Information Technology Reference
In-Depth Information
ures. The IS auditor should review what security controls are used on the websites such as
transport layer security (TLS) or secure sockets layer (SSL).
The IS auditors can conduct a walk-through on online systems to test effectiveness of the
controls and also to confirm if the design of the controls is appropriate. The IS auditor
should check online forms to confirm if they conform to documented online data capture
procedures.
h) What controls does the enterprise have for data transfer between systems?
Output from one system can be directly used as input into another system. Such systems
are very efficient as there is no need to re-enter data. Because of the automated input sys-
tem, it is important that data validation processes are able to check for errors accurately
and reports generated to alert users. It is also important to note that once errors are captured
into an integrated system, all other modules will pick the same errors. Transaction logs are
useful tools which can be used to check for input errors. IS auditors can also be used to test
effectiveness of such controls.
ERP systems are one such example as they do have several modules. Data captured in one
module can be used immediately as input in another module. A request to purchase a mo-
tor vehicle from procurement department will enter into the system as input into the pro-
curement module. After processing, the output from the procurement module will go to the
finance module as input without any further manual intervention.
Processing Controls
Processing controls are used to ensure that data is processed according to established rules
and that the results produced meet expectations. Processing controls are built inside the
application system and all data used by the application is processed based on established
rules. Examples of processing controls include run totals, verification of amounts, com-
parisons, checking account status, logical operations, and use of key field controls.
a) How does the system ensure that internal processing produces the expected in-
formation?
Application systems process data which is stored on databases and produce information in
form of various types of reports. Internal processing converts data into information using
defined instructions or codes, such as adding numbers, subtracting dates, importing, and
adding totals from another file. These instructions are preconfigured in the application sys-
tem. Correct configuration of application systems is important in order to ensure that they
produce accurate information. If a script used by an application system is not correctly pro-
Search WWH ::
Custom Search