Computer Audit, Control, and Security.Computer Audit, Control, and Security by Robert R. Moeller, John Wiley John Wiley may refer to:
This book is designed for auditors as a practical resource in reviewing a wide spectrum of EDP (Electronic Data Processing) The first name used for the computer field. EDP - Electronic Data Processing subjects. The text identifies in clear and specific terms the prime control objectives of five broad topics followed by detailed audit programs to guide the auditor in determining whether these objectives are being met. (A copy of the audit programs is provided in ASCII ASCII or American Standard Code for Information Interchange, a set of codes used to represent letters, numbers, a few symbols, and control characters. Originally designed for teletype operations, it has found wide application in computers. format--5 1/4" diskette--which facilitates customizing the audit programs for particular assignments.) One of the five sections focuses on general DP controls within large computer centers, distributed networks, minicomputer (1) An earlier medium-scale, centralized computer that functioned as a multiuser system for up to several hundred users. The minicomputer industry was launched in 1959 after Digital Equipment Corporation introduced its PDP-1 for $120,000, an unheard-of low price for a computer in systems and the microcomputer environment. Specific issues introduced here are covered in greater detail in other parts of the book. In the section on auditing DP applications, the author tells how to select applications for review, based on an evaluation of relative control risks, and describes approaches for gathering evidence and testing transactions through the application. This section concludes with a valuable discussion on control objectives related specifically to system development efforts. It emphasizes the importance of a formalized for·mal·ize tr.v. for·mal·ized, for·mal·iz·ing, for·mal·iz·es 1. To give a definite form or shape to. 2. a. To make formal. b. system development methodology and the auditor's responsibility to understand the requirements and implications of the methodology. Audit procedures are provided to help the auditor through each step of the system development process. Security for the modern DP center, another section topic, deals with physical security, information security exposures and disaster recovery. The physical security issues are separated into categories such as natural disasters, power failures, communication failures and malicious or unintentional damage. Information security is defined as "controls over access to computer data and programs plus overall policies and controls to prevent and detect unauthorized system access attempts." The author concentrates on exposures in user-friendly access, computer crime and espionage, personal privacy and software piracy The illegal copying of software for distribution within the organization, or to friends, clubs and other groups, or for duplication and resale. The software industry loses billions of dollars each year to piracy, and although it may seem innocent enough to install an application on a . For each exposure area, he offers techniques for reviewing access control and specific solutions (such as application controls, password procedures, operating system operating system (OS) Software that controls the operation of a computer, directs the input and output of data, keeps track of files, and controls the processing of computer programs. security and network security) to address control weaknesses that may be identified. In another section, the author calls end user computing Using a desktop or laptop computer. growth (users creating their own applications) one of the key changes affecting the auditor in today's DP environment. He presents control objectives and procedures for auditing the general and applications controls related to end user systems. In addition, he introduces the use of fourth generation languages as tools for developing applications and discusses ways to review applications developed with them. The final section describes Moeller's thoughts on what the future holds for the auditor. He says, "We have described a new position in the modern, integrated internal audit department--the systems auditor. This is an audit professional with strong skills in both financial/operational auditing and computer auditing. This probably will be the audit professional of the future, and certainly will be the internal audit professional of the future." The text's greatest strength is the practical assistance provided for the EDP auditor A person who performs an EDP audit within an organization. Such individuals analyze the existing systems and procedures using audit software that samples databases and generates confirmation letters. See EDP audit and audit software. , especially for new EDP auditors who are still becoming familiar with the exposures in each area and the control solutions available to them. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion