Page 95 - CA Inter Audit PARAM
P. 95
CA Ravi Taori
Here, we should remember that as the complexity, automation and dependence of business
operations on IT systems increases, the severity and impact of IT risks too increases accordingly.
The auditor should apply professional judgement in determining and assessing such risks and plan
the audit response appropriately.
To mitigate the above (and more) risks and maintain the confidentiality, integrity, availability and
security of data, companies implement IT controls.
QNO— General IT Controls (Access Security} Old Course – (N22E)
AAE.25.50 Bhaskar CNO - AAE.140
In an automated environment, General IT controls are policies and procedures that relate to many
applications and support the effective functioning of application controls. One such area is access
security. What is the objective of access security and what are the activities included in it?
Answer Access Security in Automated Environment:
Objective of access security: The objective of Access Security is to ensure that access to programs and data
is authenticated and authorized to meet financial reporting objectives.
Activities:
(i) Security Organization & Management
(ii) Security Policies & Procedures
(iii) Application Security
(iv) Data Security
(v) Operating System Security
(vi) Network Security – internal network, perimeter network
(vii) Physical Security – access controls, environment controls
(viii) System Administration & Privileged Accounts – Sysadmins, DBAs, Super users
QNO General IT Controls (Program Change) Old Course -- (SM20/SM21/N22M)
AAE.28 Bhaskar CNO- AAE.140
Explain the objective and enlist the activities involved in the General IT Controls over “Program Change”.
➢ Objective
• To ensure that modified systems continue to meet financial reporting objectives.
➢ Activities (Similar to Application System ADM)
• Change Management Process – definition, roles & responsibilities.
• Change Requests – record, manage, track.
• Making Changes – analyse, design, develop
• Test Changes – test plan, test cases, UAT Apply Changes in Production Emergency & Minor
Changes
• Documentation – user/technical manuals
• User Training
General IT Controls & Activities Performed by Data Old Course -- (M21R)
QNO Centre & Network Operations
AAE.29
Bhaskar CNO- AAE.120/ CNO- AAE.140
"Objective of Data Centre and Network Operations is to ensure that production systems are processed to
meet financial reporting objectives. Discuss the activities performed by Data Centre and Network
operations. Also explain the meaning of General IT Controls in detail."
Answer General IT Controls
“General IT controls are policies and procedures that relate to many applications and support the
effective functioning of application controls. They apply to mainframe, mini frame, and end-user
environments.
Components of General IT Controls
General IT-controls that maintain the integrity of information and security of data commonly include
controls over the following:”
www.auditguru.in 3.50
