Dalubhasaang Politekniko ng Lungsod ng

Baliwag
Dalubhasaan Kong Mahal

BUNAG, Gene Paulo DL. Auditing in CIS Environment

BS Accountancy – 4A Ms. Kacelyn B. Daza, CPA

Individual Activity No. 1

Instruction: Perform a thorough research about controls in a computerized information system.

 Controls in a computerized information system (CIS) are procedures and technological measures
designed to safeguard the system and its data from unauthorized access, use, disclosure, disruption,
modification, or destruction. Controls can be classified into two main types: general controls and
application controls.

 General controls are concerned with the overall environment in which CIS operates. They include:

1. Organization and management controls, such as policies and procedures for developing,
maintaining, and operating CIS and managing risk.
2. System development controls, such as procedures for ensuring that new systems are properly
designed, tested, and implemented.
3. Access controls, such as passwords, user IDs, and access control lists, to restrict access to CIS
and their data to authorized users.
4. Data security controls, such as encryption, firewalls, and intrusion detection systems, to
protect CIS and their data from unauthorized access, use, disclosure, disruption, modification,
or destruction.
5. Computer operations controls, such as procedures for backing up data and recovering from
system failures.

 Application controls are specific to the individual applications that run on a CIS. They include:

1. Input controls, such as data validation and authorization procedures, to ensure that data
entered into the system is accurate and complete.
2. Processing controls, such as programmed checks for reasonableness and consistency, to
ensure that data is processed accurately.
3. Output controls, such as reconciliation of output reports to source data, to ensure that output is
accurate and complete.
4. Controls in a CIS can be implemented using a variety of methods, including manual
procedures, automated controls, and a combination of the two. The specific controls
implemented will depend on the size and complexity of the CIS, the types of applications that
run on it, and the risks it faces.

AUD 05 | Individual Activity No. 1 Page | 1

 Dalubhasaang Politekniko ng Lungsod ng
Baliwag
Dalubhasaan Kong Mahal

Examples of controls that can be implemented in a computerized information system:

 Access controls:
 Users must have a valid user ID and password to log into the system.
 Access to different parts of the system and different types of data is restricted based on
user roles and permissions.
 User activity is logged and monitored.

 Data security controls:

 Sensitive data is encrypted at rest and in transit.
 Firewalls and intrusion detection systems are used to protect the system from
unauthorized access.
 Data backups are made regularly and stored in a secure location.

 Input controls:
 Data fields are validated to ensure that they contain the correct type of data and that
the data is within a reasonable range.
 Data is authorized before it is processed.

 Processing controls:
 Programmed checks are used to identify and prevent errors in data processing.
 Transactions are logged and reconciled to ensure that all transactions are processed
accurately and completely.

 Output controls:
 Output reports are reconciled to source data to ensure that the output is accurate and
complete.
 Sensitive output is restricted to authorized users.

Importance of controls in a computerized information system

 Controls are important in a computerized information system because they can help to protect the
system and its data from a variety of threats, including:

 Unauthorized access, use, disclosure, disruption, modification, or destruction: Controls

can help to prevent unauthorized users from accessing, using, disclosing, disrupting,
modifying, or destroying the system or its data.
 Errors and omissions: Controls can help to identify and prevent errors and omissions in
data processing and reporting.
 Fraud and abuse: Controls can help to deter and detect fraud and abuse of the system.

In conclusion, by implementing appropriate controls, organizations can reduce the risks associated
with their computerized information systems and protect their valuable data.

AUD 05 | Individual Activity No. 1 Page | 2

 Dalubhasaang Politekniko ng Lungsod ng
Baliwag
Dalubhasaan Kong Mahal

References:

American Institute of Certified Public Accountants (AICPA). (2017). Statement on Auditing Standards No.
142: Understanding and assessing the risks of material misstatement through an entity's internal
control over financial reporting. New York, NY: Author.

Committee of Sponsoring Organizations of the Treadway Commission (COSO). (2013). Internal control—
Integrated framework. New York, NY: Author.

Information Systems Audit and Control Association (ISACA). (2017). Control objectives for information
and related technologies (COBIT) 5 for information security. Schaumburg, IL: Author.

Institute of Internal Auditors. (2016). The IIA's international professional practices framework (IPPF).
Altamonte Springs, FL: Author.

AUD 05 | Individual Activity No. 1 Page | 3