CISA
Auditing Systems Development, Acquisition and Maintenance
System Charge Procedures and the Program Migration Process
Postimplementation Review
Implementation Phase
Testing
Detailed Design and Development
Software Acquisition Process
Requirements Definition
Feasibility Study
Project Management
AUDITING APPLICATION CONTROLS
Online Auditing Techniques
Continuous and intermittent simuation
Integrated test facility
Audit hooks
Snapshots
Systems Control Audit Review File and Embedded Audit Modues
Continuous Online Auditing
Test Application Systems
Extended records
Embedded audit data collection
Transaction simulation programs
Parallel simulation
Integrated testing facility
Parallel operation
Base-case system evaluation
Test data/deck
Tracing and tagging
Mapping
Snapshot
Data Integrity in Online Transaction Processing Systems
Durability
Isolation
consistency
Automicity
Data Integrity Testing
Observing and testing user performing procedures
Subtópico
Review and testing of access authorizations and capabilities
Distribution of reports
Error control and correction
Balancing
Authorization of input
Separation of duties
Risk assessment model to analyza application controls
Flow of transactions through the system
Application Controls
BUSINESS PROCESS CONTROL ASSURANCE
Data restrictions
Activities and tasks
Roles and responsibilities
Benchmarking with best practices
Assessing business risks within the process
Process controls
Process maps
OUTPUT CONTROLS
Verification of recept of reports
Output report retention
Output error handling
Balancing and reconciling
Report distribution
Computer generation of regotiable instruments, forms and signatures
Logging and storage of negotiable, sensitive and critical forms in a secure place
PROCESSIING PROCEDURES AND CONTROLS
Data File Control Procedure
Categories
Transaction files
Master data/balance datta
Standing data
System control parameters
Types of controls
Parity checking
File updating and maintenance authorization
Transaction logs
Prerecorded input
One-for-one checking
Data file security
Version usage
Internal and external labeling
Source documentation retention
Maintenance error reporting and handling
Before and after image reporting
Processing Controls
Exception reports
Reconciliation of fle totals
Limit checks on amounts
Reasonableness verification of calculated amounts
Programmed controls
Run-to-run-totals
Editing
Manual recalculations
Data Validation and Editing Procedures
Logical relationship check
Duplicate check
Completeness check
Check digit
Key verification
Existence check
Table lookups
Reasonableness check
Range check
Limit check
Sequence check
INPUT/ORIGINATION CONTROLS
Batch Integrity in Online Database Systems
Error Reporting and Handling
Accepting the batch and flagging error transactions
Holding the batch in suspense
Rejecting the whole batch of transactions
Rejecting only transactions with errors
Batch Controls and Balancing
Batch Balancing
Computer agreement
Contro accounts
Batch registers
Batch Controls
Hash totals
Total documents
Total items
Total monetary amount
Input Authorization
Source documents
Terminal or client workstation identification
Unique password
Online access controls
Signatures on batch forms or soure documents
