Auditing in an EDP Environment
General
EDP Controls
General EDP (Electronic Data
Processing) controls are policies and procedures that apply to all computerized
systems in an organization. They ensure the overall operation and integrity of
the information systems.
- Data Center Operations: Procedures to manage and operate data centers
effectively, including equipment maintenance, backups, and disaster
recovery plans.
- Access Controls:
Measures to prevent unauthorized access to systems, data, and programs.
This includes user authentication, passwords, and access logs.
- System Development Controls: Processes to manage the development, implementation,
and maintenance of new systems. This includes project management, system
testing, and user training.
- Change Management:
Procedures to control changes to software and hardware to ensure they do
not negatively impact the system's stability or security.
EDP
Controls
EDP controls are specific controls
that ensure the accuracy, completeness, and reliability of data processed by an
organization’s electronic data processing systems.
- Input Controls:
Ensure that data entered into the system is accurate and complete. This
can include validation checks, authorization, and error reporting
mechanisms.
- Processing Controls:
Ensure that data is processed correctly by the system. This can involve
checks on the processing logic, reconciliation procedures, and error
detection.
- Output Controls:
Ensure that the output from the system is accurate and delivered to the
right person or system. This includes report distribution controls and
output validation.
- File Controls:
Ensure that data files are accurate and complete. This involves data file
backups, file integrity checks, and file access controls.
Application
Controls
Application controls are specific to
individual applications and ensure the accuracy, completeness, and security of
data processed by these applications.
- Input Controls:
Specific to applications, these controls ensure that the data entered into
an application is accurate and complete. Examples include:
·
Data
Validation: Checking for correct data types,
ranges, and formats.
·
Authorization: Ensuring that only authorized users can enter or modify
data.
·
Error
Reporting: Providing feedback when incorrect
data is entered.
- Processing Controls:
Ensure that applications process data correctly. Examples include:
·
Calculation
Checks: Verifying that calculations
performed by the application are accurate.
·
Reconciliation: Comparing processed data with original data to ensure
accuracy.
·
Error
Handling: Procedures to manage and correct
errors during processing.
- Output Controls:
Ensure that the data output by an application is accurate and complete.
Examples include:
·
Review and
Approval: Ensuring that reports and other
outputs are reviewed and approved by appropriate personnel.
·
Distribution
Controls: Ensuring that outputs are
distributed to the right recipients.
·
Output
Validation: Verifying that the output matches
the expected results.
Summary
In an EDP environment, auditing
involves verifying that both general and application-specific controls are in
place and working effectively. General EDP controls ensure the overall security
and reliability of all systems, while EDP and application controls focus on the
accuracy and integrity of the data processed by these systems. Together, they
help protect against errors, fraud, and data breaches, ensuring that an
organization’s electronic data processing systems operate smoothly and
securely.
No comments:
Post a Comment