| | |
| 1.1 | System and Programming Controls |
|
|
|
| C | | Explain the reasons and requirements for, and review a method of enforcing, controls on each of the following areas: |
|
|
|
| | - Review and approval procedures for new systems |
|
| | - program testing procedures |
|
| | - program change procedures |
|
| | - documentation |
|
| | - data conversion operations |
|
| | - data entry |
|
|
|
| 1.2 | Threats and Exposures/Safeguards |
|
|
|
| C | | Detail those areas which are considered risks or threats to an organisation and identify safeguards which an auditor would normally expect to find to help minimise such exposure. |
|
|
|
| > | Such exposures would include errors and omissions, disasters and disruptions, loss of integrity, disclosure, defalcation, and theft of resources. |
|
| |
|
| > | Safeguards would include physical security, audit trails, backup, recovery procedures, error detection/correction, authentication, encryption, operational procedures, preventative maintenance, format checking, insurance, legal contracts, fault isolation diagnostics, training/education, documentation, testing and reporting, and statistics. |
|
| |
|
| | 1.3 | Designing Controls |
|
| |
|
| P | | Identify areas where controls are required and apply this knowledge in a simple case study system design exercise. Specific emphasis should be on application controls and how they are complemented by administrative and general (environmental) controls. |
|
| |
|
| > | Such controls should take account of both internal and external control requirements. Students should be made familiar with any statutory regulations which may apply in this area. |
|
|
|
| C | 1.4 | Describe the entities involved in an audit trail and the purposes of journals. (This should involve a discussion of the importance of fully documenting changes to systems).
|
