23.1 Information System Controls

	Controls of information systems are both manual and automated and also consist of both general controls and application controls.
	General controls are about securing the organizations' information technology infrastructure which includes design, security, and use of computer programs and the security of data files.
	It is a combination of hardware, software, and manual procedures for control environment. All computerized applications are applied by general controls.
	Type of general controls is; soft and hardware controls, computer operations controls, data security and other functions.
	Table 23-1 describes the functions of each of these controls.

23.1 Information System Controls

Types of General Controls	Description
Software controls	Monitor the use of system software and prevent unauthorized access of software programs, system software, and computer programs.
Hardware controls	Ensure that computer hardware is physically secure, and check equipment malfunction.
Computer operation controls	Oversee the work of the computer department to ensure that programmed procedures are consistently and correctly applied to the storage and processing of data. They include controls over the setup of computer processing and backup and recovery procedures for processing that ends abnormally.
Data security controls	Ensure that valuable business data files on either disk or tape are not subject to unauthorized access, change, or destruction while they are in use or in storage.
Implementation controls	Audit the systems development process at various points to ensure that the process is properly controlled and managed.
Administrative controls	Formalize standards, rules, procedures, and control disciplines to ensure that the organization's general and application controls are properly executed and enforced.

23.1 Information System Controls

	Application controls include automated and manual procedures which process only authorized data that are completely and accurately.
	These applications can be classified as input, processing, output controls.
	The roles of input controls are to check that data accurate and complete when they enter the system.
	Each input authorization has its specific input controls, in addition to data editing, data conversion, and error handling.
	Processing controls establish that data during updating are complete and accurate.
	Output controls ensure that the computer processing results are accurate, complete, and properly distributed.