Scribd
Upload
30 views3 pages

Internal Controls in A Computerized Environment

AAT Level 4 INAC Internal Controls in a Computerized Environment

Uploaded by

Umar Khan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
30 views3 pages

Internal Controls in A Computerized Environment

AAT Level 4 INAC Internal Controls in a Computerized Environment

Uploaded by

Umar Khan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

Chapter 4: Internal Controls in a Computerised Environment

1. Overview of Computerised Internal Controls

 Security: Establishing safeguards to protect data, software, and


hardware from accidental or malicious damage.
 General Controls: These are overarching controls that apply to all
computer systems within an organization, ensuring a secure and
efficient computing environment.
 Contingency Planning: Strategies for maintaining operations in the
event of a system failure or other disaster.
 Data Integrity: Ensuring data is accurate, complete, and reliable
throughout its lifecycle.

2. Security Concerns

Three Key Security Concerns:

o Availability: Ensuring that computer services are available when


needed.
o Integrity: Protecting data from unauthorized modification.
o Confidentiality: Safeguarding sensitive information from
unauthorized access.

Threats to Security:

o Physical Threats: Such as fire, flood, or theft, which can impair


the operation of computer systems.
o Human Threats: Including both internal and external actors who
might attempt to breach the system.
o Data Threats: Risk of data loss or damage.

3. General Controls

 Training Programs: To ensure users are competent and errors are


minimized.
 Authorization Procedures: For program amendments and testing to
prevent unauthorized changes.
 Physical Security: Protecting hardware and software from damage or
theft.
 Backup Procedures: Maintaining copies of files off-site to recover data
in case of loss.
 Access Controls: Use of firewalls, antivirus software, and other
measures to prevent unauthorized access.
 Segregation of Duties: Ensuring that no single individual has control
over all aspects of a transaction to prevent tampering.
 Recruitment Policies: Ensuring that staff recruited have the necessary
integrity and skills to perform their roles effectively.
4. Physical Security Controls

 Fire Systems: Installing fire alarms and smoke detectors to protect


physical assets.
 Hardware Location: Positioning equipment away from risks like
flooding or unauthorized access.
 Building Maintenance: Regular checks to reduce risks such as water
damage.
 Access Control: Using security guards, CCTV, and badge readers to
control who can access critical areas.

5. Data Security

 Physical Security: Ensuring data storage facilities are secure from


physical threats.
 Software Security: Maintaining logs of access attempts and
performing regular audits.
 Operational Security: Preventing unauthorized data transfers, such as
employees taking work home, and conducting regular data protection
audits.

6. Data Integrity

Definition: Ensuring data remains accurate, complete, and consistent


over its lifecycle.

Potential Errors:

o Data Capture Errors: Occurring before data entry.


o Transcription Errors: Arising during data entry.
o Data Communication Faults: Errors occurring during data
transmission.
o Data Processing Errors: Resulting from programming issues or
system design flaws.

System Activities:

o Input Activities: Collection, preparation, and authorization of


data.
o File-Processing Activities: Data manipulation, sorting, and
updating master files.
o Output Activities: Ensuring processed data matches inputs,
and distributing information appropriately.

7. Application Controls

 Passwords: Protecting system access by requiring unique


identification.
 Authorization Levels: Ensuring only authorized users can perform
certain actions.
 Training and Supervision: To prevent mistakes and ensure proper
use of the system.
 Audit Trails: Maintaining records of all actions performed within the
system to track changes and detect errors.

8. Systems Integrity

 Definition: Ensuring the system performs as intended and maintains


the integrity of the data it processes.
 Controls in Online and Real-Time Systems: Use of passwords,
transaction logs, and supervisory controls to ensure secure operations.
 Network Environment Controls: Additional security measures like
firewalls, anti-virus software, encryption, and physical access controls
to protect against network-specific threats.

You might also like