Thanks to visit codestin.com
Credit goes to www.scribd.com

0% found this document useful (0 votes)
64 views8 pages

3 InternalControl

Internal controls are steps taken to prevent, detect, and correct errors and issues. They typically involve policies, procedures, and organizational structures. There are three main types of controls: preventive controls attempt to predict and prevent problems before they occur, detective controls find errors after they happen, and corrective controls minimize the impact of any issues. Important aspects for information system controls specifically include safeguarding assets, ensuring the integrity of operating systems and applications, user access identification and authorization, business continuity planning, and data protection.

Uploaded by

Jay Silen
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
64 views8 pages

3 InternalControl

Internal controls are steps taken to prevent, detect, and correct errors and issues. They typically involve policies, procedures, and organizational structures. There are three main types of controls: preventive controls attempt to predict and prevent problems before they occur, detective controls find errors after they happen, and corrective controls minimize the impact of any issues. Important aspects for information system controls specifically include safeguarding assets, ensuring the integrity of operating systems and applications, user access identification and authorization, business continuity planning, and data protection.

Uploaded by

Jay Silen
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

Internal Controls

Internal Controls

Steps performed to prevent, detect, and correct

Usually: policies, procedures, practices,


organizational structures

Two important aspect: What to be achieved,


what to be avoided

Controls Classification

Preventive

Detective

Corrective

Preventive

Detect Problem before they arise

Attempt to predict potential error before it occurs

eg: create organizational structure to oversee a


task

eg 2: well documented flow to make sure task is


done properly

Detective

Detects error when it occurs

The worst error is when its not detected

eg: Checkpoints

eg 2: Duplicate checking

eg 3: Periodic Performance Reporting

Corrective

Minimize impact of risk

Modify processing system to minimize future


occurence

Correct Errors immidiately to mitigate effect

eg: Contigency Plan

eg 2: Back up

IS Controls

Most common IS Controls must include these points:


1. safeguarding asset: avoid improper access
2. Ensuring integrity of OS Management
3. Ensuring integrity of Applications: input authorization/
validation, accuracy and completeness, transcation tracking,
security, etc
4. Identification, Authorization of User Access
5. Business Continiuity and Disaster Recovery Plan
6. Protection of Data

Discuss

Pick 4 top risks from your online shop problem


(IT related risk)

For every risk listed on your task, define 2 step


to Prevent, Detect, and Correct your Risk

Create a checklist based on previous slide (IS


Controls) to make sure youve completed the
objectives

You might also like