Describe, with examples, the TWO forms of IT/IS controls that exist to ensure complete, accurate processing of data and safeguarding of privacy and security.
There are two categories of controls, referred to as general controls and application controls.
General controls
These controls are designed by the organisation to make sure the completeness and effectiveness of the organisation's overall control environment in excess of its information systems. These controls concern the overall transaction processing environment and include:
- Personnel controls, containing the appropriate segregation of duties, policy on usage and hierarchy of access.
- Access controls, like as password systems, user identification, timed lock-outs, etc.
- Computer equipment controls to protect equipment from destruction, damage or theft.
Application or program controls
These controls are performed automatically by the systems and designed to make sure the complete and accurate processing of data, from input through to output and might also help make sure the privacy and security of data transmitted among applications.