Get Started. It's Free
or sign up with your email address

1. Control concepts

1.1. preventive controls

1.1.1. deter problems before they arise

1.2. detective controls

1.2.1. discover problems that arent prevented

1.3. corrective controls

1.3.1. identify & contract problems, correct & recover from resulting errors

1.4. general controls

1.4.1. designed to make sure an organization's information system and control environment is stable and well managed

1.5. application controls

1.5.1. prevent, detect. and correct transaction error and fraud

2. 4 levers of controls

2.1. belief system

2.1.1. how a company create value, helps employees understand management's vision, communicates company core values, inspires employees to live by those values

2.2. boundary system

2.2.1. helps employees act ethically by setting boundaries on employee behavior

2.3. diagnostic system

2.3.1. measures, monitors, compares actual company progress to budgets and performance goals

2.4. interactive control system

2.4.1. helps managers to focus subordinates attention on key strategic issues and to be more involved in their decisions.

3. Control frameworks

3.1. COBIT

3.1.1. a security and consolidates control standards from many different sources into a single framework that allows; 1. management to benchmark security and control practices of IT environment 2. users to be assured that adequate IT security and controls exists 3. auditors to substantiate their internal control opinions and to advise on IT security and control matters

3.2. COSO

3.2.1. defines internal controls and provides guidance for evaluating and enhancing internal control systems control environment the engine that drives the organizations and the foundation on which everything rest risk assessment identify, analyze and manage its risks control activities ensure that the actions identified by management to address risks and achieve the organization's objectives are effectively carried out information and communication capture and exchange the information needed to conduct, manage, and control the organization's operations monitoring process must be monitored, and modifications made as necessary so the system can change as condition warrant

3.3. ERM

3.3.1. the process the BOD and management use to set strategy, identify events that may effect the entity, assess and manage risk , and provide reasonable assurance that the company achieves its objectives and goals. companies are formed to create value for their owners management must decide how much uncertainty it will accept as its creates value uncertainty results in risk - something negatively affects the company's ability to create or preserve value uncertainty results in opportunity - something positively affects the company's ability to create and preserve value ERM framework can manage uncertainty, create and preserve value