系统的错误vs.偶然性错误 缺乏职责分离 缺乏必要授权 未加限制的准入 缺乏T经验 ·缺乏数据
• 系统的错误vs. 偶然性错误 • 未加限制的准入 • 缺乏数据 • 缺乏职责分离 • 缺乏必要授权 • 缺乏IT经验
图表11-1 未经授权而修改 应用程序的风险 般控制与运用控制的关系 系统崩溃的风险 现金收入控制 销售运用控制 工资运用控制 其他循环的运用控制 未授权而进行文件升级 一般控制 未授权就执行的风险
现金收入控制 销售运用控制 工资运用控制 其他循环的运用控制 未经授权而修改 应用程序的风险 系统崩溃的风险 未授权而进行文件升级 未授权就执行的风险 一般控制 图表 11 - 1 一般控制与运用控制的关系
表111 般控制和申请控制的分类 Control Type Category of Control Example of Control Ge neral ControIs Administra tion of the IT function Chief information officer or IT manager re ports to senior manageme nt and board. Segregation of It duties Responsibility for programming, operations, and data control are separated. Systems development Teams of users, systems analysts, and programme rs develop and thoroughly test softy Physical and on-line security Access to hardware is restricted, and passwords and user Ids limit access to software and data files Back-up and contingency planning back-up plans are pre pared and tested regularly throughout the Hardware controls failure or hard drive failure causes error messages on the monitor. Application Controls nput controls Pre formatted screens prompt data input personnel for information to be e nte red. Processing controls Reasonableness tests review unit-selling prices used to ess a sale Output controls The sales de partment performs post-processing review of sales transaction
Control Type Category of Control Example of Control General ControlS Administration of the IT function Chief information officer or IT manager reports to senior management and board. Segregation of It duties Responsibility for programming, operations, and data control are separated. Systems development Teams of users, systems analysts, and programmers develop and thoroughly test software. Physical and on-line security Access to hardware is restricted, and passwords and user Ids limit access to software and data files. Back-up and contingency planning back-up plans are prepared and tested regularly throughout the year. Hardware controls failure or hard drive failure causes error messages on the monitor. Application Controls Input controls Preformatted screens prompt data input personnel for information to be entered. Processing controls Reasonableness tests review unit-selling prices used to process a sale. Output controls The sales department performs post-processing review of sales transactions. 表 11 - 1 一般控制和申请控制的分类