Please enable JavaScript.
Coggle requires JavaScript to display documents.
Application & General Controls (Application Controls (Segregation of…
Application & General Controls
General Controls
General Controls
Forms part of an overall framework of control for computer activities
Present if there is no input, processing or output
Put in place before any processing of transactions
Categories of GC
Control environment & org. structure
Commitment to competence
HR policies & procedure
Responsibilities & segregation of duties
Integrity & ethical values
Proper job descriptions for staff
Clear reporting lines & levels of authority
Steering committee
Leadership & direction
Enforcement & action
System development & programme change controls
Access controls
Security policy
Least privelaged
Fail safe
Defence in depth
Logging
Physical access control
Dedicated room for IT personnel
Visitors from outside company to IT building
Appointment to visits
Cleared upon arrival at entrance
ID tag or escort
No access through locked doors
Escorted out after concluding business
No unnecessary access to non-IT employees
Physical entry to data centre/dedicated room
Only those who need access given entry
Access points limited to 1 locked door
Locking device de-activated y swipe card, pin, etc
Access point under CCTV
Logical access (preventative) controls
Identification of users
Authentication of users
Unique password
Authorisation
Read only
Read & write
Logging
Access tables
Password controls
Unique
Six, mixed characters
Passwords for terminated users must be removed upon termination
Regular passwords changing
Not printed or displayed i anyway
No disclosure of passwords
Not obvious
Firewalls
Super-user access
Continuity of operations
Risk assessment
Physical security
Physical Location
Away from hazards
Secure area w/ no outside windows/walls
Secure door & access control devices
Fire/flood
Smokie detectors, prohinit s,oking, fire extinguishers
Above ground level & away from water mains
Raised flooring
Power surges
Uninterrupted power supplies
Back up generators
Heat & humidity
Airconditioning
Physical access controls
Disaster recovery
Disaster recovery plan
Written document
Lists procedures
Widely/easily available
Address priorites
Tested
Backup strategies
Frequently & regularly
Three generations
Most recent sorted off site
Fireproof safes
Copies of user & operations documentation kept of site
Mirror site
System software & operating controls
Documentation
Application Controls
Segregation of duties
Isolation of responsibilty
Approval & Authorisation
Custody
Access controls
Comparison & reconciliation
Performance reviews
Relevant to a specific task within a cycle of the accounting system
Batching
Control totals
Financial totals
Hash totals
Record counts
Batch control sheet
Batch number
Control totaks
identification of transaction type
Space for signature
Batch register
Screen Aids
Minimum keying in
Screen formatted in order required
Prompts
Mandatory fields
Shading of fieds
Programme controls
Input
Matching checks
Limit checks
Reasonableness checks
Check digits
Sequence checks
Validation checks
Authorisation checks
Format
Size checks
Missing data checks
Alpha-numeric checks
Mandatory fields
Valid character check
Output controls
Logs & reports
Master file amendment controls
Master file amendment form
Authorised, 2 seniors
Reviewing of log of amendments back to source documents
nummerical sequence
Input controls over capturing of amendments
Access controls
Logging of entries
Programme checks
Screen aids
EFT payments controls
Prior
Masterfile amendment controls
Controls over supportinig documents
Authorisation of input info
Physical controls over terminals
During
Access controls
Payment limits
System log-out & time-out facilities
Subsequent
Reconciliation & review of input w/ output