Академический Документы
Профессиональный Документы
Культура Документы
COMPUTERIZED
INFORMATION
SYSTEM (CIS)
ENVIRONMENT
AMANDO BOBBY F. ISIP
Auditing in CIS is otherwise known in the corporate world
as I.T. Audit.
The I.T. Auditor is not participating in systems design, but rather provides
inputs in the form of advise to further improve its implementation, and
such recommendation is more on control.
AMANDO BOBBY F. ISIP
REVIEW
√ PERFORM TESTS OF PERFORM √
ORGANIZATION’S
START CONTROLS √ SUBSTANTIVE TESTS
POLICIES, PRACTICES
& STRUCTURE
• An auditor may check if the system has the capability to detect strong
or weak password upon creation of the user ID.
• If the system is not automatically signing off when left opened, the
risk involved to user is substantial because this may lead to fraudulent
use that may result to losses.
• The user cannot interact with other offices or branches using the
same system.
• All banks today (except for small rural banks) are using online
application systems, and that include Current Accounts & Savings
Account System (CASA), Anti-Money Laundering System, Check
Image Clearing System (CICS) etc.
• List of customers is one data base that most companies are using.
Once you encode the name of the customer in the system, all
information pertaining to him shall be given.
The system should generate reports that can be beneficial to the users.
Below are the examples:
a. Activity Log – shows all the activities that happened in the
system starting from the opening and closing. This also covers all
transactions during the day.
AMANDO BOBBY F. ISIP
INTERNAL CONTROL CONSIDERATIONS IN IMPLEMENTING A
COMPUTERIZED SYSTEM
Decrypted file – the conversion of encrypted data into its original form
is called decryption. It is generally a reverse process of encryption.
ORIGINAL ENCRYPTED
AMANDO BOBBY F. ISIP
LEGAL ISSUES IN I.T. AUDIT
√ 1. Data Privacy Act – all data that has been examined are not
supposed to be disseminated to any person, and should remain
private.
√ 2. Bank Secrecy Law – covers all information that includes deposit and
loan balances, mobile phones, address, names of relatives etc.
√ 3. Confidentiality of business information – trade secrets, formula etc.
√ 4. Intellectual Property Act – formula or information behind any
invention, copyrights etc.
AMANDO BOBBY F. ISIP
COMPUTER ASSISTED AUDIT TECHINIQUE SYSTEM (CAATS)