Publier un mémoire
Consulter les autres mémoires
|
|
Publier un mémoire Consulter les autres mémoires |
|
|
Communication and information technologies are defined as being «the whole of data-processing technologies and telecommunication which allow the treatment and the exchange of information and the communication built around the computer and telephone »1(*).
Many information systems based on new communication and information technologies (NTIC) arrive in response to several problems encountered by the companies. These last evolve/move with the constraints imposed by modern management and those of information technologies following constant efforts of development of their information system.
These technologies touch more and more the companies throughout the world. Indeed, these last become increasingly computerized and much of them converge towards the solutions integrated by adopting the approach software package.
In addition, each day, several companies turn to the new technology of the Internet with the intention to increase their customers and to prospect unexplored markets.
This technology becomes one of the major concerns of the Tunisian companies and this, taking into account the phenomena of globalisation and liberalization as well as emergence of the new economy.
This spectacular evolution of data processing on all the levels and its penetration in all the fields of the company allows an update and a division of the data in real time, an integration of the financial and operational information systems and especially of the interactive economic exchanges of the company with its customers like with its suppliers (E-trade, E-business, etc)
This metamorphosis causes a considerable amplification of the dependence of the companies towards their information processing systems and affects their countable systems and of internal audit.
The introduction of the information processing systems and new communication and information technologies into the treatments of the company generates a total dematerialization (zero paper) of the transactions. This dematerialization causes an absence of tangible evidence (Absence of documents of entry, absence of visible frames of reference, absence of visible documents of exit).
The development of the information processing systems affects the level of safety of the systems while making them more vulnerable and causes new risks for the company. These risks touch as well the data-processing function as the automated treatments.
· The multitude of the incipient risks (physical, data-processing, legal and tax) obliges the companies has to become more conscious of the gravity of the situation. These last must adopt effective strategies as regards information system security.
· To face these risks, the companies must be based on standards and specific models of safety.
· In addition to the application of the standards, the companies feel more and more the importance and the contribution of the missions of data-processing audit.
In its work «Practice of the data-processing audit », Jose Plans defines the data-processing audit as being : « A methodological examination of the results or data-processing structures by an independent and qualified person with an aim of expressing an opinion on their conformity to the generally allowed standards ».
Thus, the data-processing audit is a detailed review of the information system of company (Hardware, software, process, controls, etc) by a person specialist, on behalf of the direction or in support with the team of financial audit.
This review includes/understands :
· The diagnosis ;
· Identification of key controls ;
· The test of key controls ;
· The evaluation of controls ;
· Recommendations.
The data-processing mission of audit can take two forms :
· Special mission of data-processing audit ;
· Data-processing mission of audit in support with the financial audit.
* 1 Abderraouf YAICH, « The countable profession and new communication and information technologies », The Countable review and Financial RCF, N° 53, Third quarter 2001, Page 17.