{"id":1228,"date":"2019-04-24T09:00:21","date_gmt":"2019-04-24T06:00:21","guid":{"rendered":"https:\/\/teolupus.com\/?p=1228"},"modified":"2023-10-26T10:37:02","modified_gmt":"2023-10-26T07:37:02","slug":"control-activities-principle-11","status":"publish","type":"post","link":"https:\/\/teolupus.com\/en\/control-activities-principle-11\/","title":{"rendered":"Control Activities: Selecting &#038; Developing Tech Controls"},"content":{"rendered":"\r\n<p><span style=\"font-weight: 400;\">Principle 11: Selecting and Developing General Controls over Technology &#8211; The organization selects and develops general control actions to support achieving objectives.<\/span><\/p>\r\n<h2><b>Focus Points:<\/b><\/h2>\r\n<p><span style=\"font-weight: 400;\">The following focal points highlight essential features of this principle.<\/span><\/p>\r\n<ul>\r\n<li style=\"font-weight: 400;\" aria-level=\"1\">\r\n<h2><span style=\"font-weight: 400;\">Determines the Dependency Between the Use of Technology in Business Processes and Technology General Controls:<\/span><\/h2>\r\n<\/li>\r\n<\/ul>\r\n<p><span style=\"font-weight: 400;\">Management: Understands and identifies dependencies and connections between business processes, automated controls, and general technology controls.<\/span><\/p>\r\n<p><span style=\"font-weight: 400;\">The reliability of technology in business processes, including automated controls, depends on the selection, development, and implementation of technology control actions, from now on referred to as technology general controls (*).<\/span><\/p>\r\n<p><span style=\"font-weight: 400;\">(*) :\u00a0<\/span><i><span style=\"font-weight: 400;\">Terminology often used to describe these controls includes the terms \u201cgeneral computer controls,\u201d \u201cgeneral controls,\u201d or \u201ccomputer controls.\u201d \u201cTechnology general controls\u201d is used here to refer to general control actions related to technology.<\/span><\/i><\/p>\r\n<p><span style=\"font-weight: 400;\">Technology general controls over the acquisition and development of technology are used to help ensure that automated controls operate as they should when they are first developed and implemented. Additionally, technology general controls help ensure that information systems continue working appropriately after implementation.<\/span><\/p>\r\n<p><span style=\"font-weight: 400;\">For example, an organization wants to use an automatic match and edit check that examines data entered online. If something does not match the data in the system or is formatted incorrectly, immediate feedback is provided so that necessary corrections can be made. Error messages show what is wrong with the data, while exception reports enable subsequent follow-up.<\/span><\/p>\r\n<ul>\r\n<li style=\"font-weight: 400;\" aria-level=\"1\">\r\n<h2><span style=\"font-weight: 400;\">Relevant Technology Infrastructure Creates Control Actions:<\/span><\/h2>\r\n<\/li>\r\n<\/ul>\r\n<p><span style=\"font-weight: 400;\">Management selects and develops control actions over the technology infrastructure designed and implemented to ensure technology operations&#8217; completeness, accuracy, and availability.<\/span><\/p>\r\n<p><span style=\"font-weight: 400;\">Technology requires an infrastructure to work, ranging from communication lines that connect technologies to each other and to the rest of the organization to computing resources to run applications and to electricity to provide the technology with the necessary energy. The technology infrastructure in question can be complex. This infrastructure can be shared with different business units within the organization. (e.g., a shared service center) or through outsourcing to third-party service organizations or location-independent technology services (e.g., cloud computing). These complexities create risks that must be understood and examined. Considering that the changes that are likely to be seen in the use of technology and that are likely to continue in the future are wide-ranging, the organization needs to monitor these changes, evaluate them, and respond to new risks.<\/span><\/p>\r\n<ul>\r\n<li style=\"font-weight: 400;\" aria-level=\"1\">\r\n<h2><span style=\"font-weight: 400;\">Relevant Security Management Process Establishes Control Actions:<\/span><\/h2>\r\n<\/li>\r\n<\/ul>\r\n<p><span style=\"font-weight: 400;\">Management selects and develops control actions designed and implemented to limit technology access rights to authorized users commensurate with their job responsibilities and to protect the organization&#8217;s assets against external threats.<\/span><\/p>\r\n<p><span style=\"font-weight: 400;\">Security management involves sub-processes and control actions over who and what has access to an organization&#8217;s technology, including who has the authority to conduct business. These typically include access rights to data, operating systems (system software), networks, applications, and physical layers. Security controls over access protect an organization from inappropriate access and unauthorized use of the system and promote separation of duties.