Importance of Exception Report in IS Audit

CISA Quick Point 08-1407

Let us know first what is an Exception.

Any deviation from the set standard is an Exception.

Examples.

1. If we take an financial organization where only three cash transactions are allowed per day through ATM Machine.If a customer is able to get cash four or more times, It is an exception.

2. If an access control system disallow a legitimate user and allow a fake user,it is an exception

Following table will clear your concept of exception further.

Field	Range/Standard	Value	Exception/No exception
Roll No	1000-9999	5001	No Exception
		999	Exception
		10000	Exception
Usename	Should begin with a alphabet	passCISA	No Exception
	Should not contain a number	pass1CISA	Exception
	Can contain a special character	Pass_CISA	No Exception

What is an exception Report?

IN an IS Audit environment a machine generated report which point out all material variance from predefined criteria is an Exception report. The exception report is an application generated report.


Where/How Exception reports are used?

use as validation of data/information

What is achieved through Exception Report?

Control on data Processing.




CISA Type question 08-1407

Whcih of the following is the cause of LESS concern for an IS Auditor ?

1. Exception report is available only to few people in an organization
2. Exception reports are not being backed up.
3. Exception reports are not being checked regularly
4. All material deviations are not included in Exception reports.


Answer to CISA Type Question 08-1107

Name field is unique and null.So, each name in the column should be distinct and at most one null value is allowed. If we see iii & v both are null which is against UNIQUE criteria.

All others are adhering to this criteria. So, the correct answer is 2. iii & v

Add Post To: | Digg| Technorati| del.icio.us| Stumbleupon| Reddit| BlinkList| Furl| Spurl| Yahoo| Simpy|