Information system Risk
1- Human Errors
Human error is a mistake made by a person rather than being caused by a poorly designed process or the malfunctioning of a machine such as a computer(design of hardware, programming, testing and authorization).
2- Environmental hazards
Environment are the things around. Environmental hazard is the risk of damage to the environment eg air pollution, water pollution, toxins, radioactivity. Smoke, heat and water damage resulting from the other environment hazards.
3- Computer system failures
Computer system failures is a hardware or operating system malfunction such as poor design
4- Intentional threat
Intentional threat is a potential for violation of security, which exists when there is an entity, circumstance, capability, action, or event such as fraud and crims related to the use of the internet.
5- cyber crime
Cyber-crime is criminal activity done using computers and the Internet. This includes anything from downloading illegal music files to stealing millions of dollars from online bank accounts. Cyber-crime also includes non-monetary offenses, such as creating and distributing viruses on other computers or posting confidential business information on the Internet.
Preventive control system
1- access control
Access Control is any mechanism by which a system grants or revokes the right to access some data, or perform some action. Normally, a user must first Login to a system, using some Authentication system. Next, the Access Control mechanism controls what operations the user may or may not make by comparing the User ID to an Access Control database.
2- Encryption
Encryption is The coding of a clear text message by a transmitting unit so as to prevent unauthorized eavesdropping along the transmission line; the receiving unit uses the same algorithm as the transmitting unit to decode the incoming message.
3- Virus protection
Virus protection ia a computer program that is designed to replicate itself by copying itself into the other programs stored in a computer. It may be benign or have a negative effect, such as causing a program to operate incorrectly or corrupting a computer's memory.
4- Firewall
Firewall is any of a number of security schemes that prevent unauthorized users from gaining access to a computer network or that monitor transfers of information to and from the network.
Internal audit Vs External audit
The external auditors issue an opinion on the fairness of the financial statements taken as a whole. The internal auditors are regular employees of the company they audit. Internal audits generally examine internal controls and the main purpose is to recommend improvements in efficiency and operational effectiveness. The materiality level for an internal audit is much lower than for an external audit. An external auditor will never examine petty cash, but an internal auditor will.
The external auditors are organizationally independent - they work for a completely different company than the company being audited. The also get paid more - the internal auditors receive their regular salary, regardless of their findings. The external auditors get paid based on their contract which includes expenses, overhead and profit.
The external auditors issue an opinion on the fairness of the financial statements taken as a whole. The internal auditors may issue an opinion on a much smaller unit they may be auditing, but often they do not.
External auditors are required to follow generally accepted auditing standards ( or international auditing standards), internal auditors do not. The internal audits may follow GAAS, they may follow IIA standards, or they may not follow any special standard.
The external auditors are organizationally independent - they work for a completely different company than the company being audited. The also get paid more - the internal auditors receive their regular salary, regardless of their findings. The external auditors get paid based on their contract which includes expenses, overhead and profit.
The external auditors issue an opinion on the fairness of the financial statements taken as a whole. The internal auditors may issue an opinion on a much smaller unit they may be auditing, but often they do not.
External auditors are required to follow generally accepted auditing standards ( or international auditing standards), internal auditors do not. The internal audits may follow GAAS, they may follow IIA standards, or they may not follow any special standard.
An internal audit may cover a time perior of a week, month or quarter. An external audit generally covers a year.
No comments:
Post a Comment