o> a ers. co
COMPUTER-ASSISTED
AUDIT TOOLS AND
TECHNIQUESCOMPUTER-
ASSISTED AUDIT
TOOLS AND
TECHNIQUES
* They are used in performing tests of application and
data extraction during audit.
APPLICATION CONTROLS are programmed procedures
designed to deal with potential exposures that
threaten specific application.
Categories
Input controls are designed to ensure that the
transactions are valid, accurate and complete. Data
input procedures can either be source document-
triggered (batch) or direct input (real time).
Processing controls
Output controls ensure that system output is not
lost, misdirected, or corrupted and that privacy is
not violated.
a>Input controls
Classes of input controls
1. Source document controls — deter fraud
¢ Use pre-numbered source documents
* Use source documents in sequence
¢ Periodically audit source documents2. Data coding controls checks on
the integrity of data codes used in
processing.
Transposition error occurs when
digits are reversed.
Transcription errors :
» Addition controls — extra
controls digits are added
>Truncation controls - digit
or character is removed
pbeyeytna
»Substitution controls —
replacement of digit in a
code3.Batch controls are effective
method of managing high
volume transactions data
Sbeyottna through a system. It should
1 reconcile output produced
controls with the input originally
entered into the system.
Hash totals refer too
asimple control technique
that uses nonfinancial data
to keep track of records in
a batch.4. Validation controls are intended to detect
errors in transaction data before it is
processed.
a. Field interrogation — programmed
procedure that examines the
characteristics of the data in the field
a. Missing data check - examines for the
presence of blank spaces
Peeve h ths b. Numeric-alphabetic data check —
controls determines the correct form of the data
ec. Zero-value checks - verify that certain
fields are filled with zeros
d. Limit check - determines if the value
in the field exceeds an authorized
e. Validity check — compare actual
values in a field against known
acceptable valuesb. Record interrogation validate
the entire record by examining
the interrelationship of its field
values.
Sbeyottna
a. Reasonableness check
controls b. Sign checks
.
Sequence checks
c. File interrogation ensures the
correct is being processed by
the system
a. Internal label check
b. Version check
c. Expiration date check5. Input error correction
Error handling techniques :
correct immediately, create and
error file and reject the batch.
pbeyeytna
controls6. Generalized data input system (GDIS}
includes centralized procedures to manage
data input for all of the organization’s
transaction processing system.
COMPONENTS
a. Generalized validation module —
performs standard validation routines
that are common to many different
applications.
b. Validated data file - temporary
Input holding file through which validated
transactions flow to their respective
controls Sea
ce. Error file - stores error records,
correct then submit to GDIS.
d. Error reports -reports are submitted
to facilitate error correction
e. Transaction log — permanent record
of all validated transactions.Categories of processing controls
1. Run-to-Run controls - use batch
figures to monitor the batch as it
moves from one programmed
procedure to anther
>» Recalculate control totals
» Transaction codes
> Sequence checks
2. Operator intervention controls
3. Audit trail controls
Transaction logs — serves as a
journal for every successfully
processed transactions
Processing
controls
MMOutput
controls
Controlling batch systems output
Batch systems usually produce
output in the form of hard copy,
which typically requires the
involvement of intermediaries in
its production and distribution.
MMTECHNIQUES
IN
CONTROLLING
THE OUTPUT
PROCESS
1. Output spooling — applications direct
their output to magnetic disks rather than
to the printer directly.
2. Print programs — designed to prevent
production of unauthorized copies of output
and employees browsing sensitive data.
3. Bursting — printed reports will have to
have their pages separated and collated.
4. Waste — sensitive computer output will
have to pass through shredding before
disposal5. Data control — verifying the accuracy of
output before distribution to users.
TECHNIQUES
IN
CONTROLLING
THE OUTPUT
PROCESS
6. Report distribution — may be done
through placing reports in a secured
mailbox, delivered personally or by a
special courier.
7. End user control — reexamination of
ColU ia eli mc elel acme) m-laN RRM ULM LTV AT\ Cd
evaded the data control clerk’s review.End of Lesson 7