Federal Information System Controls Audit Manual

Among performance audits, the number and complexity of the planning issues can be even greater. The methodology for assessing the operating efficiency of an entity will be quite different from that for attempting to measure the effectiveness of a programme in achieving its stated objectives. These two kinds of audits involve collecting and analysing different kinds of data from different sources. Because of the potential difficulty of collecting the data needed for valid conclusions in some kind

Thể loại Tài liệu miễn phí Kế toán - Kiểm toán

Số trang 284

Ngày tạo 8/30/2018 2:23:14 AM +00:00

Loại tệp PDF

Kích thước 1.50 M

Tên tệp

Tải Federal Information System Controls Audit Manual (.pdf)

Xem mẫu

United States General Accounting Office This release of the FISCAM document has been reformatted from the January 1999 version. It includes only formatting changes, refers to several different GAO documents, and adds hypertext links to GAO referenced documents; NO other content has been modified or updated from the January 1999 release. This FISCAM was superseded by GAO-09-232G, February 2, 2009. The revised FISCAM is available only in electronic form at http://www.gao.gov/products/GAO-09-232G on GAO’s Web page. Should you need additional information, please contact us at FISCAM@gao.gov or call Robert Dacey at (202) 512-7439 or Greg Wilshusen at (202) 512-6244. GAO United States Government Accountability Office Accounting and Information Management Division Federal Information System Controls Audit Manual Volume I – Financial Statement Audits GAO/AIMD-12.19.6 Contents Preface 5 Chapter 1 Introduction and General Methodology Chapter 2 Planning the Audit Chapter 3 Evaluating and Testing General Controls 7 1.1 Purpose and Anticipated Users of the Manual 7 1.2 General Methodology 8 14 2.1 Gain an Understanding of the Entity’s Operations and Identify Significant Computer-related Operations 15 2.2 Assess Inherent Risk and Control Risk 16 2.3 Make a Preliminary Assessment on Whether Computer-related Controls are Likely to be Effective 20 2.4 Identify Controls To Be Tested 21 22 3.0 Overview 22 3.1 Entitywide Security Program Planning and Management (SP) 24 Critical Element SP-1: Periodically assess risks 27 Critical Element SP-2: Document an entitywide security program plan 29 Critical Element SP-3: Establish a security management structure and clearly assign security responsibilities 32 Critical Element SP-4: Implement effective security-related personnel policies 38 Critical Element SP-5: Monitor the security program’s effectiveness and make changes as needed 42 3.2 Access Control (AC) 46 Critical Element AC-1: Classify information resources according to their criticality and sensitivity 48 Critical Element AC-2: Maintain a current list of authorized users and their access authorized 50 Critical Element AC-3: Establish physical and logical controls to prevent or detect unauthorized access 54 Critical Element AC-4: Monitor access, investigate apparent security violations, and take appropriate remedial action 72 3.3 Application Software Development and Change Control (CC) 76 Critical Element CC-1: Processing features and program modifications are properly authorized 78 Page 1 GAO/AIMD-12.19.6 January 1999 ... - tailieumienphi.vn

nguon tai.lieu . vn

Ngân hàng - Tín dụng Kế toán - Kiểm toán Đầu tư Bất động sản Quỹ đầu tư Đầu tư Chứng khoán Tài chính doanh nghiệp Bảo hiểm Tiêu chuẩn - Qui chuẩn Giáo dục học Kinh tế học Quản trị kinh doanh