Audit of Computer Systems
An assessment of an information system to provide recommendations and advice to improve system performance and security. It is done by an IS auditor. Objectives of the audit are:
- To improve the quality of the information system.
- Prevent failure.
- Speed up the process.
- Improve cost performance.
- Increase efficiency.
- Reduce risk and enhance system security.
- Standardization.
Responsibility and Authority of the System Auditor:
- Should firmly maintain professional ethics.
- Should be aware of the ethical demands on themselves.
- Should meet internal and external trust by performing an accurate and sincere system audit.
- Must maintain confidentiality of the information provided to them.
- May demand data and material from the division being audited.
- May also demand a report on the implementation of improvements to an audit division as suggested by them.
Factors Audited by IS Auditor:
- Audit of response time: Actual response time compared with the desired response time.
- Audit of broken links: Findings of broken or unavailable links on the website.
- Database Audit: Checking the database integrity and availability.
- Network Audit: Checking the vulnerability and configuration of the network.
- Transaction Audit: Process to find who made changes, what changes were made, and whether the changes were authorized.
- Audit of Computer Security: Reviewing physical and logical security measures.
- Audit of Application: Assessment of manual and programmed internal controls of the information system.
Some Important Terms
- Visual Audit Pro – A software that audits activities like logging on/off, and collects information about software and hardware.
- E-Z Audit -A software that gives information on RAM capacity, network card name, network connect speed, MAC address and TCP/IP information.
- IDEA(Interactive Data Extraction and Analysis) – Used to import information from the database to be audited for further analysis by the auditor.
- Audit Trail – A log of changes made in data, settings and related changes.
Risk Assessment – Evaluating threats and vulnerabilities of IS. two methods are there for analysing the risks:
- Quantitative Risk Analysis – Gives an idea about the amount of risks involved with an event.
- Qualitative Risk Analysis – Gives the degree of risk associated with the institution’s system, networks and information assets.
Disaster Recovery Plan
- Disaster – Earthquakes, floods, fires and terrorist attacks can severely damage an organisation’s computing infrastructure.
- Disaster Recovery Plan – A document containing procedures for emergency response, extended backup operations and recovery.
Techniques applied for contingency situations are:
- In-house backup – The process of storing data backups within the organization
- Alternate Storage Area – Store one copy of all AIS files and databases at an alternative site.
- The Disaster Recovery Toolkit – A highly valuable collection of items and documents for ensuring business continuity in disaster.
|
Contigency Events |
Necessary Recovery Action |
|---|---|
|
Loss of Data |
Identify the appropriate recovery plan, The location of required recovery files. |
|
Loss of Software |
Identify the type of software and location where backup copies are maintained. |
|
Loss of Communication |
Identify alternate communication facility, Estimate recovery time. |
|
Loss of hardware |
Identify any alternate substitute for the equipment. Estimate replacement cost of hardware. |
|
Loss of Personnel |
Identify substitutes for each personnel, if alternates are not available then obtain them from an outside source. |
|
Loss of Facility |
Identify all necessary hardware, software, data, and personnel required for normal functioning at the alternative location |
Contingency Planning Steps:
- Develop the plan.
- Test the plan.
- Maintain the plan.
System Analysis and Design Interview Topics for Freshers
System Analysis is the “what” before the “how” in system design. It provides the essential roadmap for crafting a system that is both effective and efficient in solving the intended problem. “Imagine you’re building a dream house. You wouldn’t start hammering nails without a detailed blueprint, right?”The same goes for software development.”
System analysis is the blueprint, while system design translates it into the actual system.
Important Topics for System Analysis and Design Guide
- Information System(IS)
- Characteristics(Properties) of a System Analysis
- Classification of System Analysis
- Distributed Systems
- System Analysis and Design
- System Analyst
- System Development Life Cycle(SDLC)
- Documentation of Systems
- System Requirements Specification(SRS)
- Fact Finding Techniques or Information Gathering Techniques
- Modular and Structured Design
- Form Design
- Report Design
- Process Modeling or Data Flow Diagram (DFD)
- CASE Tools – Computer-Aided Software Engineering Tools
- Implementation of Systems
- Maintenance of Systems
- Audit of Computer Systems
- Viruses
- Concurrent Audit
- Different Kinds of Information Systems