-technical design approach & Staff ability
Weaknesses of a system lies in the system itself or its users. Habit that occurs from users is due to sabotage and negligence-based systems. In the management of savings and current account, it is very important to ensure that no errors occur due to poor handling by the teller system.
Some of the long serving staff difficult to understand the new system. Sometimes they also refuse / are unable to accept a new way of working changes introduced by management. For example, those who are older or pension may not be able to use the new system more efficiently because they lack the skills to understand the new system. To ensure that the system can be used by multiple layers of generations of workers, organizations need to provide ongoing training to employees. In this way the workers themselves will be able to equip themselves with the new system.
In other words, the management needs to give serious attention to training and motivation of employees to ensure that all staff involved with the new system can use it without any hesitation. Indirectly act as sabotage will not occur among workers who can affect the organization's reputation.
3.4 Operation management controls – Network operation
Nowadays, the use of internet banking is very popular used by almost everyone. Among them are used for money transfers, bill payments, credit card payments, loans and so on. All these transactions occur using a savings account and current account users. Thus the stability of the system and an internet connection is necessary to ensure that the system can be used by users without any access interference. Operational management should ensure a few things taken care of to ensure smooth running of the internet online 24 hours a day. Among the controls that must be made is:
Nowadays, the use of internet banking is very popular used by almost everyone. Among them are used for money transfers, bill payments, credit card payments, loans and so on. All these transactions occur using a savings account and current account users. Thus the stability of the system and an internet connection is necessary to ensure that the system can be used by users without any access interference. Operational management should ensure a few things taken care of to ensure smooth running of the internet online 24 hours a day. Among the controls that must be made is:
Control to prevent unauthorized access – Mandating the use of ID and strong password to avoid encroachment
Monitoring network activity – Increase the bandwidth when necessary
Performing backup of files saved in the network – Backup data stored by users on-line.
Monitor levels of corrupted data – Damaged data control so as not to disrupt the smooth lines
Monitor traffic activity – Ensure uncrowded online traffic that can slow down transactions online
Monitoring network activity – Increase the bandwidth when necessary
Performing backup of files saved in the network – Backup data stored by users on-line.
Monitor levels of corrupted data – Damaged data control so as not to disrupt the smooth lines
Monitor traffic activity – Ensure uncrowded online traffic that can slow down transactions online
4.0 Methods of evidence collection
Several methods are identified to prevent data from being lost or go wrong during a transaction performed by the user. No matter whether it is running on-line, or transactions that occur in the automatic teller machine, errors caused by system weaknesses should not happen. To avoid a system failure, the method used for the purpose of gathering evidence to improve the quality system and therefore ensure that the new system does not have any weaknesses. These methods are Code reviews, Test data and Code Comparison.
Several methods are identified to prevent data from being lost or go wrong during a transaction performed by the user. No matter whether it is running on-line, or transactions that occur in the automatic teller machine, errors caused by system weaknesses should not happen. To avoid a system failure, the method used for the purpose of gathering evidence to improve the quality system and therefore ensure that the new system does not have any weaknesses. These methods are Code reviews, Test data and Code Comparison.
4.1 Code Reviews
Auditors examine the source code to ensure that there are no mistakes in the logic of the program and no codes are not required in the system. It is intended to ensure that the system is developed according to the requirements set function. In general, this method can make the system more robust and rugged thus increasing the speed of the system itself.
Auditors examine the source code to ensure that there are no mistakes in the logic of the program and no codes are not required in the system. It is intended to ensure that the system is developed according to the requirements set function. In general, this method can make the system more robust and rugged thus increasing the speed of the system itself.
4.2 Test Data
For this purpose, the auditor uses sample data to see the whole process through the system output. Deficiency in this way is that the auditor uses sample data to test the system. This causes all program logic can not be tested to the full.
For this purpose, the auditor uses sample data to see the whole process through the system output. Deficiency in this way is that the auditor uses sample data to test the system. This causes all program logic can not be tested to the full.
However, auditors are faced with some problems to build test data. Such as: If the test needs to be done is increasing, then the test data that needs to be built to be more numerous and not repeated. This is something that is difficult because in order to provide a lot of data is needed time and a large workforce to include sample data. Apart from that, the auditors also face problems if the resources available are limited. This situation will affect the results of tests carried out by the auditor and cause the system can not be tested
in the right way.
in the right way.
Among the ways to test data using the substantive test. Both the substantive test in the audit procedures carried out as described in the preceding paragraph.
4.3 Code Comparison
There are two types of code Comparison: Program Source Code Comparison and Object Code Comparison. Both methods are intended to identify any confusion. The program source code is done by comparing two program source code. While Object Code Program is conducted by comparing two object code. In the audit procedures there is a way to ensure that no errors when the program is checked and tested code. It is the Procedure to Obtain an Understanding of the audit plan. In this procedure the program
code tested to demonstrate that there is no error.
There are two types of code Comparison: Program Source Code Comparison and Object Code Comparison. Both methods are intended to identify any confusion. The program source code is done by comparing two program source code. While Object Code Program is conducted by comparing two object code. In the audit procedures there is a way to ensure that no errors when the program is checked and tested code. It is the Procedure to Obtain an Understanding of the audit plan. In this procedure the program
code tested to demonstrate that there is no error.
References
http://www.ehow.com/facts_5494359_description-auditing.html
Open University Malaysia (2012). Introduction to IS Audit, Security and Control. Unit 1 ~ 8. Pearson
http://www.ehow.com/how-does_5296119_steps-audit-process.html
http://www.wisegeek.com/what-are-the-different-types-of-audit-procedures.htm
http://www.ehow.com/facts_5494359_description-auditing.html
Open University Malaysia (2012). Introduction to IS Audit, Security and Control. Unit 1 ~ 8. Pearson
http://www.ehow.com/how-does_5296119_steps-audit-process.html
http://www.wisegeek.com/what-are-the-different-types-of-audit-procedures.htm
No comments:
Post a Comment