Beruflich Dokumente
Kultur Dokumente
type or size is involved in the processing by the entity of financial information of significance to the
audit, whether that computer is operated by the entity or by a third party.
Note: The overall objective and scope of an audit does not change in a CIS Environment.
The auditor should have sufficient knowledge of the CIS to plan, direct, and review the work performed.
In planning the portions of the audit which may be affected by the client’s CIS environment, the auditor
should obtain an understanding of the significance and complexity of the CIS activities and the
An entity’s management is ultimately responsible for designing and implementing systems that will
Components of CIS
Although most systems employing CIS methods will include certain manual operations, generally the
number of persons involved in the processing of financial information is significantly reduced.
2. Concentration of programs and data -Transaction and master file data are often concentrated, usually
in machine-readable form, either in one computer installation located centrally or in a number of
installations distributed throughout the entity.
Nature of Processing
The use of computers may result in the design of systems that provide less visible evidence than those
using manual procedures. In addition, these systems may be accessible by a larger number of persons.
Systems characteristics that may result from the nature of CIS processing
1. Absence of input documents -Data may be entered directly into the computer without supporting
document. In some on-line transaction systems, written evidence of individual data entry authorization
(e.g., approval for order entry) may nr replaced by other procedures, such as authorization controls
contained in computer programs (e.g., credit limit approval).
The transaction trail may be partly in machine-readable form and may exist only for a limited period of
time (e.g., audit logs may be set to overtime themselves after a period of time or when the allocated
disk space is consumed).
Certain transactions or results of processing may not be printed, or only a summary data may be
printed.
Data and computer programs may be accessed and altered at the computer or through the use of
computer equipment at remote locations. Therefore, in the absence of appropriate controls, there is an
increased potential for unauthorized access to, and alteration of, data and programs by persons inside
or outside the entity
The development of CIS will generally result in design and procedural characteristics that are different
from those found in manual systems.
These include:
1. Consistency of performance
CIS perform functions exactly as programmed and are potentially more reliable than manual systems,
provided that all transaction types and conditions that could occur are anticipated and incorporated into
the system. On the other hand, a computer program that is not correctly programmed and tested may
consistently process transactions or other data erroneously.
The nature f computer processing allows the design of internal control procedures in computer
programs.
3. Single transaction update of multiple or data base computer files. A single input to the accounting
system may automatically update all records associated with the transaction.
Certain transactions may be initiated by the CIS itself without the need for an input
document
1. GENERAL CIS CONTROLS – to establish a framework of overall control over the CIS activities and to
provide a reasonable level of assurance that the overall objectives of internal control are achieved.
a. Organization and management controls –designed to define the strategic direction and establish an
organizational framework over CIS activities.Segregation between the CIS department and user
department
b. Development and maintenance control –designed to provide reasonable assurance that systems are
developed or acquired, or maintained in an authorized and efficient manner.
c. Delivery and support controls – designed to control the delivery of CIS services.
d. Monitoring controls – designed to ensure that CIS controls are working effectively as
planned.
2. Systems Analyst Designs new systems, evaluates and improves existing systems,
3. Programmer Guided by the specifications of the systems analyst, the programmer writes a program,
tests and debugs such programs, and
4. Computer Operator Using the program and detailed operating instructions prepared
5. Data Entry Operator Prepares and verifies input data for processing.
files.