APPLICATION RISK AND CONTROLS

advertisement
APPLICATION RISK AND
CONTROLS
Application Risks
•
•
•
•
•
•
•
•
•
•
•
•
Weak security
Unauthorized access to data
Unauthorized remote access
Inaccurate information
Erroneous or falsified data input
Misuse by authorized end users
Incomplete processing
Duplicate transactions
Untimely processing
Communications system failure
Inadequate training
Inadequate support
End User Computing (EUC)
Application Risks
•
•
•
•
•
•
•
•
Inefficient use of resources
Incompatible systems
Redundant systems
Ineffective implementations
Absence of separation of duties
Unauthorized access to data or programs
Copyright violations
The destruction of information by computer
viruses
Electronic Data Interchange (EDI)
Application Risks
• Loss of Business Continuity / Going
Concern Problem
• Interdependence
• Loss of confidentiality or sensitive
information
• Increased exposure to fraud
• Manipulation of payment
• Loss of transactions
Electronic Data Interchange (EDI)
Application Risks
• Errors in information and communication
systems
• Loss of audit trail
• Concentration of control
• Application failure
• Potential legal liability
• Overcharging by third party service providers
• Manipulation of organization
• Not achieving anticipated cost savings
Implications of risks in an EDI
systems
• Potential loss of transaction audit trail
• Increased exposure to ransom, blackmail,
or fraud
• Disruption of cash flows
• Loss of profitability
• Damage to reputation
• Financial collapse
Application Controls
•
•
•
•
•
•
Input Controls
Interfaces
Authenticity
Accuracy
Processing controls
Completeness
Application Controls
•
•
•
•
•
•
•
Error correction
Output controls
Reconciliation
Distribution
Retention
Functional Testing and Acceptance
Management Approval
Documentation Requirements
•
•
•
•
•
•
Standards and descriptions of procedures
Instructions to personnel
Flowcharts
Data flow diagrams
Display or report layout
Other materials that describe the systems
Application Software Life Cycle
• System Development Methodology
– An information systems strategy that guides
developers in building systems that are consistent
with the organization’s technical and operational
goals
– Standards that guide in selection of hardware,
software, and in developing new systems
– Policies and procedures that support the
organization’s goals and objectives
– Project management which ensures that project are
completed on time and within budget
• User Interface
– Means by which the user interacts with the system.
Application Maintenance
• Corrective maintenance
– Emergency program fixes and routine
debugging
• Adaptive maintenance
– Accommodation of change
• Perfective maintenance
– User enhancements
– Improve documentation
– Recording for efficiency
Download