Question

1. Explain how an information system audit supports a financial audit.

2. Explain an integrity control for for each of the following input, processing, and output.

3. Explain an example of defense in depth.

4. Explain the relationships between hashing, encryption, digital certificates, and digital signatures.

Answer 1

1) The overall objective of the financial audit is to give a reasonable assurance that financial statements are free from material mistatements and they give a true and fair view on financial statement. This is objective is achieving by obtainig sufficient and appropriate audit evidence.

With the role inceasing role of information systems, process of collecting and evaluating evidence revolves around the computer system. Safeguard of assets and integrity of data is very much depended upon sound information system. Information system audit gives an assurance to the financial auditors that all controls related information technology and automated controls are working effectively in the Company. Financial auditor relies upon the work of IT experts and accordingly give their opinion.

2) Integrity control for Input, Processing and Output

Input Control -: Batch control totals and document counts is the most commonly used control to check the date integrity. Batch Control tallies the total and no. of count from one accounting software to another software. It tracks whether two databases are correctly synchronised or not.

Processing Control -: Run-to-run control is a processing control used in teh organisations. The summation of one processing run is added to the processing of second run and final balance is confirmed from the figure in second run.

Output Control -: Proper authorisation of the output printed reports is very important data integrity control. This avoids the chance of manipulation that can be done with the output data.

3) Secure Network access is an example of defense in depth besides many other controls. It is a type of technical control which protects Company's software and network from outside intruders. Its almost like cybersecurity for the network to prevent data theft.

4) Hashing is the method used in the encrption. The meaning of hashing is that it is not possible to decode the information by using a predetermined key when we are using data through hash. While encryption can be said to be two way process. It includes varities of strategies of encode input such as numerical, semantic and digital characters. Both used aglorithms for the security of the confidential data.

Digital signature is a attachment in the document that ensures maintain data integrity and authtencity. While on the other hand digital certificate helps in providing security and authenticity to the holder of certificate. Both are used to maintain the authenticity of data.