Call Now

Get The App


Classification on the Basis of Audit Function

  • Managerial Controls

Top Management and Information Systems Management Controls:

Functions are:

  • Planning – determining the function of the information systems;
  • Organizing – gathering, allocating, and coordinating the resources needed to accomplish the goals;
  • Leading – motivating, guiding, and communicating with personnel; and
  • Controlling – comparing actual performance with planned performance.

There are two types of plans :Strategic plan and an Operational plan.

  • Systems Development Management Controls: System  development  controls  are  to  ensure proper controls in each phase of analyzing, designing, building, implementing, and maintaining information system. These are given as follows:
  • System Authorization Activities: All new system development must be properly authorized and feasible.
  • User Specification Activities: Users must be actively involved in the systems development process. All User needs must be satisfied by the system.
  • Technical Design Activities: The technical design activities in the SDLC translate the user specifications into a set of detailed technical specifications of a system  that meets the user's needs.
  • Internal Auditor’s Participation: The internal auditor  should play  an important role  in the control of systems development activities .
  • Program Testing: All program modules must be thoroughly tested before they are implemented.
  • User Test and Acceptance Procedures: Just before implementation, system must be tested by system users also.
  • Programming Controls: The primary objectives is to produce or acquire and to implement high-quality programs.

Phases of Program Development Life Cycle


  • Design
  • Coding
  • Testing: Unit, Integration, Whole-of-Program Testing
  • Operation and Maintenance: Corrective, Adaptive and Perfective.
  • Data Resource Management Controls: Many organizations now recognize that data is a critical resource that must be managed properly.

The control activities involved in maintaining the integrity of the database is as under:

  • Backup  Controls: Backup controls ensure the availability  of system  in the event  of data loss.
  • Access Controls: Access controls are designed to prevent unauthorized access of data. Controls are established in the following manner:

— User Access Controls through passwords, tokens and biometric Controls; and

—Data Encryption: Keeping the data in database in encrypted form.

  • Update Controls: These controls restrict update of the database by addition, deletion or change to authorized users only.
  • Quality Controls: These controls ensure the accuracy, completeness, and consistency of data maintained in the database.


•Quality Assurance Management Controls:

Quality Assurance management is concerned with ensuring that Development, implementation, operation and maintenance of Information systems comply with a set of quality standards.

The reasons for the emergence of Quality assurance in many organizations are as follows:

  • Organizations are increasingly producing safety-critical systems
  • users are becoming more demanding in terms of the quality of the software
  • Organizations are undertaking more ambitious projects when they build software.
  • Organizations are becoming more concerned about their liabilities if they  produce and sell defective software.
  • Security Management Controls: For ensuring that information systems assets are  secure. Some of the major threats to the security of information systems are:
    • Fire
    • Water
    • Energy Variations (Voltage Fluctuation)
    • Structural Damage
    • Pollution
    • Unauthorized Intrusion
    • Viruses and Worms
  • Misuse of software, data and services
  • Hackers
  • Operations Management Controls: Operations management is responsible for the daily running of hardware and software facilities. Control on following activities:
    • Computer Operations
    • Network Operations
    • Data Preparation and Entry

Explore All Chapters