IS Audit Controls
5 days ago
2 min read
0
1
What is a control?
In the context of the Certified Information Systems Auditor (CISA) certification, a control is "The means of managing risk, including policies, procedures, guidelines, practices or organizational structures, which can be of an administrative, technical, management or legal nature"
a control refers to the policies, procedures, practices, and organizational structures designed to provide reasonable assurance that business objectives will be achieved and undesired events will be prevented or detected and corrected*.
According to ISACA, controls are integral to IT governance and management frameworks like COBIT (Control Objectives for Information and Related Technology). These controls help ensure the integrity, confidentiality, and availability of information systems*.
The Information Technology Assurance Framework (ITAF) by ISACA further elaborates on controls by providing standards and guidelines for IT audit and assurance professionals. ITAF emphasizes the importance of controls in the planning, testing, and reporting phases of IT audit engagements. It ensures that IT processes and related controls align with enterprise objectives and initiatives**.
As far back as 4000 B.C., historians believe, formal record-keeping systems were first instituted by organized businesses and governments in the Near East to allay their concerns about correctly accounting for receipts and disbursements and collecting taxes. Similar developments occurred with respect to the Zhao dynasty in China (1122-256 B.C.)***
Types of Controls
Preventive Controls:
Purpose: To prevent errors or irregularities from occurring.
Examples: Access controls, segregation of duties, and input validation.
Detective Controls:
Purpose: To detect errors or irregularities that have occurred.
Examples: Audit logs, intrusion detection systems, and reconciliations.
Corrective Controls:
Purpose: To correct errors or irregularities that have been detected.
Examples: Incident response plans, backup and recovery procedures, and change management processes.
5 days ago
2 min read
0
1