Please enable JavaScript.
Coggle requires JavaScript to display documents.
LECTURE 5: INFORMATION TECHNOLOGY RISKS & CONTROL - Coggle Diagram
LECTURE 5: INFORMATION TECHNOLOGY RISKS & CONTROL
Risk - Chances of Negative outcomes
Risk Management Process
Identify the Risk
Analyze the Risk
Evaluate or Rank the Risk
Treat the Risk
Monitor and Review the Risk
Types of IT Risks
Business Risk - Likelihood that an organization will not achieve its business goals and objectives
Audit Risk - Likelihood that an auditors make a mistake when issuing an opinion attesting to audit or that auditors fail to uncover a material error or fraud
Security Risk - Risks associated with data access, and data integrity
Continuity Risk - Risk associated with information systems accessibility, availability of backup, and ability for recovery
Threats
Data Confidentiality
Data Availability
Data Integrity
Data timeliness
Data Accuracy
IT Infrastructure
Expected Value of Risk = estimated loss from specific risk * (likelihood of loss) %
COSO Five Components of IC
Control Environment
Risk Assessment
Control Activities
Information and Communication
Monitoring
Quality Control Standard
ISO 9000 series
- certifies that organizations comply with documented quality standards
Six Sigma
– an approach to process and quality improvement
IT Control Documentation
Documentation
Internal Control (IC) narrative
Origin of documents
Disposition of documents
Processing steps
Internal controls
Internal Control (IC) flowchart
Data Gathering
Internal Control (IC) questionnaire