Page 16 - Accounting Information Systems

P. 16

Contents xv

Chapter 16 IT Controls Part II: Security and Access 703

CONTROLLING THE OPERATING SYSTEM 704
Operating System Objectives 704
Operating System Security 704
Threats to Operating System Integrity 705
Operating System Controls and Test of Controls 705
CONTROLLING DATABASE MANAGEMENT SYSTEMS 710
Access Controls 710
Backup Controls 712
CONTROLLING NETWORKS 713
Controlling Risks from Subversive Threats 713
Controlling Risks from Equipment Failure 721
ELECTRONIC DATA INTERCHANGE (EDI) CONTROLS 722
Transaction Authorization and Validation 723
Access Control 724
EDI Audit Trail 724
SUMMARY 726
APPENDIX 726

Chapter 17 IT Controls Part III: Systems Development,
Program Changes, and Application Controls
737

SYSTEMS DEVELOPMENT CONTROLS 738
Controlling Systems Development Activities 738
Controlling Program Change Activities 740
Source Program Library Controls 740
The Worst-Case Situation: No Controls 741
A Controlled SPL Environment 741
APPLICATION CONTROLS 745
Input Controls 745
Processing Controls 747
Output Controls 750
TESTING COMPUTER APPLICATION CONTROLS 752
Black Box Approach 753
White Box Approach 753
White Box Testing Techniques 756
The Integrated Test Facility 759
Parallel Simulation 760
SUBSTANTIVE TESTING TECHNIQUES 761
The Embedded Audit Module 761
Generalized Audit Software 763
SUMMARY 766

11 12 13 14 15 16 17 18 19 20 21