Professional Documents
Culture Documents
IT Environment – Online Computer System establish suitable general controls to mitigate the risks
of viruses, unauthorized access and the potential
On-line computer systems are computer destruction of audit trails. Hence access controls are
particularly important to on-line processing.
systems that enable users to access data and
programs directly through terminal devices. Such These controls may include the use of passwords and
systems may comprise mainframe computers, specialized access control software, such as on-line
minicomputers or a network of connected PCs. When monitors, that maintains control over the menus,
the entity uses an on-line computer system, the authorization tables, passwords, files and programs
technology is likely to be complex and linked with the that users are permitted to access. They may also
entity's strategic business plans. The audit team may include physical controls such as the use of key locks
require special IT skills to make enquiries and to on terminal devices, locked computer rooms and
understand the implications of the responses obtained. inactivity timeouts. Other important aspects of control
The auditors may need to consider using the work of in an on-line computer system include:
an expert.
controls over passwords: procedures for the
On-line computer systems use many different types of assignment and maintenance of passwords to
terminal devices. The functions they perform vary restrict access to authorized users;
widely, and depend on their logic, transmission, system development and maintenance
storage and basic processing capabilities. controls: additional procedures to ensure that
controls essential to on-line applications, such
Types of terminal devices as passwords, access controls, on-line data
validation and recovery procedures, are
a) general purpose terminals included in the system during its development
basic keyboard and screen and maintenance; the controls are also
intelligent terminal designed to ensure that changes to systems
PCs operate as expected and are made in the
b) special purpose terminals correct manner;
point-of-sale devices programming controls;
automated teller machine transaction logs; and
hand-held wireless devices for entering firewalls.
data from remote locations
voice response systems Certain application controls are particularly important
to on-line processing. These include the following:
Page 1 of 4
Practice Note (PN) 1002
GUAGUA NATIONAL COLLEGES
AUDITING IN A CIS ENVIRONMENT
Page 2 of 4
Practice Note (PN) 1002
GUAGUA NATIONAL COLLEGES
AUDITING IN A CIS ENVIRONMENT
Page 3 of 4
Practice Note (PN) 1002
GUAGUA NATIONAL COLLEGES
AUDITING IN A CIS ENVIRONMENT
Page 4 of 4
Practice Note (PN) 1002