Computerised Environment

Information & Communication Technology:

• Integral part of modern business
• IT infrastructure may take many forms:
• Desktop connected to cash register
• Integrated enterprise resource planning system
• Changes with needs of business
• Network:
• 2 or more computers connected either from 1 location/multiple locations
• Local Area Network (LAN)
• Computers connected in 1 location
• Wide Area Network (WAN)
• Computers connected between different geographical locations
• Networks are formed by means of:
• Cabling
• wireless connections
• Internet
• Hardware & Software
• System software
• Runs in background of computer
• Designed to give hardware instructions on how to run specific application
• Eg microsoft windows, linux
• Application software
• Performs specific functions required by users
• Eg. Pastel accounting, Microsoft office
• Accounting packages
• Software that maintains data, files & transaction details in databases
• Database consist of transaction details/ cumulative balances
• Stored in:
• transaction files
• Used to record transaction details of each individual transaction in:
• real time systems
• Master-file is updated with cumulative totals/ balances of all transactions
recorded
• When transaction occurs
• batch processing systems
• Details of individual transaction are stored in transaction file
• Until system processes data
• Info in transaction file is used to update master file
• Masterfiles
• Used to store permanent info/standing data
• Eg. Customers full name & contact details or inventory descriptions
• Used to store cumulative totals/balances of full transactions that were entered
into transaction files
• Each file is made up of rows of data
• Data stored electronically is represented by:
• fields
• Amount, price, quantity or date
• Records
• Multiple field that relate to particular transaction are stored here
• Eg. All fields relating to a debtor
• Files
• All records of of related transactions are stored here
• Stored in database
• Collection of files or data that relate to similar class of transactions
• Can be used and shared among multiple applications

 Evolution of Information Technology:

Distributed Networks and Computing
Improvement in technology & increase in the processing & storage capacity of computers have made
desktops more cost-efficient and powerful
Been a shift away from centralised computer centres towards de-centralised computing over networks
Decentralised nature of networks has made it more difficult to restrict access & implement segregation
of duties

Mobility
Computers & related telecommunication devices have become smaller, lighter & more flexible
Devices have advanced communication technology
Wifi
Bluetooth
LTE
Mobility + concentration of info that can be stored on mobile device resulted in risk of theft of
hardware
Risk of confidential info being transmitted electronically to unauthorised persons has increased

Open Source
Software that can be changed & amended by any user
Underlying programming code (source code) is available to anyone to review, change & distribute
This has reduced the cost of software
Improved functionality for companies that use open-source software
Increased risk of hackers identifying areas to exploit
Decreased risk as weakness on source code easily identifiable

Image Processing
Barcodes have become a universal tool to capture info
Limitation of needing barcode scanners to read them
Advancement in image processing technology and availability of devices with cameras
Any device can become an image code input device, finger print scanner etc
Potential to reduce data input errors

Convergence
Hardware devices have become more integrated & contain various wide ranging functionalities
Eg. iPad that can integrate a mobile device and a computer

Cloud Computing
Trend where companies store their data online/ operate applications are situated on the internet
Involves number of risks:
Disruption to operations if data is not available due to slow internet connection
Increases the chances of data being intercepted/lost during communication

Artificial Intelligence & Machine Learning

Describes computers withe the ability to mimic/duplicate the functions of the human brain
Able to recognise complex patterns
Machine learning is the ability of hardware & software to allow itself to change how it functions,
responds/ react
Based on prior learning, past experience & identified patterns from past feedback

Blockchain Technology
Incorruptible digital ledger of economic transactions
Can be programmed to record anything of value
Continuously growing list of records (blocks)
Linked & secured using cryptography
Each block contains:
cryptographic hash of previous block

 A timestamp
Transaction data
Each new block of data is linked to previous block
Once recorded, data in block cannot be changed without changing previous blocks
Forms distributed ledger that can record transactions between 2 parties in a permanent manner
Good for recording:
Identity management
Transaction processing
Documenting origin

Big data & Data Analytics

Big data:
Represents data sets that are larger & more complex than traditional data sets
Beyond the ability of commonly used data processing application software
Represents info assets characterised by high volumes
To require specific technology & analytical methods to transform it into decision-useful
info
Tends to place reliance on the use of:
predictive analytics
User behaviour analytics
Other advanced data analytics methods that extract from unstructured, semi-structured
& structured data
Big data applications are able to extract usable unstructured data from;
Text
Images
Audio
Video
While being able complete missing data through data fusion
Requires technologies with new forms of integration to reveal insights from datasets that are
diverse, complex & of massive scale
Data must be processed with advanced tools to reveal meaningful information

Robotics & Autonomous Vehicles

Robotics:
Involves developing mechanical/computer devices that are able to perform tasks that require a
high degree of precision
Are repetitive in nature
Could be hazardous to humans
Mechanising tasks typically performed by humans
Autonomous vehicles
Robotic vehicles
Ability to use data about their environment derived from input sensors
To make decisions on how to navigate without human input

