Professional Documents
Culture Documents
Internal Controls
Input Financial
IT System
(Transaction) Statements
Overview of IT System
IT System = + +
Saary parts bandh k rakh diye Softwares waghera par password laga diye takey har
warna koi le ka bhaag jae ga koi access na karey
Tagging kardi takey agar koi Saari files encrypt kar din and backups bana liye
ghayab ho to foran pata chal jae
Overview of IT System
Many desktop computers are used System that allows users direct access
Definition
(located throughout the organization) Definition to centralized data and programs
instead of a large centralized through terminals linked in a network
computer based information system.
Benefits
Benefits - Immediate Entry
- Operated by users without much training - Immediate update of files
- More efficient - Immediate response
Risks Controls
- Physical security
- Logical security General Controls Application Controls
- Compatibility issues
- Weak backup and virus protection - Firewall - Input authorization
- No Documentation for off-the-shelf software - System logs - Input validation
- Lack of segregation of duties - Programming controls - Balancing controls
- Logical access controls
Controls
Many desktop computers are used System that allows users direct access
Definition
(located throughout the organization) Definition to centralized data and programs
instead of a large centralized through terminals linked in a network
computer based information system.
Benefits
Benefits - Immediate Entry
- Operated by users without much training - Immediate update of files
- More efficient - Immediate response
Risks Controls
- Physical security
- Logical security General Controls Application Controls
- Compatibility issues
- Weak backup and virus protection - Firewall - Input authorization
- No Documentation for off-the-shelf software - System logs - Input validation
- Lack of segregation of duties - Programming controls - Balancing controls
- Logical access controls
Overview of IT System
Physical Logical
Authorized banda he data enter kar sakey Bandon ki System ki
Controls Controls
- Security guard - Passwords
↓
passwords k zariye Human element ko eliminate nahi
- Card swipe system - Thumb impression
kar sakty
↓
Control to Prevent Unauthorized Shabbar sahib ne kaha sab computer
Program Changes kareyga audit aap bas data enter karo gai
khud hi sample size mile ga khud assess
Banda system mein enter hua us ne hours kar k dega khali deviation rate batao
wagera change nahi kiye na he wage rate ↓
taa k hours sahi dikhein Bataega tou banda hi na
bas system mein aisey kareyga k 1.5 total Training is liye k sahi se entries park
se multiply hojae karey
Example
Segregation
Firewall
of Duties
Types of Control
Range Test / Salary record hotey he galat popup msg Third party se agreement hamara computer jab bhi
→ kharab hoga ap akar sahi kardeingy foran
Limit Test aye nahi babu
Example
Example
Segregation of Physical access
Duties control Training Job scheduling
Example Example
Authorization Validation
On screen prompt Exception report
Login Limit test
Bar codes Range test
requirements Existence
Sequence
Check point and
test test Manual review recovery procedures
Digital signatures Batch total Check digit
for approval
Check input/output
Acknowledgement
Log of distribution
of recipient
Record count &
Management compare with
Check visually for E-report should be review previous record
reasonableness pswd protected
Application Controls
Controls implemented on a specific application/process
Matlab agar pooray system k liye hai to General Control kehlaye ga
And agar sirf ek process par lagaya hai to Application Control kehlaye ga
agar koi msg kisi or takh puhanchana hai tou likh k bheja Jesey goods order karney hai tou apney inventory
peon ko bola jao is ko dekar aao . ya kuch karwana hai system ko supplier k system se link karo k inventory
tou likh k diya for documentation level kum ho tou order place hojae
Abh Emails or other means of communication
Electronic Data Interchange (EDI) System
Security risk
Control over
Hum boley to Controls Transmission of Data
Controls over transmission of data
What
?
To Do Electronic audit trial
Data Encryption
Data ko is form mein convert kar k bhejna k kisi ko samajh na aye
Firewalls
Programmed controls that ensure data
Hacker se bachney k liye is transmitted in the correct format
Format change na ho for example tum send karo us k pass
Authentication codes kisi bug ki wajah se sahi nahi khuley
Easy paisa k zariye paise transfer karo kisi ko tou code share
kiya jata hai YA Jesey pswd change karo tou code ata hai
Restricting access to source data
Acknowledgement Codes Jo apney ne data banaya hai us pe bhi unrestricted access
Receiving end pe banda confirm karey nahi hona chaiye
Overview of IT System
Definition Programs used by auditor to extract and interrogate financial information from client’s IT system
Types
Problems
High cost on initial setup Interrogative Program Interactive Software
Compatibility issues Practically ye ziada use hota hai
(hamari windows 10 uski 7 files transfer ka masla)
Client files at risk if checked lively Package Purpose
(aap ne usb lagai uska system corrupt hogaya abh (Market se Written Used in online
galiyan dega) khareeda hua) (Apney hisaab system
se banwaya)
Identify large or
To recalculate
unusual items
Examples
Stratification and
Analytical procedures
sample selection
Stratification and sample selection
Preparation of aging report (Bad debts k liye) Calculate inventory turnover ratio