Question

What are the three types of IT management controls described in the chapter? Provide two examples of each type.

Internal Auditing: Assurance & Advisory Services fourth edition

Answer 1

IT controls at the management level includes

1.IT standards :supports IT policies by more specifically defining by what is requires to achieve organisation objectives

Examples

.a.

System development process :when organisations develop their own applications ,these standards apply to the procesa for designing,developing,testing ,implementing and maintaining information systems and programs

b.Application Controls:All applications that supports business activities need to be controlled

2.IT Organisation and Management controls:It provides assurance that the organisation is clearly defined with structured lines of reporting and respinsbility and has implemented effective control process

Examples

a.Segregation of duties :The function of initiating ,authorizing,processing , inputting of data and checking of data should be segregated so that no ons makes an error mistake ,omission or irregularity and authorize it

b. Change management process :it is to ensure that the changes to IT environment ,system software and application systems and data are applied in a manner that enforces appropriate seggregation of duties ensures that changes are working and are getting inplementing as and when required.and prevent changes from being exploited for fradulent purposes

3.IT physical and management controls:protecting information system resources from aacidental or intentional damage ,or misuse or loss

Examples

a.providing fire detection and suppression equipment

b.Restricting server access to few specific individuals