Classification on the Basis of Audit Function

• Managerial Controls

Top Management and Information Systems Management Controls:

Functions are:

• Planning – determining the function of the information systems;
• Organizing – gathering, allocating, and coordinating the resources needed to accomplish the goals;
• Leading – motivating, guiding, and communicating with personnel; and
• Controlling – comparing actual performance with planned performance.

There are two types of plans :Strategic plan and an Operational plan.

• Systems Development Management Controls: System  development  controls  are  to  ensure proper controls in each phase of analyzing, designing, building, implementing, and maintaining information system. These are given as follows:
• System Authorization Activities: All new system development must be properly authorized and feasible.
• User Specification Activities: Users must be actively involved in the systems development process. All User needs must be satisfied by the system.
• Technical Design Activities: The technical design activities in the SDLC translate the user specifications into a set of detailed technical specifications of a system  that meets the user's needs.
• Internal Auditor’s Participation: The internal auditor  should play  an important role  in the control of systems development activities .
• Program Testing: All program modules must be thoroughly tested before they are implemented.
• User Test and Acceptance Procedures: Just before implementation, system must be tested by system users also.
• Programming Controls: The primary objectives is to produce or acquire and to implement high-quality programs.

Phases of Program Development Life Cycle

–Planning

• Design
• Coding
• Testing: Unit, Integration, Whole-of-Program Testing
• Operation and Maintenance: Corrective, Adaptive and Perfective.
• Data Resource Management Controls: Many organizations now recognize that data is a critical resource that must be managed properly.

The control activities involved in maintaining the integrity of the database is as under:

• Backup  Controls: Backup controls ensure the availability  of system  in the event  of data loss.
• Access Controls: Access controls are designed to prevent unauthorized access of data. Controls are established in the following manner:

— User Access Controls through passwords, tokens and biometric Controls; and

—Data Encryption: Keeping the data in database in encrypted form.

• Update Controls: These controls restrict update of the database by addition, deletion or change to authorized users only.
• Quality Controls: These controls ensure the accuracy, completeness, and consistency of data maintained in the database.

•Quality Assurance Management Controls:

Quality Assurance management is concerned with ensuring that Development, implementation, operation and maintenance of Information systems comply with a set of quality standards.

The reasons for the emergence of Quality assurance in many organizations are as follows:

• Organizations are increasingly producing safety-critical systems
• users are becoming more demanding in terms of the quality of the software
• Organizations are undertaking more ambitious projects when they build software.
• Organizations are becoming more concerned about their liabilities if they  produce and sell defective software.
• Security Management Controls: For ensuring that information systems assets are  secure. Some of the major threats to the security of information systems are:
  • Fire
  • Water
  • Energy Variations (Voltage Fluctuation)
  • Structural Damage
  • Pollution
  • Unauthorized Intrusion
  • Viruses and Worms