Professional Documents
Culture Documents
Control Activities
Control activities are policies, procedures, and rules that provide -
: reasonable assurance that
control objectives are met, and **
.risk responses are carried out **
:Management must make sure that
Controls are selected and developed to help reduce risks to an -1
. acceptable level
Appropriate general controls are selected and developed over -2
. technology
Control activities are implemented and followed as specified in -3
. company policies and procedures
The information security officer and operations staff are -
.responsible for ensuring that control procedures are followed
Controls are much more effective when placed in the system -
.at it is built, rather than as afterthought
As a result, managers need to involve system analysts, -
designers, and end users when designing computer-based
. control system
:Control procedures fall into the following categories -
.Proper authorization of transactions and activities -1
.Segregation of duties -2
.Project development and acquisition controls -3
.Change management controls -4
.Design and use of documents and records -5
.Safeguarding assets, records, and data -6
.Independent checks on performance -7
Proper authorization of transactions and activities
Because management lacks the time and resources to supervise -
each company activity and decision, it establishes policies for
. employees to follow and then empowers them
,Management approval **
,User involvement **
,Systems analysis **
,Systems design **
,Systems testing **
Systems implementation, and **
.Systems conversion **
:Important systems development controls include the following -
:It is important to
A- Create and enforce appropriate policies and procedures. All too often,
.policies and procedures are created but not enforced
B- Maintain accurate records for all assets. Periodically reconcile the recorded
.amounts of company assets to physical counts of those assets