Professional Documents
Culture Documents
In a Nutshell
1. General controls is for segregating duties in a computer information system
environment – providing reasonable assurance that development of, and changes to
computer programs are authorized, tested and approved prior uses.
2. Application controls is for preventing all other, unwanted applications from running –
they may be malicious, untrusted, or simply undesirable.
3. Input controls try to ensure the validity, accuracy and completeness of the data
entered into the system.
4. Output controls govern the accuracy and reasonableness of the output of data
processing and prevent authorized use of output.
5. Control is essential in an AIS to avoid, identify and/or correct certain conditions
which can affect a business firm's performance.
6. There are two types of controls-general controls and controls of operation.
7. General controls include organizational / personnel controls, information security /
software controls, hardware controls, device and data system access controls or
controls, or access to equipment and data files, and other administrative and
procedural controls like safety and disaster controls.
8. Application controls include input controls, configuration controls, and output
controls.
9. Process control seeks to ensure that process variability is regulated within defined
parameters, and extracted from the existing understanding of the product and method,
to ensure product quality.
10. Computer fraud has to be written-manipulation of inputs and software changes