Designing A Methodology for Evaluating Quality of the Applying Controls of Bank Information Technology (Applied Study in a Private Iraqi Bank)
This paper focuses on studying and analyzing information technology risks (ITRs) in an environment that depends on it to perform operation activities. The paper is based on a hypothesis which claims that " The efficient analysis of the quality of the economic unit information technology depends on the examination and evaluation of the unit's controls." The researcher accomplished the applied aspect of the study in a private Iraqi bank, throughout analyzing and assessing (ITRs). This is done by using an investigation form to collected field information about the bank, as a research sample, activities, procedures, and instructions used in the treatment of transactions. Interviews with officials involved in the subject of study also were done. The paper reached a number of conclusions; the most important of which are: A set of risks relate to using information technology (IT) exists. The most significant of these risks are protection weakness of hardware and software, weakening the ability to trace audit trail, increasing the risk of formal errors as opposed to a decreasing the risk of random errors, the risk of unauthorized access to data in master files and other records stored in electronic form and increasing risks of theft of assets in the absence of suitable segregation of duties within the IT environment. IT system controls are effective when they maintain the integration of the information with the security of data being processed. This requires obtaining suitable information, the availability of a variant set of controls carried out for the purpose of checking the accuracy, completeness, and delegation of authorities related to transactions.