(K) Interrelationships Between Controls
Controls are interrelated. Lack of controls in one area may affect other interrelated areas. Similarly, what is an accepted control in one area may not be applicable to another area. This is because life cycles of a system or data are different. For example, a life cycle of an application system can take the phases shown in Exhibit 1.6.
EXHIBIT 1.6 Life Cycle of an Application System
System development requires different controls from operation and maintenance. For example, the system development process requires more project management controls, system operation requires more operational controls, and system maintenance requires strict program change and configuration controls. However, documentation is common to all these phases, and it acts as a preventive, detective, and corrective control as well. Weak controls during system development impact both operations and maintenance activities.
For example, the life cycle of a data item (or element) can take the phases shown in Exhibit 1.7.
EXHIBIT 1.7 Life Cycle of a Data Item
Different controls are required in each of the phases shown in the exhibit. For example, processing of data requires more data editing and validation controls, and data disposition requires more physical security controls, ...
Get Wiley CIAexcel Exam Review 2014: Part 2, Internal Audit Practice now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