\u00a0<\/span><\/p>\r\n<p><span style=\"font-weight: 400;\">By preventing unauthorized use and modification of the system, data and program integrity can be ensured against malicious intent (e.g., infiltration\/forcible access to technology to carry out fraudulent acts, subversive acts, or acts of terrorism) or simple error (e.g., due to well-intentioned personnel not receiving proper training on the job). , is protected against another employee who is on vacation using their account to do a job and making a mistake or deleting a file.<\/span><\/p>\r\n<ul>\r\n<li style=\"font-weight: 400;\" aria-level=\"1\">\r\n<h2><span style=\"font-weight: 400;\">Establishes Control Actions Over the Processes of Purchasing, Developing, and Maintaining Related Technology:<\/span><\/h2>\r\n<\/li>\r\n<\/ul>\r\n<p><span style=\"font-weight: 400;\">Management selects and develops control actions over acquiring, developing, and maintaining technology and technology infrastructure to achieve its objectives.<\/span><\/p>\r\n<p><span style=\"font-weight: 400;\">Technology general controls support the acquisition, development, and maintenance of technology. For example, a technology development methodology provides a system design and implementation structure that outlines specific phases, documentation requirements, approvals, checkpoints, and controls over the technology&#8217;s acquisition, development, and maintenance.\u00a0<\/span><\/p>\r\n<p><span style=\"font-weight: 400;\">This methodology provides appropriate controls over changes to the technology, including authorizing change requests, verifying that the organization has the legal right to use the technology as it currently uses it, may require review of changes, approvals, and test results, and implementation of protocols to determine whether changes have been made appropriately.<\/span><\/p>\r\n<p><span style=\"font-weight: 400;\">Technology general controls within the scope of the development methodology will vary depending on the risks posed by the technology project\/initiative. A large or complex development project will involve more significant risks than a small, straightforward development project. The scope and frequency of controls on the project should be determined accordingly.<\/span><\/p>\r\n<h2><b>Resources<\/b><\/h2>\r\n<ul>\r\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Dr. Davut Pehlivanl\u0131, Current Internal Audit Practices, Beta 2010<\/span><\/li>\r\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Prof. Dr. Nejat Bozkurt, Accounting Audit, Alfa 1998<\/span><\/li>\r\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Prof.Dr.Nejat Bozkurt, T\u00dcRMOB Independent Audit Training Lecture Notes, 2012<\/span><\/li>\r\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Dr.\u00d6zg\u00fcr \u00c7at\u0131kka\u015f, KGK, Marmara University. Corporate Governance Lecture Notes, 2013<\/span><\/li>\r\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">\u0130SMMMO-Practical Information for Internal Audit in SMEs, 2013<\/span><\/li>\r\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Turkish Internal Audit Institute, www.tide.org.tr<\/span><\/li>\r\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Alp Buluch, Article, Internal Control, Hurses, 19 March 2013<\/span><\/li>\r\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Turkish Commercial Code No. 6102<\/span><\/li>\r\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">International Internal Auditing Standards, www.theiia.org<\/span><\/li>\r\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Treadway Commission Supporting Institutions Committee, Internal Control-Integrated Framework, 2013<\/span><\/li>\r\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Public Financial Management and Control Law<\/span><\/li>\r\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Public Internal Control Standards<\/span><\/li>\r\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Public Internal Control Guide<\/span><\/li>\r\n<\/ul>\r\n","protected":false},"excerpt":{"rendered":"<p>Principle 11: Selecting and Developing General Controls over Technology &#8211; The organization selects and develops general control actions to support achieving objectives. Focus Points: The following focal points highlight essential&#8230;<\/p>\n","protected":false},"author":2,"featured_media":1444,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[845],"tags":[],"class_list":{"0":"post-1228","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-insights"},"_links":{"self":[{"href":"https:\/\/teolupus.com\/en\/wp-json\/wp\/v2\/posts\/1228","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teolupus.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teolupus.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teolupus.com\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/teolupus.com\/en\/wp-json\/wp\/v2\/comments?post=1228"}],"version-history":[{"count":0,"href":"https:\/\/teolupus.com\/en\/wp-json\/wp\/v2\/posts\/1228\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teolupus.com\/en\/wp-json\/wp\/v2\/media\/1444"}],"wp:attachment":[{"href":"https:\/\/teolupus.com\/en\/wp-json\/wp\/v2\/media?parent=1228"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teolupus.com\/en\/wp-json\/wp\/v2\/categories?post=1228"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teolupus.com\/en\/wp-json\/wp\/v2\/tags?post=1228"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}