Internal Control in The Computer Information System Chap 27 Aud 5 FINAL
Internal Control in The Computer Information System Chap 27 Aud 5 FINAL
Internal Control in The Computer Information System Chap 27 Aud 5 FINAL
CONTROL IN THE
COMPUTER
INFORMATION
SYSTEM
Auditor’s
Responsibilities
1. result in transaction trails that exist for a
short period of time or only on computer
readable form
2. include program errors that cause
uniform mishandling of transactions –
clerical errors become less frequent
Auditor’s
Responsibilities
3. include computer controls that need to be
relied upon instead of segregation of
functions.
4. involve increased difficulty in detecting
unauthorized access
5. allow increased management supervisory
potential resulting from more timely
reports
Auditor’s
Responsibilities
6. include less documentation of initiation
and execution of transactions
7. include computer controls that affect the
effectiveness of related manual control
procedures that use computer output
Internal Control over EDP Activities
04 access controls
systems
02 development and
documentation
data and
controls 05 procedural
controls
01 A. Organization And Operation Controls
(1) Controls
(a) Segregate functions between the EDP department and user
departments
(b) Do not allow the EDP department to initiate or authorize
transactions
( c) Segregate functions within the EDP department
KEY FUNCTIONS:
a. Systems Analyst f. Quality Assurance
b. Applications Programmer g. Control Group
c. Systems Programmer h. Data Security
d. Operator i. Database Administrator
e. Data Librarian j. Network Technician
01 A. Organization And Operation Controls
g. Control Group –acts as liaison between users and the processing center
h. Data Security - responsible for maintaining the integrity of the on-line access
control security software.
j. Network Technician - Using line monitoring equipment, they can see each key
stroke made by any user.
02 B. Systems
controls
development and documentation
(1) CONTROLS
(1) CONTROLS
(1) CONTROLS
Design Methodology
a. Parity Check
b. Echo Check
c. Diagnostic Routines
d. Boundary Protection
e. Periodic Maintenance
D. Access Controls
(1) Controls
- access to program documentation…
- access to data files and programs…
- access to computer hardware…
D. Access Controls
(2) Access to the EDP environment is affected both
PHYSICALLY and ELECTRONICALLY.
f.) Internal and external labels – the use of labels allows the
computer operator to determine whether the correct file has been
selected for processing.
Application Controls
Application controls are controls that relate to a specific application instead of multiple
applications.
Each accounting application that is processed in an EDP system is controlled during three steps:
Output Presentation of the results of processing to the user and retention of data.
A. Input controls
(2) To ensure the integrity of the human readable data into a computer readable format.
(c) Control, batch or • total of one numerical field for all the records of a batch that normally
proof total would be added.
• a total of one field for all the records of a batch where the total is a
(d) Hash totals
meaningless total for financial purposes.
A. Input controls
(2) To ensure the integrity of the human readable data into a computer readable format.
• a control total used for accountability to ensure all the records received are
(e) Record count
processed.
(f) Reasonableness • determine if amounts are too high, too low, or unreasonable
and limit tests • reasonableness check is similar to a validity check.
(g) Menu driven • input is being entered into a CRT, the operator should be greeted by a menu
input and prompted as to the proper response to make.
(i) Validity check • which allows only “valid” transactions or data to be entered into the system.
(l) Logic check • illogical combinations of inputs are not accepted into the computer.
B. Processing controls
(1) Controls
Control totals should be produced and reconciled with input control totals – proof of batch
(a)
totals
Controls should prevent processing the wrong file and detect errors in file manipulation –
(b)
label checks
Limit and reasonableness checks should be incorporated into programs to prevent illogical
(c)
results such as reducing inventory to a negative value.
Run-to-run totals should be verified at appropriate points in the processing cycle. This ensures
(d)
that records are not added or lost during the processing runs.
B. Processing Controls
(2) Processing controls are essential to ensure the integrity of the data through all the processing
steps.
(b) Error resolution • Individual transactions may be rejected during the processing as a result of
procedure the error detection controls in place.
C. Output controls
(1) Controls – visual review of the output should be done by the user or an independent control
group.
(a) Output control totals should be reconciled with input and processing control totals.
(b) Output should be scanned and tested by comparison to original source documents.
• the user of the application will frequently give the operator the expected
(a) Control total
result of processing ahead of time.
(c) Error message • the system provides technical codes indicating the perceived success of the
resolution job run.