Page 96 - CA Inter Audit PARAM
P. 96
CA Ravi Taori
(i) Data centre and network operations
(ii) Program change
(iii) Access security
(iv) Application system acquisition, development, and maintenance (Business Applications)
These are IT controls generally implemented to mitigate the IT specific risks and applied commonly
across multiple IT systems, applications, and business processes. Hence, General IT controls are known
as “pervasive” controls or “indirect” controls. Let us now learn about each of the General IT controls
in more detail.
Data Centre and Network Operations
Objective: To ensure that production systems are processed to meet financial reporting objectives.
Activities:
1. Overall Management of Computer Operations Activities
2. Batch jobs – preparing, scheduling and executing
3. Backups – monitoring, storage & retention
4. Performance Monitoring – operating system, database and networks
5. Recovery from Failures – BCP, DRP
6. Help Desk Functions – recording, monitoring & tracking
7. Service Level Agreements – monitoring & compliance
8. Documentation – operations manuals, service reports
QNO— Relationship between “General IT controls” and “application controls New Course – (SM25)
AAE.29.50 Bhaskar CNO - AAE.160
Discuss relationship between “General IT controls” and “application controls” in an automated
environment.
Answer • General IT controls are policies and procedures that relate to many applications and support the
effective functioning of application controls. They apply to mainframe, mini frame, and end-user
environments.
• Application controls include both automated or manual controls that operate at a business process
level. Automated Application controls are embedded into IT applications viz., ERPs and help in
ensuring the completeness, accuracy and integrity of data in those systems.
• These two categories of control over IT systems are interrelated.
• The relationship between the application controls and the General IT Controls is such that General
IT Controls are needed to support the functioning of application controls, and both are needed to
ensure complete and accurate information processing through IT systems.
QNO-- Case Study Identify Type of Control New Course – (M24M)
AAE.29.70 Bhaskar CNO – AAE.160
Given below is a table containing Column A and Column B. Column A contains description of certain controls
in an automated environment. Complete Column B by stating appropriate type of control.
Column A (Description of control in an Column B (Type of
automated environment) control)
Reasonableness checks ?
Controls over Data centre and network ?
operations
Controls over application system acquisition, ?
development and maintenance
Program change controls ?
Answer
Column A (Description of control in an Column B (Type of control)
automated environment)
www.auditguru.in 3.51
