It is the mechanism which with the control element which forms the portion of the internal control system, supervision it records & controls the business and the management system of enterprise with information technology, guarantees the health. Among the mechanism - - internal control systems internal control, it is the part which utilizes IT.
Business process and the management system of today and enterprise depend on the computer & the system largely. Whether or not these businesses and management are executed healthily and effectively it is made to watch & controls, after all the computer & the system are well utilized, whether or not simultaneously that computer & system itself is used healthily and effectively, it is necessary & to keep watching controlling. This is IT control.
IT control is classified "business processing control" and "general control" generally. As for business processing control, it is the control in order to guarantee the comprehensiveness, preciseness, justifiability and maintenance continuity of the data in the individual business processing system. With those in order to guarantee that it is certain for input, processing and output of the data in the business system to be just done, "double input check" "control total check" "limit check" and so on is included.
As for other general control, business processing control healthily and effectively is the control which guarantees the basis environment which functioning is done. The IT strategy, the control for plan, development, use, maintenance, and organization, the system and the basic system which support that is included, IT process of each level and it is the individual element, "user identification" "log supervision" "signal" "backup" and so on is included.
In presentation corporation accounting supervisory conference (PCAOB), "proram modification" "of" "computer use" 4 program development "of access to program and the data" are illustrated.
The COSO framework which is in fact worldwide standard as a frameworkofinternal control, in order internal control in prerequisite, is made the business process which is supported by IT. But, with the COSO framework which is published to 1992/1994 stipulating only IT control in independence, it was not.
In US, it was published to 2005 July with "standard of appraisal and audit of the internal control which relates to financial report (open draft)" (financial agency enterprise accounting conference internal control sectional meeting), it made the internal control element which becomes independent IT control as "the utilization of IT". In the background it is thought that the IT utilization in enterprise in these 10 years has developed substantially. In this standard draft, the utilization of IT "in order to achieve organizational goal, the fact that you service and use the internal control which it is related to the information system which corresponds to IT environment in the range which management of organization reaches, and" has been defined.
In addition ISO/IEC COBIT of 17799 (BS 7799 -1) and the American system control association,the economicindustrial ministry announced in 2004 Octoberas an invocation possible standard/a guideline in IT control, "system management standard" "EDP audit standard", IT control level of the American official recognition accounting association and the Canadian Imperial sanction accounting association, "the information processing security guideline" of information processing service association, "software portfolio management standard" of the software portfolio management consortium, "auditing standards commission report 20th number (interim report)" of the indian American Institute of Certified Public Accountants and the same "IT commission report 1st number (interim report) "And so on is listed. |
