Scribd Logo
Upload

Welcome to Scribd!

  • Information Systems Audit Program: Aprina Nugrahesthy Sulistya Hapsari Aprina@uksw - Edu

    Uploaded by

    maulana afiansyah
    10 views8 pages

    Original Title

    Program Audit

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    10 views8 pages

    Information Systems Audit Program: Aprina Nugrahesthy Sulistya Hapsari Aprina@uksw - Edu

    Uploaded by

    maulana afiansyah

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 8

    INFORMATION

    SYSTEMS AUDIT
    PROGRAM

    Aprina Nugrahesthy Sulistya Hapsari


    aprina@uksw.edu
    Audit Program
    Audit programs are:
    • Essentially checklists of the various tests
    that auditors must perform within the scope
    of their audits
    • To determine whether key controls intended
    to mitigate significant risks are functioning
    as designed,
    • Based on the test results of the test
    performed:
    → determine the adequacy of the controls
    over a particular process
    Audit Programs are necessary to perform an effective and
    efficient audit
    BENEFITS OF AUDIT
    PROGRAM
    • Assist audit management in resource
    planning
    • Promote consistency in tests performed on
    audits of the same process from one cycle
    to the next
    → the previous audit programs can be
    employed during the current audit
    • Promote consistency in tests performed on
    controls that are common to all process
    → standard audit program
    INFORMATION SYSTEMS AUDIT
    PROGRAM
    → Designed to address the
    primary risks of virtually all
    computing systems
    IS controls in the audit program:
    ➢ Environmental Controls
    ➢ Physical Security Controls
    ➢ Logical Security Controls
    ➢ IS Operating Controls
    Environmental Controls
    → are more general than physical and logical
    security controls
    • Dictate the extent to which physical and logical
    security controls are deployed
    • Include:
    – IS security policies, standards, and guidelines;
    – the reporting structure within the IS processing
    environment (including computer operations and
    programming);
    – the financial condition of service organizations and
    vendors, vendor software license, maintenance, and
    support agreements and warranties;
    – the status of computing systems policies and procedures
    placed in operation at service organizations (if
    applicable)
    Physical Security Controls
    • Pertain to the protection over:
    – Computer Hardware;
    – Components;
    – Facilities within which they reside

    (…Although somewhat of an environmental


    control, insurance coverage over computing
    system hardware and the costs to re-create or
    replace lost or damaged software programs and
    data…)
    Logical Security Controls
    → are those that have been deployed
    within the operating system and
    applications to help prevent unauthorized
    access and accidental or intentional
    destruction of programs and data
    • Include:
    – System access capabilities of users:
    – System access profiles and parameters;
    – Logging mechanisms
    IS Operating Controls
    → designed to help ensure that the
    information system is operating efficiently
    and effectively
    • Include:
    – The timely and accurate completion of
    production jobs;
    – Distribution of output media;
    – Performance of backup and recovery
    procedures;
    – Performance of maintenance procedures;
    – Documentation and resolution of system
    problems;
    – Monitoring of CPU and data storage capacity
    utilization

    You might also like