MGTD60 Final.docx

11 Pages
Unlock Document

Financial Accounting
P.Yien/ K.Jackson

Chapter Six IS Network and Telecommunications Risks Network Components  Computers and terminals  Telecommunications channels – physical and wireless  Telecommunications processors  Routers and switching devices Network Types  Local versus wide area networks  Internet, intranet, extranet  Virtual private networks (VPN)  Client/server networks Network Configuration Types  Star-shaped – centralized  Ring – decentralized  Bus - decentralized Network Protocols and Software  Open Systems Interconnect (OSI) model – a standard architecture for networking that allows different computers to communicate across networks  Network and telecommuncations software – network OS, networks management software, middleware, web browsers, e-mail software IS Network and Telecommunications Risks  Social Engineering  Physical Infrastructure Threats – the elements, natural disasters, power supply, intentional human attacks  Programmed Threats – viruses, worms, Trojan horses, hoaxes, blended threats  Denial of Service Attacks  Software Vulnerabilities IS Network and Telecommunications Security  Network security administration  Authentication  Encryption – secret key and public key  Firewalls – packet filtering and stateful inspection  Intrusion Detection Systems  Penetration Testing – war dialing, port scanning, sniffers, password crackers Auditing Network Security  Risk assessment and best practices  Benchmark tools  IT audit programs for network security Chapter Seven E-Business Models  EDI (Electronic Data Exchange) – Inventory Level  Web pages  The online environment  Distributed e-business and intranets  Supply chain linkage  Collaborative business E-Business Protocols, Software, and Hardware  TCP/IP  IP addresses  Client/server architectures The Languages of E-Business  HTML  XML  XBRL  ebXML Privacy  Privacy vs confidentiality  Privacy and security trade-offs  Privacy policies  Internet tracking tools Information System Security and Availability  General network and telecommunications risks and controls  Encryption – SSL, SET, S-HTTP  Securing electronic payments  Securing the web server  System availability and reliability Transaction Integrity and Business Policies  The integrity of transactions – complete, accurate, timely, authorized  Repudiation – origin and reception non-repudiation  Digital signatures and digital certificates  Electronic audit trails Specialized E-Business Applications  Electronic Data Interchange (EDI) – VAN vs web-based  Collaborative Commerce  E-Mail Security and Privacy – spamming, spoofing, and e-mail policies and controls Managing Third Party Providers  Third-party services – ISP’s, ASP’s, certificate authorities, and electronic payment providers  Independent evaluations of third parties Third Party Assurance Services  CPA Trust engagements  TRUSTe  BBB Online  Veri-Sign Chapter Eight Using Computer Assisted Audit Tools and Techniques (CAATs) Two Categories of CAATTs  1) Computer Assisted Audit Tools  2) Computer Assisted Audit Techniques Computer Assisted Audit Tools  Productivity Tools  Generalized Audit Software Tools Productivity Tools Include:  E-workpapers  Groupware  Time and billing software  Reference libraries  Document management Generalized Audit Software Tools Include:  ACL  Audit expert systems  Utility and statistical software ACL  Widely used for data extraction and analysis  Allows for virtual 100% testing of client data Computer Assisted Audit Techniques (CAATs) CAATs to Validate Audit Techniques  Test desks  Integrated test facility  Parallel simulation CAATs to Verify Data Integrity  Data extraction and analysis  Fraud detection  Continuous auditing techniques 10 Steps to Using CAATs  1. Set key audit objectives  2. Identify CAATs to be used  3. Identify which data files are needed  4. Determine which format you need  5. Request files from client in preferred format  6. Import data into ACL  7. Use CAATs to verify the data import process  8. Perform other CAATs  9. Investigate and reconcile exceptions  10. Document results in workpapers CAATs to Detect Fraud Digital analysis  Benford’s Law for a series of naturally occurring numbers  Deals with expected frequency of first digits  Exponential distribution  Requires large sample size Chapter Nine Conducting the IT Audit Audit Standards  CICA  CSAE (Canadian Standard on Assurance Engagements)  CSAE 3416 – See Assigned Reading  5025  AICPA  Statements of Auditing Standards (SASs)  Statement on Standards for Attestation Engagements (SSAE)  SSAE 16  ISACA  IS Audit Standards, Guidelines, and Procedures  CobiT  IFAC —International Auditing Standards (IASE) The IT Audit Lifecycle  Planning  Risk Assessment  Prepare Audit Program  Gather Evidence  Form Conclusions  Deliver Audit Opinion  Follow Up Planning  Scope and control objectives  Materiality  Outsourcing  Gain an understanding of the client and client’s industry, business risks Risk Assessment  Shift is to risk-based audit approach  “What can go wrong”  High risk areas require more a
More Less

Related notes for MGAD10H3

Log In


Join OneClass

Access over 10 million pages of study
documents for 1.3 million courses.

Sign up

Join to view


By registering, I agree to the Terms and Privacy Policies
Already have an account?
Just a few more details

So we can recommend you notes for your school.

Reset Password

Please enter below the email address you registered with and we will send you a link to reset your password.

Add your courses

Get notes from the top students in your class.