Personal computer systems

• These are economical yet powerful self-contained general purpose computer 

consisting typically of a CPU, memory, monitor, disk drives, printer cables,
and modems
• They can be used to process accounting transactions and produce report that
are essential in the preparation of financial statements

Personal computer configurations

• Stand-alone workstation

o This can be operated by a single user or a number of users at different

times accessing the same or different programs
o The programs and data are stored in the personal computers or un
close proximity
o Data are entered manually through a keyboard
o Programming may include the use of a third-party software package to
develop electronic spreadsheets or database applications

• Workstation which is a part of a local area network or personal computers

o A local area network is an arrangement where two or more personal

computers are linked together through the use of a special software
and communications lines.
o A local area network allows the sharing of resources such as storage
facilities and printers

• Workstation connected to a server 

Characteristics of personal computers

• It provides the user with substantial computing capabilities

• They are small enough to be transportable
• Relatively inexpensive
• Can be placed in operation quickly
• Can be operated easily
• Operating system software is less comprehensive than in larger environments
• Software cab be purchased from third-party vendors
• User
Users s can
can deve
develo
lop
p othe
otherr appl
applic
icat
atio
ions
ns with
with the
the use
use of gene
generi
ric
c softw
softwar
are
e
packages
• The operating system software, application programs and data can be stored
and retrieved from removable storage media
• Storage medias are susceptible to virus attacks

A virus is a computer program (a block of executable code) that attaches itself 

to a legitimate program or data file and uses it as a transport mechanism to
reproduce itself without the knowledge of the user 

PAPS 1001 Page 1 of 4

Internal control in personal computer environments

• CIS environment in which personal computers are used is less structured than
a centrally-controlled CIS environment
• Application programs can be developed relatively quickly by users possessing
basic data processing skills
• Controls over the system development process and operations may not be
view
viewed
ed by the
the deve
develolope
perr, user
user or mana
manage
geme
ment
nt may
may not
not be view
viewed
ed as
important or cost-effective in a personal computer environment
• Users may tend to place unwarranted reliance on the financial information
stored or generated by a personal computer 
• The degree of accuracy and dependability of financial information produced
will
will depe
dependnd upon
upon the
the inte
intern
rnal
al cont
contro
rols
ls pres
prescr
crib
ibed
ed by mana
manage
geme
ment
nt and
and
adopted by the user 

Management policy statement may include

• Management responsibilities
• Instructions on personal computer use
• Training requirement
• Authorization for access to programs and data
• Policies to prevent unauthorized copying of program and data
• Security,
Security, back-up and storage requirements
• Applications development and documentation standards
• Standards of report format and report distribution controls
• Personal usage policies
• Data integrity standards
• Responsibility for programs, data and error corrections
• Appropriate segregation of duties

Physical security relating to equipment

• Restrict access to personal computers by using door locks

• Fastening the computer to a table using security cables
• Locking personal computers in a protective cabinet or shell
• Usin
Using
g an alar
alarm
m syst
system
em that
that is activ
activat
ated
ed when
when a persperson
onal
al comp
comput
uter
er is
disconnected or moved from its location

Physical security relating to removable and non-removable media

• Delegation of a software custodian or data librarian

• Use of program and data file
fil e check-in and check-out system
• Locking of designated data locations
• Storage medias should be stored in a fire-proof container either on-site, off-
site or both

PAPS 1001 Page 2 of 4

Program and data security

• Segregate data files organized under separate file directories – this allows the
user
user to segre
segregat
gatee inform
informati
ation
on on remova
removabl
ble
e and non-re
non-remov
movabl
ablee storag
storage
e
media
• Using hidden files and secret file names
• Employing passwords
• Using
Using crypto
cryptogra
graphy
phy – this
this is the proces
process
s of transf
transform
orming
ing progra
programsms and
and
information into an unintelligible form
• Using anti-virus programs

Software and data integrity

• Integration of format and range checks and cross checks of results

• Adequa
Adequatete writte
writtenn docume
documenta
ntatio
tion
n of applic
applicati
ation
on that
that are proces
processed
sed on the
personal computer 
• Application programs developed and maintained at one place rather than by
each user dispersed throughout the entity

The effect of personal computers on the accounting system and the associated risks
will generally depend on

• The
The exte
extent
nt to whic
which
h the
the pers
persononal
al comp
comput
uter
er is bein
being
g used
used to proc
proces
ess
s
accounting applications
• The type and significance of financial
fi nancial transaction being processed
• The nature of files and programs utilized in the applications

Functions in an accounting system

• Initiating and authorizing source documents

• Entering data into the system
• Operating the computer 
• Changing programs and data files
• Using or distributing output
• Modifying the operating system

Lack of segregation of functions in a personal computer may

• Allow errors to go undetected

• Permit the perpetration and concealment of fraud
fr aud

CIS application controls

• A system of transaction logs and batch balancing

PAPS 1001 Page 3 of 4

 • Direct supervision
• Reconciliation of record counts or harsh totals

Functions of CIS application controls

• Receive all data for processing

• Ensure that all data are authorized and recorded
• Follow up all errors detected during processing
• Verify the proper distribution of output
• Restrict physical access to application programs and data files

Effects of personal computer environment on audit procedures

• The auditor often assumes that the control risk is high in such systems
• The auditor may find it cost effective not to make a review of general CIS
cont
contro
rols
ls or CIS
CIS appl
applic
icat
atio
ion
n cont
contro
rols
ls but
but to conc
concen
entra
trate
te the
the effo
effort
rts
s on
substantive tests at or near the end of the year 

PAPS 1001 Page 4 of 4