o> a ers. co COMPUTER-ASSISTED AUDIT TOOLS AND TECHNIQUESCOMPUTER- ASSISTED AUDIT TOOLS AND TECHNIQUES * They are used in performing tests of application and data extraction during audit. APPLICATION CONTROLS are programmed procedures designed to deal with potential exposures that threaten specific application. Categories Input controls are designed to ensure that the transactions are valid, accurate and complete. Data input procedures can either be source document- triggered (batch) or direct input (real time). Processing controls Output controls ensure that system output is not lost, misdirected, or corrupted and that privacy is not violated. a>Input controls Classes of input controls 1. Source document controls — deter fraud ¢ Use pre-numbered source documents * Use source documents in sequence ¢ Periodically audit source documents2. Data coding controls checks on the integrity of data codes used in processing. Transposition error occurs when digits are reversed. Transcription errors : » Addition controls — extra controls digits are added >Truncation controls - digit or character is removed pbeyeytna »Substitution controls — replacement of digit in a code3.Batch controls are effective method of managing high volume transactions data Sbeyottna through a system. It should 1 reconcile output produced controls with the input originally entered into the system. Hash totals refer too asimple control technique that uses nonfinancial data to keep track of records in a batch.4. Validation controls are intended to detect errors in transaction data before it is processed. a. Field interrogation — programmed procedure that examines the characteristics of the data in the field a. Missing data check - examines for the presence of blank spaces Peeve h ths b. Numeric-alphabetic data check — controls determines the correct form of the data ec. Zero-value checks - verify that certain fields are filled with zeros d. Limit check - determines if the value in the field exceeds an authorized e. Validity check — compare actual values in a field against known acceptable valuesb. Record interrogation validate the entire record by examining the interrelationship of its field values. Sbeyottna a. Reasonableness check controls b. Sign checks . Sequence checks c. File interrogation ensures the correct is being processed by the system a. Internal label check b. Version check c. Expiration date check5. Input error correction Error handling techniques : correct immediately, create and error file and reject the batch. pbeyeytna controls6. Generalized data input system (GDIS} includes centralized procedures to manage data input for all of the organization’s transaction processing system. COMPONENTS a. Generalized validation module — performs standard validation routines that are common to many different applications. b. Validated data file - temporary Input holding file through which validated transactions flow to their respective controls Sea ce. Error file - stores error records, correct then submit to GDIS. d. Error reports -reports are submitted to facilitate error correction e. Transaction log — permanent record of all validated transactions.Categories of processing controls 1. Run-to-Run controls - use batch figures to monitor the batch as it moves from one programmed procedure to anther >» Recalculate control totals » Transaction codes > Sequence checks 2. Operator intervention controls 3. Audit trail controls Transaction logs — serves as a journal for every successfully processed transactions Processing controls MMOutput controls Controlling batch systems output Batch systems usually produce output in the form of hard copy, which typically requires the involvement of intermediaries in its production and distribution. MMTECHNIQUES IN CONTROLLING THE OUTPUT PROCESS 1. Output spooling — applications direct their output to magnetic disks rather than to the printer directly. 2. Print programs — designed to prevent production of unauthorized copies of output and employees browsing sensitive data. 3. Bursting — printed reports will have to have their pages separated and collated. 4. Waste — sensitive computer output will have to pass through shredding before disposal5. Data control — verifying the accuracy of output before distribution to users. TECHNIQUES IN CONTROLLING THE OUTPUT PROCESS 6. Report distribution — may be done through placing reports in a secured mailbox, delivered personally or by a special courier. 7. End user control — reexamination of ColU ia eli mc elel acme) m-laN RRM ULM LTV AT\ Cd evaded the data control clerk’s review.End of Lesson 7