Flashcards in Chapter 1 - The process of auditing information systems Deck (4)
What is an intelligent agent?
Intelligent agents, often referred to as bots, can be as familar as thermostats. They gather information at least somewhat autonomously and automate the process of evaluation, making real-time continuous monnitoring possible. They can issue alerts when certain conditions are met. e.g. send out notifications when a website has been updated.
what are the different control calssifications?
e.g. Employ only qualified personnel,
Establish suitable procedures for authorisation of transactions;
Complete programmed edit checks
Use access control software that only allowed authorised personnel to access sensitive information
Use encryption software
2. Detective, e.g.:
Check points in production jobs
Echo controls in telecommunication
Error message over tape labels
Duplicate checking of calculations
Periodic performance reporting with variances
Past-due account reports
Internal audit function
Review of activity logs
Secure code reviews
Software quality assurance
3. Corrective; e.g.
Contingency/Continuity of operations planning
Disaster recovery planning
Incident response planning
System break/fix service level agreements
what are the advantages of CSA?
CSA is normally used in high risk areas.
1. Early dection of risk
2. More effective and improved internal controls
3. Creation of cohesive teams through employee involvement
4. Developing a sense of ownership and reduce resistance to control improvement
5. Increased employee awareness
6. Increased communication between operational and top management
7. highly motivated employees
8. Improved audit rating process
9. Reduction in control cost
10. Assurance provided to stakeholders and customer