Today, every organisation is using computer, server and ERP for accounting, management and administration. So, it has become very necessary to control the information system. So, in CA final, a subject "Information System Control and Audit" has added. One the topic of this subject is information systems control techniques.
By learning these techniques, you will able to control of information system of big corporates because techniques are in your hand. These techniques work as weapon for controlling your information system. So, let us to understand these techniques.
By learning these techniques, you will able to control of information system of big corporates because techniques are in your hand. These techniques work as weapon for controlling your information system. So, let us to understand these techniques.
1. Organisational Controls Techniques
When a company installs big hardware and software and also appoints the human resources, first of all, company creates the co-ordination between these installed information system and human resources. Now, company takes the step for organisational control. This organisational control is done by fixing the responsibilities of manager and senior managers and each employee in the team who handles information systems. Every employee has fixed agenda what he has to control. Who will see the physical security? Who will see the online security? Who will check the data security? For appointing new employee for information systems, there will be a fixed job description. It will be helpful for fast appointment in case if any employee leaves the job. Because information systems control will be the first priority of company.
2. Management Controls Techniques
For controlling information systems, company can use management controls techniques. One of the important techniques is to appoint expert committee of IS. In this committee, there will be the team of expert of all sector not just of accounting and finance sector. All will cheque the organisational IT system through their specialized skills and experiences and report if there is any error or fraud in it.
3. Financial Controls Techniques
One of weakness area of information systems is the group who are responsible for recording financial transactions through information systems. If any evil and bad plan will come in the mind of any employee of this group, there is big chance of loss of asset of company. So, for stopping this undesired risk, company has to following financial control techniques in IT system. Following techniques can be used for financial controls.
(A) authorization : To access the login of system or asset or entry, an employee should be authorized. He should identify and verify that he is authorized. With this, unauthorized access will be stopped. It is so easy. You have taken the ticket of metro. You will get the plastic coin and you will scan it and then access for getting metro train. Like this, you must also make your own authorization verification.
(B) budget : Budget must be made for any supply of money for different expenses and projects. Budget will fix the time and limit of money. It will also show the difference between standard time and money with actual spent money and time. On this basis, accountability can be fixed.
(C) cancellation of documents : There is the chance that document or invoice may be reused. For stopping it, a special sign on it for cancellation of these documents.
(D) Dual control : Dual control means to verify one asset or one entry by two employee. With this, there is less chance of mistakes.
(E) input and output verification : Before accepting input and output record, it must be verified again.
(F) safekeeping : Every safe which have the passwords of server and IT system login must be locked.
(G) segregation of duties : After a time limit, every employee should change. He should give other duties in same IT system department. With this, there will be less chance of financial fraud.
4. Data Processing Environment Controls Techniques
Company should appoint some experts for data processing environment control. Recent, my electric wire was showing sparking. I had taken prompt action, with this, I save my inverter and all the electric equipment which was near it. So, today data processing environment is made of electronics and electrical. So, it need a special supervisor who checks it time to time.
5. Physical Access Controls Techniques
Physical access means, an outsider reaching to your database. Recent days, you are listening the news of bank and internet frauds. All happened due to unauthorized access to your database. For its control, you should make the layer. Database is in the 10th step and 9th step should be with full of security. An outsider may reach first or second step but it will be impossible to reach 10th step.
6. Logical Access Controls Techniques
Logical unauthorized access will be done with evil hacking and virus. So, stop it at any cost through evil hacking and antivirus.
7. SDLA Controls Techniques
SDLA means system development life cycle. Its control is also necessary. It can be done through standardization of system development life cycle.
8. BCP Controls Techniques
BCP means business continuity process. Its control will be possible with good number of backup, good plan of recovery in case of destruction the system
9. Application Controls Techniques
If you want to accuracy in information system, you should also follow the application control. In its techniques, you should check whether your IT system will apply all the computer based systems. In every computer based system, you have to stop unauthorized access for editing and deleting the recorded database. SAP and Quick-book are the two popular application system which should be controlled by auditor.
Comments