IT Governance
One of the principals in King IV
The governing body of an entity should set the direction for how technology & info
should be approached
by approving a policy which forms the foundation for the development of an IT
governance framework
that should support the effective & efficient management of IT
resources
Including implementation of a risk management system &
internal controls
To ensure that a company achieves its strategic objectives
The policy should include technological (human, finance, physical) & informational aspects of it
This represents a change from previous versions of King reports
The policy should integrate into the entire organisation & must be designed to improve
business processes
Advantages of implementation of good IT governance:
Company’s reputation is improved
Strategically aligned IT with business goals

 Trust of 3rd parties improved

Processes makes business operations more efficient
Creates competitive advantage
non-IT executives gain a better understanding of IT
Better decision making processes are available due to timely & quality info
being available
Greater level of compliance with laws & regulations is possible
Risk management procedures are maximised by implementing sound IT controls
Risks of not having a good IT governance in place:
Company many encounter problems in running its operations, machines & production
lines
Results in company not operating efficiently & effectively
They may be a loss of confidentiality
Systems become less available, less reliable & function less effectively
Unauthorised use, access to & changes to IT systems may take place

Impact of IT of Upgrading Manual Accounting System to Electronic:

 Components
Hardware:
Consists of all physical electronic equipment & parts that make up a CIS (computer
information system)
Ranges from input devices to output & storage devices
Eg. Keyboards, scanners, printers etc.
Software
Includes all programmes that reside on any/all components of hardware
People
Interact with processing of transactions
Includes customers
Includes procedures that govern their behaviour
Procedures
Manual & automated
Instructions used to collect, process & store data about the organisation’s activities
Done through 4 stages of accounting system
Include strategies, policies, methods & rules for how, when & by whom the CIS is to
be used
Data
Includes all forms of data stored on hardware

How a Computerised System Works

 Input & Proce ing Environments

Batch entry & batch processing:
Individual hard-copy source documents are collected for a period of time into bundles
Manual checks are done on the bundles (batches)
At a predetermined later time the bundles are captured onto a computer system
Converted to format that computer systems can read
Stored in transaction file
The master-file is then updated with the transaction data in the transaction file
Batching ensures that all transactions in the batch are subject to the same activity,
tasks/controls
That are processed accurately
Only valid transactions are processed
None are omitted
Online entry, batch processing:
Transaction data in entered directly onto the system fro a terminal as the transaction
occurs
To create source documents
Necessary checks are performed & data is authorised & processed to transaction file
When it is convenient to do so, the master-file is updates
Online entry, real-time processing:
Transaction data is entered directly onto system
Linked to accounting system
Accounting system immediately performs necessary programmed checks
Creates source documents
Processes transactions to the master-file
Master-file is always up to date
Shadow processing:
A copy of the master-file is used during the day & is updated continuously as
transaction data is captured
System simultaneously creates a batch file of the day’s transactions
File is updated to the original master-file at end of each day
Should the system crash, the original master file will not be corrupt
Acts as a backup
Shadow copy of master-file allows users to have real-time info available always

How Computer Controls are Cla ified:

General Controls
Defined as policies & procedures that relate to many applications & that support the
effective functioning of application controls
By helping ensure the continued proper operation of info systems
By ensuring that the control environment is stable & well managed
General IT controls commonly include controls over:
Data centre & network operations
System software acquisition, change & maintenance
Access security
Form the framework of overall control around the CIS
Relate to overall info processing environment
They impact all areas of operations & systems in the computer system
Support the appropriate functioning of application controls
Implemented before transactions can be processed
Implemented independently of the processing of transactions
Application Controls
Defined as manual/automated procedures that typically operate @.a business process/
application level
Can be preventative, detective & corrective
Designed to ensure integrity of the accounting records
Ensure data in the system is free from fraud/errors

ss

ss

 General Controls:
Organisational controls

1. Responsibility delegation
• Computer Generating Committee (CGC) – manage IT , communication channel
between IT users and departments
• Chief Info Officer (CIO) – responsible for IT direction and communication with CGC
• IT manager – day to-day IT
2. Segmentation of duties
By segregation entity could mitigate risk of:
• Unauthorised or inaccurate transactions
• Staff adjusting records to cover up falsified entries
• Staff falsifying records to conceal theft
NB! IT should only be able to work on the computers and not have ability to
influence or change any transaction or statements
Should segregate between departments operations and security function

3. Staff Practices
• Policies
• Process and employing staff
• Staff scheduling and rotation of duties
• Ongoing training of staff
• Continuous evaluation of staff
• Staff dismissals and resignation
4. Supervision and Review
• High level review : management review financial performance periodically
compared to expectations
• Analytical reviews and ratios : relationships between data sets analysed for
deviations
• Recon of data on system with data from external source: info confirmed with another
set of info
• Independent review: unusual transactions identified for investigation

System development and change controls (same as development cycle)

• System development – developed in-house
• System acquisition - new one required from vendor
• System development life cycle (SDLC)
(a) Request submission , needs assessment
➡ objects come from written user request or genuine business need
➡ Feasible study conducted including:
➡ Comprehensive needs assessment
➡ Investigate resources required
➡ Investigate alternative solutions
➡ Cost benefit analysis
➡ Time planner showing all deadlines

(b) Planning and design

➡ Project team manages the project in accordance with preditrend
accepted programming standards and control frameworks
➡ once project plan set business analyst must perform detailed investigation
into user needs which is used to develop the system. 


