 |
Prescription:SC200 Systems Controls |
| Aim of Module | To enable students to be able to design appropriate controls in a simple computer system.
|
| Credits | 7
|
| Suggested Time | 70 student learning hours
|
| Prescription Expiry Date | Nov 2002
|
The Student Will
| | | | 1.1 | System and Programming Controls | |
| |
C | | Explain the reasons and requirements for, and review a method of enforcing, controls on each of the following areas: | |
| |
| | - Review and approval procedures for new systems | |
| | - program testing procedures | |
| | - program change procedures | |
| | - documentation | |
| | - data conversion operations | |
| | - data entry | |
| |
| 1.2 | Threats and Exposures/Safeguards | |
| |
C | | Detail those areas which are considered risks or threats to an organisation and identify safeguards which an auditor would normally expect to find to help minimise such exposure. | |
| |
> | Such exposures would include errors and omissions, disasters and disruptions, loss of integrity, disclosure, defalcation, and theft of resources. | |
| |
> | Safeguards would include physical security, audit trails, backup, recovery procedures, error detection/correction, authentication, encryption, operational procedures, preventative maintenance, format checking, insurance, legal contracts, fault isolation diagnostics, training/education, documentation, testing and reporting, and statistics. | |
| |
| 1.3 | Designing Controls | |
| |
P | | Identify areas where controls are required and apply this knowledge in a simple case study system design exercise. Specific emphasis should be on application controls and how they are complemented by administrative and general (environmental) controls. | |
| |
> | Such controls should take account of both internal and external control requirements. Students should be made familiar with any statutory regulations which may apply in this area. | |
| |
C | 1.4 | Describe the entities involved in an audit trail and the purposes of journals. (This should involve a discussion of the importance of fully documenting changes to systems).
|
top
|
|
|
