Summary Computer controls (application and general)
56 views 2 purchases
Course
Auditing 378 / Ouditkunde 378
Institution
Stellenbosch University (SUN)
this document contains a summary of both general and application controls. You can learn this document to understand how computer controls work to help you answer questions logically and from an understanding point of view
OVERALL SUMMARY
GENERAL CONTROLS
1)organization controls & personnel practices 3) business continuity
2) system development / change controls 4) access controls
5) operating controls
Master file change
➔ MF change form
o Pre-numbered , number sequence
➔ Register of changes
➔ Back ups
➔ Summary of changes log
➔ Financial info recon
INPUT
(consists of the person and the computer) PROCESSING : inside “box” OUTPUT
1) Person
a. Training ➔ Right program ➢ Anything that comes OUT of
b. Capturing (document) ➔ Right file system
i. Same as screen? ➔ Control totals o Paper , file
ii. Clear? o Check before & after ➢ Distribution list:
iii. Information? ➔ Tests during: o Who, what & sign
2) Computer o Data ➢ List of what output must
a. Logical access ▪ Sequence check happen when …
i. BEFORE the screen: o Process ➢ Policy
1. Can I do the input ▪ Mathematical o Who , when
2. Right person? accuracy ➢ ERROR HANDLING
b. Screen controls ▪ Validation ➢ Reconcile register to list
i. Is it easy to navigate ➔ Logs + reviews ➢ Managed by data group control
ii. Does it look like original o ERROR HANDLING
document ? ➔ Exception reports
c. Logical controls
i. All the tests:
1. Alphanumeric
2. Sign test
3. Validation test
4. Etc
3) ERROR HANDLING!!!
a. If there is a mistake how do I
deal with it
b. If it is on the document ->
then go back and fix source
doc
4) Batch controls
,General controls
Definition :
➔ Policies and procedures that relate to many applicant
➔ And support the effective functioning of application controls
➔ The do this by helping to ensure the continued proper operation of information systems
➔ By ensure the control environment is stable and well managed
Preventative controls Detective and corrective controls
➢ Prevent either the user/ systems from making ➢ AFTER a transaction has been processed these
errors and committing fraud controls prevent and detect errors
➢ Examples: ➢ Report the misstatement and take corrective
- Passwords action
- Drop down menus ➢ Identify the misstatement, correct it, investigate
- Validation tests the cause and initiate steps to minimize the
effect
➢ Examples:
- Management review of the audit trails
- Transaction logs
- Pop up error messages
1) Organizational & staff practices
a) Responsibility levels
- ESTABLISH:
o Directors meeting
o Delegate decision making to Computer steering committee (CSC)
▪ They have overall control
▪ The committee must consist of information system (IS) manager and
representatives of all user departments (managers)
▪ The committee= communication channel between the users and the computer
information system department
▪ CSC responsible for :
o Long term planning of the computer information system
department
o Setting systems development & operational structure
o The approval of system development requests
o Delegate implementation and daily work to the IS manager ( who is also responsible for
reporting)
- Establish reporting levels:
o CIS department/ management must report directly to top management and CSC
o NO direct communication between users and programmers !
- Clear communication channels & documentation of responsibility :
o CIS management MUST draft written personnel practices AND user manuals
- DATA CONTROL GROUP, the responsibility should be allocated for :
o Receipt of work from user departments
o Control over distribution of data within the CIS department
o Control over distribution of output
, o Follow up of complaints
- LIBRARIAN FUNCTION:
o Must be appointed to manage the physical storage and protection of information
o Functions:
➢ Safe custody of data files
➢ Safe custody of documents
➢ Limit access to authorized persons only ( authorization matrix)
➢ Monitor & control program changes
➢ Record what is done with each program and file
➢ Version control
➢ Perform back ups and practice recovery
RISKS if organizational controls and personnel practices NOT in place:
1) Conducting unauthorized transactions
2) Collusion to commit and hide fraud
3) Errors not detected
4) Multiple functions are performed by a single applicant which was previously performed by separate
individuals (SOD)
5) Untrustworthy/ incompetent employees
b) Segregation of duties
- Separation between information system and user department :
o IS department may NOT authorize transactions
o IS department may not authorize MF (master files)
o IS dep may NOT correct user errors
o User departments checks and reviews the master files
o Financial manger must not be involved in the user department
- Separate IS department:
o Independent of users
o Report directly to top management
- Separation within computer environment
o Segregation between initiation, authorization, custody and the reporting functions
o The operating and development functions must be segregated
- Separation within CIS department
o Minimum segregation of duties required:
▪ Development / programming AND
▪ Operations
- In the initiation authorization, custody and reporting functions the ideal segregation:
o Systems development
▪ Systems analyst
▪ Programmers
o Operations
o Librarian
o Data control
▪ Data control clerk
▪ Data base administrator
o Minimum segregation:
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Talizamazoue. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $3.49. You're not tied to anything after your purchase.
