| Chapter 36 – |
Auditing Computer Security |
Diane E. (Dione) Levine
Chapter Contents:
| |
36.1 |
|
Introduction
|
| |
36.1.1 |
|
Roles of External and Internal Auditors
|
| |
36.1.2 |
|
Role of the Electronic Data Processing Auditor
|
| |
36.1.3 |
|
Scope of Computer Security
|
| |
36.2 |
|
Electronic Data Processing System Controls
|
| |
36.2.1 |
|
Overall Electronic Data Processing Controls
|
| |
36.2.1.1 |
|
|
| |
36.2.1.2 |
|
System Development Controls
|
| |
36.2.1.3 |
|
Computer Operation Controls
|
| |
36.2.1.4 |
|
Program Revision Controls
|
| |
36.2.1.5 |
|
Quality Assurance Controls
|
| |
36.2.1.6 |
|
Telecommunications Security Controls
|
| |
36.2.1.7 |
|
Data Library Controls
|
| |
36.2.2 |
|
Individual Application Controls
|
| |
36.2.2.1 |
|
Input Controls
|
| |
36.2.2.2 |
|
Processing Controls
|
| |
36.2.2.3 |
|
Output Controls
|
| |
36.2.2.4 |
|
Additional Controls
|
| |
36.3 |
|
Responsibility for Control of Electronic Data Processing
|
| |
36.3.1 |
|
Senior Management
|
| |
36.3.2 |
|
Data Processing Management and Staff
|
| |
36.3.2.1 |
|
Data Originators
|
| |
36.3.2.2 |
|
System Developers
|
| |
36.3.2.3 |
|
Computer Operators
|
| |
36.3.2.4 |
|
Data Users Management and Staff
|
| |
36.3.3 |
|
Auditors
|
| |
36.3.3.1 |
|
Internal Auditors and Electronic Data Processing Auditors
|
| |
36.3.3.2 |
|
External Auditors
|
| |
36.4 |
|
Auditing Computer Applications
|
| |
36.4.1 |
|
Audit Tools
|
| |
36.4.2 |
|
Work Papers
|
| |
36.4.3 |
|
Data Audit Programs
|
| |
36.4.4 |
|
Source Code and Other File Comparison Programs
|
| |
36.4.5 |
|
Computer-Assisted Audit Techniques
|
| |
36.4.6 |
|
Special Microcomputer Techniques
|
| |
36.4.7 |
|
Backup and Recovery
|
| |
36.5 |
|
Summary
|
| |
36.8 |
|
For Further Reading
|
|
|
|
