Here is a summary / resume of Information System Audit course: Application Control in Computer Operation. • Structuring the Information Technology function. Setting information technology functions have implications on the nature of internal controls has implications for the audit. ~ Centralized Data Processing: all data processing performed by one or more large computers that are placed in a centralized location that serves a variety of users across the enterprise. The function of computer services is usually treated as a cost center.
~ Separating work that does not correspond to each other: Focus control, with the separation work shifted from the operational level to the organizational relationships; separate development of computer operating systems, database administration separate from other functions, separating the functions of system maintenance system development, and separates the library from operational data. ~ Model Distributed: distributed data processing includes end-user computing, commercial software, and office automation functions involving the reorganization of computer services into a number of small IT units under the control of end users.
~ Controlling the environment DDP (Distributed data processing): the need for careful analysis emphasizes the need for caution for decision makers to assess various goodness DDP significantly to the company; implement the company's IT function is expected to be useful to address the problem of control of the company. • Computer Center. ~ Some of the features of control: physical location, construction, access, air conditioning, fire, electricity supply. ~
of disaster recovery planning: a comprehensive statement of all actions to be performed before, during, and after a disaster. Three types of events that can disrupt the computer center and its information systems, namely: natural disasters, human disasters, and system failures.
~ Tolerance failure: the system's ability to continue to operate as part of the system fails due to hardware failure, application errors, or operator error.
• Control System Operation and Control of Entire System. The operating system must achieve the five fundamental control objectives namely; protect itself from the user, protecting users from fellow users, protect users from themselves, protecting from himself, and must be shielded from the surrounding environment.
~ Security Operating System: involves policies, procedures and controls that determine who can access the operating system, where resources (files, programs, printers) that can be accessed, and what action can be done, in the form; logon procedure, acces token, access control lists, and access control independent. ~ Threats to Integrity Operating System: personnel with certain rights abusing its authority, the people who surf the operating system to identify and exploit security weaknesses, and those who slipped a computer virus or programming are busting into the operating system.
~ Controlling Access rights: granting access rights must be given carefully and be watchful eye to it to fit with company policies and internal control principles.
~ Control Password: The password is a secret code entered by the user to gain access to systems, data files, or network server. Behavior that is contrary to the security of passwords, forgot password, do not often change passwords, post-it syndrome, and a password that is too simple to be easily guessed by computer criminals.
~ Control object and the risk of damaging e-mails: one of the significant risk to the enterprise system is an infection from a virus that is usually destructive program that attaches itself to a legitimate program to enter the operating system, or worms are software programs that hide yourself in the computer memory and can replicate itself into various areas of unused memory. In addition there is also logic bomb (will run at a given time maker), back door (trap door for rogue programmers to commit fraud or slipping the virus into the system), trojan horses (which captures User ID and password by displaying the logon procedure is designed to resemble the original logon procedure / normal), spoofing, spamming, chain letters, legends, hoaxes / hoax virus warning, and flaming.
~ Controlling the electronic audit trail: The audit trail (audit trail) is a list that can be designed to record the various activities within the system level, applications, and users. If implemented correctly, provide an audit trail detection controls are important to help realize the objectives of security policy. The audit trail usually consists of two types of audit data is a detailed list of each type and list-oriented events. The purpose of the audit trail is to detect unauthorized access to the system, facilitating reconstruction of events, and increase personal accountability. • Personal Computer Systems. PC system is relatively simple, controlled by an end user, the interactive data processing, running a variety of commercial applications software, downloading data from the mainframe and client-server, and users can develop their own software and maintain the data.
~ PC Operating System: consists of two types of orders; System-resident commands (commands that are in the system) active in the main memory at all times to coordinate the request input / output and run the program, and Disk-Resident Command (the command is the disk / media storage) that will run when there is a request to run the program This special purpose utility. 
~ Risk and Control System for PC: the form; risk of physical harm, the risk of data loss, the end user risk, the risk of the backup procedures are not adequate, the risks associated with viral infection, and risk of development of systems and inadequate maintenance procedures and controls access is weak, inadequate separation of work and control password multitingkat (multi-level password control).
~ Risk and Control System for PC: the form; risk of physical harm, the risk of data loss, the end user risk, the risk of the backup procedures are not adequate, the risks associated with viral infection, and risk of development of systems and inadequate maintenance procedures and controls access is weak, inadequate separation of work and control password multitingkat (multi-level password control). 