Day 2 (18 Oct 2022)

Today, I followed the training schedule arranged by my supervisor by first learning the introduction to Information System components, I access the web link given by my supervisor and inside it is a web based course that prepared by BDO. The course is called introduction to Information System Components, the learning objectives are to explain the importance of information system in our audits, describe the key elements of an information system. Below are the key takeaways from the course.

• The main purpose of IS is to support operations, decision making and process data within business cycles in order to produce IPE (information produced by the entity) and financial reporting.

• Financial audit process must take into consideration the IT environment affecting business cycles and CARA (control activities relevant to the audit). Engagement team need to understand the entity IT environment in order to identify potential risks arising from the use of IT via identifying key IT applications and processes relevant to the audit.

• IT is a subset of IS and IS consists of people, processes, and IT (including data, software, hardware, networks)

• IS’s main purpose is to convert raw data into useful information for making decisions withing the organization.

• The foundation of an IS is made up of four main elements: data (facts, figures or information that is stored in or used by computer), IT infrastructure (comprises the network, operating systems, and databases and their related hardware and software), IT application (program or a set of programs that is used in the initiation, processing, recording, and reporting of transactions or information. IT applications include data warehouses and report writers) and database with information (Information is organized or classified in a standardized manner to provide meaningful values or data for the user. Information includes the processed data used to make informed decisions and actions)

• Information system collect and transforms data to information, the main process can be divided into input (Data and the related instructions on how to process the data represent the inputs of a computer information system), processing (The raw data is then processed by the system based on the instructions that were input. The system that performs the processing may include both hardware and software components) and output (Once the data has been processed by the system, the output produced is information. Data is transformed into useful information after it has been processed by the system and put into context)

• Controls can be applied to input, processing and output.

• Data input ensure only complete, accurate and approved data is entered, data processing controls ensure only valid data is processed and that such data is processed correctly according to the instructions, information output controls are used to ensure the integrity of output.

• Controls can be performed automatically by the system or manually, they are collectively known as general control and application control.

• Data processing is an important factor in assessing the completeness and accuracy of client data and directly influences the controls designed to ensure data integrity. There are two method of data processing: batch processing and real time processing.

• Understanding the IT environment is a component of the system of internal control which engagement teams must evaluate during risk assessment procedure in accordance with ISA 315. The objective is to identify potential risks arising from the use of IT through identifying key IT applications and processes relevant to the audit. This information will then assist in identifying IT general controls (ITGCs) that address those risks and creating specific audit responses to address those risks, as applicable.

• Network is a group of computers that use a set of common communication protocols over digital interconnections for the purpose of sharing resources.

• Network devices are electronic devices which are required for communication and interaction between devices on a computer network. Specifically, they mediate data transmission in a computer network. Units which are the last receiver or generate data are called host.

• TCP/IP, The Internet protocol suite is the conceptual model and set of communication protocols used on the internet and similar computers networks. It is commonly known as TCP/IP because the foundational protocols in the suite are the transmission control protocol (TCP) and the Internet protocol (IP).

• Network management software is software that is used to manage (i.e., provision, discover, monitor and maintain) computers and other devices on a network. Examples include Microsoft Active Directory, Apache Directory, Open LDAP, Samba, Red Hat Directory services, Open SSO, etc.

• Common encrypted security protocols are: IPsec - authenticates and encrypts the packets of data to provide secure encrypted communication between two computers over an Internet Protocol network (remote access to the entity resources) used in virtual private networks (VPNs). TLS / SSL - provides privacy and data integrity between two or more communicating computer applications. Used in applications such as web browsing, email, instant messaging, and voice over IP (VoIP).

• The following list explains some terms related to network infrastructure and security:-

• Data warehouse solution which is a system that pulls together data from different sources within an organization for reporting and analysisData mining: also known as knowledge discovery in data (KDD), is the process of uncovering patterns and other valuable information from large data setsBig data: refers to very large and complex data sets that typically include data from various sources to reveal patterns, trends, and associations as well as to identify irregularities and exemptions for audit or decision-making purposes.

• Data analytics: the process of collecting, organizing and analyzing data in order to provide information in support of decision-making processes.

• Business intelligence: data-driven decision-making and includes the generation, aggregation, analysis, and visualization data to inform and facilitate business management and strategizing.

• IT applications: a set of programs that are used in the initiation, processing, recording, and reporting of transactions or information. IT applications include data warehouses and report writers. Enterprise Resource Planning (ERP) is an example of an IT Application. It typically consists of a suite of integrated business applications or modules that assist organizations in managing their financial records, supply chain, manufacturing, operations, reporting, human resources and other business aspects on an integrated platform. Common examples are SAP, Oracle, Dynamics GP, SL or AX.

• IT process: entity’s processes and controls to manage access to the IT environment, program changes or changes to the IT environment and IT operations.

• IT personnel: entity’s employees, or third-party employees or consultants, which are responsible for the operation, maintenance, and controls of the IT Environment. Usually, they are part of an IT function.

• IT function and end user departments: distinct from end user departments (‘service customers’). The size and structure of the IT function depends on the entity’s size and other considerations.

Main things that have learned

A lot of things I can learn from the course today, it bring me the overall picture of what is information system and why it is important for the audit work and in the carouse, I also came through a lot of terms that I havent met before like RADA and BYOD.

Comment/idea/opinion

A lot of terms that I havent met before like RADA and BYOD, these kind of catchphase are the terms commonly used in BDO, I need to study the course again in order to have a better understanding. I believe the course today will be useful for the task I need to do after that.