Printer Friendly

Computer Audit, Control, and Security.

Computer Audit, Control, and Security by Robert R. Moeller, John Wiley & Sons, Inc., One Wiley Drive, Somerset, New Jersey 08875, 1989, 592 pp.

This book is designed for auditors as a practical resource in reviewing a wide spectrum of EDP subjects. The text identifies in clear and specific terms the prime control objectives of five broad topics followed by detailed audit programs to guide the auditor in determining whether these objectives are being met. (A copy of the audit programs is provided in ASCII format--5 1/4" diskette--which facilitates customizing the audit programs for particular assignments.)

One of the five sections focuses on general DP controls within large computer centers, distributed networks, minicomputer systems and the microcomputer environment. Specific issues introduced here are covered in greater detail in other parts of the book.

In the section on auditing DP applications, the author tells how to select applications for review, based on an evaluation of relative control risks, and describes approaches for gathering evidence and testing transactions through the application. This section concludes with a valuable discussion on control objectives related specifically to system development efforts. It emphasizes the importance of a formalized system development methodology and the auditor's responsibility to understand the requirements and implications of the methodology. Audit procedures are provided to help the auditor through each step of the system development process.

Security for the modern DP center, another section topic, deals with physical security, information security exposures and disaster recovery. The physical security issues are separated into categories such as natural disasters, power failures, communication failures and malicious or unintentional damage.

Information security is defined as "controls over access to computer data and programs plus overall policies and controls to prevent and detect unauthorized system access attempts." The author concentrates on exposures in user-friendly access, computer crime and espionage, personal privacy and software piracy. For each exposure area, he offers techniques for reviewing access control and specific solutions (such as application controls, password procedures, operating system security and network security) to address control weaknesses that may be identified.

In another section, the author calls end user computing growth (users creating their own applications) one of the key changes affecting the auditor in today's DP environment. He presents control objectives and procedures for auditing the general and applications controls related to end user systems. In addition, he introduces the use of fourth generation languages as tools for developing applications and discusses ways to review applications developed with them.

The final section describes Moeller's thoughts on what the future holds for the auditor. He says, "We have described a new position in the modern, integrated internal audit department--the systems auditor. This is an audit professional with strong skills in both financial/operational auditing and computer auditing. This probably will be the audit professional of the future, and certainly will be the internal audit professional of the future."

The text's greatest strength is the practical assistance provided for the EDP auditor, especially for new EDP auditors who are still becoming familiar with the exposures in each area and the control solutions available to them.
COPYRIGHT 1990 American Institute of CPA's
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 1990, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

Article Details
Printer friendly Cite/link Email Feedback
Author:Iacono, Lisa M.
Publication:Journal of Accountancy
Article Type:Book Review
Date:Jun 1, 1990
Previous Article:ADRs: increasingly popular financial instruments.
Next Article:Tax Practice Management.

Related Articles
A Standard for Auditing Computer Applications.
WG and L Audit Manual: 1990.
Implementing SAS no. 55 in a computer environment; strategies for addressing control risk in entities that use computers to process accounting...
How safe are your data transmissions?
Implications of computers in financial statement audits.
How secure is your case-management software?
The electronic auditor: wave goodbye to the paper trail.
Risky business: internal audit teams up with the audit committee to tackle IT security needs.
ACL Services Ltd.
AICPA announces center focused on public company audit quality.

Terms of use | Copyright © 2016 Farlex, Inc. | Feedback | For webmasters