Beruflich Dokumente
Kultur Dokumente
Introduction to Controls
Controls may relate to manual AISs, to computer-based AISs, or both Controls may be grouped into General controls, Application controls, and Security measures Controls may also be grouped in terms of risk aversion: Corrective, Preventive, and Detective Controls These categories are intertwined and an appropriate balance is needed for an effective internal control structure
Control Classifications
By Setting General By Risk Aversion Corrective Preventive Detective
Application
Input Processing Output
Figure 8-1
General Controls
involving a firms AIS and resources (assets). They can be grouped as follows:
Organizational or Personnel Controls Documentation Controls Asset Accountability Controls Management Practice Controls Information Center Operations Controls Authorization Controls Access Controls General Controls pertain to all activities
data preparation (converting to machine readable form), computer operations, and data library - batch processing
Other personnel controls include the two-week vacation rule
Files
Process
Files
Distribute
Errors to be corrected To users (exception and summary report)
Figure 8-4
Displayed Outputs
Process
Online Files
Documentation Controls
Documentation consists of procedures manuals
and other means of describing the AIS and its operations, such as program flowcharts and organizational charts In large firms, a data librarian is responsible for the control, storage, retention and distribution of documentation Storing a copy of documentation in a fireproof vault, and having proper checkout procedures are other examples of documentation controls. Use of CASEs
Program Documentation
Program flowcharts, decision tables, data structure diagrams Source program listings Inputs, formats, and sample filled-in forms Printouts of reports, listings, and other outputs Operating instructions Test data and testing procedures Program change procedures Error listings
Data Documentation
Descriptions of data elements Relationships of specific data elements to other data elements
Operating Documentation
Performance instructions for executing computer programs Required input/output files for specific programs Setup procedures for certain programs List of programmed halts, including related messages, and required operator actions for specific programs Recovery and restart procedures for specific programs Estimated run times of specific programs Distribution of reports generated by specific programs
User Documentation
Procedures for entering data on source documents Checks of input data for accuracy and completeness Formats and uses of reports Possible error messages and correction procedures
Preventive Maintenance Software checks such as a Label Check and a Read-Write Check
Application Controls
Application controls pertain directly to the transaction processing systems The objectives of application controls are to ensure that all transactions are legitimately authorized and accurately recorded, classified, processed, and reported Application controls are subdivided into input, processing and output controls
Authorization Controls - I
Authorizations enforce managements policies with respect to transactions flowing into the general ledger system They have the objectives of assuring that: Transactions are valid and proper Outputs are not incorrect due to invalid inputs Assets are better protected Authorizations may be classified as general or specific
Authorization Controls - II
A General authorization establishes the standard conditions for transaction approval and execution A Specific authorization establishes specific criteria for particular sums, events, occurrences, etc In manual and computerized batch processing systems, authorization is manifest through signatures, initials, stamps, and transaction documents In on-line computerized systems, authorization is usually verified by the system. e.g., validation of inventory pricing by code numbers in a general ledger package
Input Controls
Input Controls attempt to ensure the validity, accuracy, and completeness of the data entered into an AIS. Input controls may be subdivided into: Data Observation and Recording Data Transcription (Batching and Converting) Edit tests of Transaction Data Transmission of Transaction Data
Data Transcription - I
Data Transcription refers to the preparation of data for computerized processing and includes:
Carefully structured source documents and input screens Batch control totals that help prevent the loss of transactions and the erroneous posting of transaction data The use of Batch control logs in the batch control section Amount control total totals the values in an amount or quantity field Hash total totals the values in an identification field Record count totals the number of source documents (transactions) in a batch
Data Transcription - II
Key Verification which consists of rekeying data and comparing the results of the two-keying operations Visual Verification which consists of comparing data from original source documents against converted data.
Output Controls
Outputs should be complete and reliable and should be distributed to the proper recipients Two major types of output controls are: validating processing results regulating the distribution and use of printed output
Input
Processing
Sound conversion control techniques Sound file maintenance Run-to-run verifications procedures Adequate detective-type Adequate preventiveprogrammed checks type programmed checks Distribution log of Reconciliation of authorized users computed totals with predetermined control totals Reviews of outputs and tests to source documents by users
Output
Copyright 2000 John Wiley & Sons, Inc. All rights reserved. Reproduction or translation of this work beyond that permitted in Section 117 of the 1976 United States Copyright Act without the express written permission of the copyright owner is unlawful. Request for further information should be addressed to the Permissions Department, John Wiley & Sons, Inc. The purchaser may make back-up copies for his/her own use only and not for distribution or resale. The publisher assumes no responsibility for errors, omissions, or damages, caused by the use of these programs or from the use of the information contained herein.