Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
12 Cards in this Set
- Front
- Back
Standards |
Sarbanes Oxley Act 404 (Best) ASX Governance Principle 7 (Practical) Auditing Standard ASA 265 (Report) |
|
What are controls? |
Controls are a response to risk, they providereasonable assurance that the goals of the organisation are being achieved andthat it is in compliance with applicable legal and regulatory obligations. |
|
Pervasive Controls: Segregation of Duties |
1. Authorizing Events 2. Executing Events 3. Recording Events 4. Safeguarding Resources |
|
IT General: COBIT |
Provides a framework for best practice in IT management. Enables business to maximize benefits Risks are managed appropriately Resources used responsibly |
|
COBIT - Physical Controls |
1. Perimeter Controls 2. Building Controls 3. Computer Controls |
|
COBIT - Software Controls |
1. Identification 2. Authentication 3. Access Rights 4. Threat Monitoring |
|
Business Process Controls |
Consists of: Control Plans - Policy & Procedure Control Goals - Objectives Both of these feed into control matrix to evaluate the controls |
|
Control Goals for IT |
Input Validity - Actual Events Input Completeness - All Data Input Accuracy - Correct Update Completeness - Reflected in MD Update Accuracy - Reflected in MD |
|
Control Goals for Operations |
Effectiveness of operations Efficient use of resources Security of Resources |
|
Classes of Control Plans |
Preventative Detective Corrective |
|
Application Controls - SAP |
Designed to meet specific control measures as identified in the Control Goals
Can be manual/programmed controls Logon/password security Validation controls |
|
What is ERM |
Process designed to identify potential threats and providing reasonable assuranceregarding achievement of objectives Strategic:high level, supports mission Operations:effective and efficient resources Reporting:reliability of reporting Compliance:with applicable laws and regulations |