Chapter 3
Chapter 3 –Information System & Its Components
Introduction
This chapter deals with
various provisions and aspects of information systems & it’s components and
covers following important topics:
Information Systems
Components of Information Systems
Information Systems’ Controls
Information Systems Auditing
Audit Trail
Organization Structures & Responsibilities
Segregation of Duties
(22)Give examples of Segregation of Duties Controls?
(23) List down various phases and their controls during program development life cycle? (May 19)
Answer:
(24) Discuss the key activities, which
require special attention for auditing the user access provisioning. (May 19)
Answer: Following special attention for
auditing the user access provisioning is required:
(i)Process for Access Request: The IS auditor should verify process of access request and
determine if these processes are used consistently throughout the organization.
(ii)Process for New employee provisioning: The IS auditor should verify how a new employee’s user accounts are
initially set up. The auditor should determine if manager’s authorization is
obtained.
(iii)Process for Access approvals: The IS auditor needs to verify process for approval and by what authority
they are approved.
(iv)Periodic Access reviews: The IS auditor should determine if periodic reviews are performed
for access provided. This may include termination reviews, internal transfer
reviews, SOD reviews, and dormant account reviews.
(v)Segregation of Duties (SOD): The IS auditor should determine whether proper segregation of
duties exists.
(25) In a
e-business environment, controls are required to put in place at each
participant’s level. Discuss about the participants involved in any e business
environment?