(c) System development and testing

➡ Development area – create versions of system
➡ Test area
➡ Program test
➡ String/series test
➡ System test
➡ Stress/ tension test
➡ User acceptance test












 ➡ Production area - made live, but undergoes final approval

(d) Implementation
➡ Conversion to new system and transfer of all data from old one to new
one
➡ Conversion methods
➡ Parallel processing - both old and new run
➡ Direct shut down – old one shut down new one are
implemented
➡ Modular (phased) implementation – Old one phased out section
by section

(e) Post implementation review and training

Couple of months later To determine:
➡ System meets user needs
➡ Necessary controls been implemented
➡ IT development was a success (effective)
➡ IT system docs and training is sufficient
Access Controls
✓ Prevent unauthorised persons from gaining access, limit the activities of authorised
persons to authorised areas
✓ Least privilege principle, access only to data and systems that are necessary for them
to perform their duties correctly
✓ Physical access controls control access from outside into the company, using walk-
through methodology
✓ Logical access controls electronic measures such as usernames, passwords and
advanced technologies such as encryption and firewalls. Logs + audit trails good tools
to identify
✓ Security management policy;
✓ Drive culture of security awareness, policy widely distributed, employees must
acknowledge and agree to comply
✓ Policy not adhered to, action to be taken
✓ Access to premises of IT department
✓ Restricting physical access
✓ Installing security gates and magnetic doors; use electronic tag, pin pad/
biometric identification.
✓ Security guards at all entrances and exits, no. of potential entry and exit points
minimum.
✓ Visitors sign register at reception, clearly identifiable by displaying visitor tag.
✓ Doors remained locked at all times, only opened by special key, magnetic card/
biometric system.
✓ Closed-circuit TV monitors
✓ Important hardware, docs, data and programs should be locked away in
dedicated room, cupboard/ safe.
✓ Physical logs/ registers maintained of all visitors, electronic log of movement of
visitors and personnel within premises frequently reviewed.
✓ Access to computer terminals:
Located in office/dedicated, lockable room one secure access point, away from
✓
general access. Important staff have way of identifying themselves.
✓ if impossible, management supervise activities.
✓ Limited to office hours, physically by locking, electronically by job scheduling
function.
✓ Computer securely fastened to table or desk, cannot be stolen or removed.
✓ Logs or activity registers should be maintained and reviewed frequently.
✓ Access to other sensitive information:
✓ Storing devices in separate place
✓ Sensitive stuff, employ a data librarian to keep track of use.
✓ Logical access controls:
✓ Implemented within system limits access to terminals, networks, data &
functionality (read, write, delete & change)
✓ Controls are written by the computer itself
✓ Assist in

 Identification (number/ username, magnetic cards, biometric techniques)

✓

authentication (“verify the identity of ”... uses unique password, specific

✓

question as identified by user, electronic key; magnetic card or USB

device, physical attribute i.e. fingerprint or face-scan, additional
password sent to users cell phone/ email account
✓ authorisation (could be granted general rights, or specific authorisation
for high risk transactions i.e. second staff member to authorise)
✓ Library function:
✓ data librarian responsible for securing and managing data, files,
documentation, programs and user rights.
✓ Data communication:
✓ Encryption (converts or encodes data, cannot be read unless encryption key)
✓ Firewalls (restricts inflow and outflow of information)
✓ Call back facility (system disconnects the device and reconnects to the device
using and identity number)
✓ Antivirus and malware programs (blocks viruses and malware from entering
computer)
✓ Assurance logos (Thawte/ Webtrust, showing company uses reliable, trustworthy
and well known security)

Business Continuity Controls

✴ Preventative: protect a company against non- physical and physical dangers
✴ Non-physical: relate to access to computer system
✴ Physical dangers:
✴ Fire (smoke detectors, air conditioning, temp at suitable level)
✴ Construction and location (be away from obvious hazards, fire doors with
automatic locks can also be used)
✴ Electricity (mechanism installed to protect company against power failures as
well as power surges)
✴ Water (situated away from taps and water)
✴ Environment (not have windows can be opened, climate controlled, no windows
that can be opened, neat, tidy and dust free)
✴ Time (regular maintenance, wear and tear)
✴ Theft
✴ Backups
✴ Formalised back up policy
✴ Regular backups... weekly of all data, monthly of operational and financial files,
quarterly of entire system.
✴ Backups stored in suitable location off-site, preferable fireproof
✴ Backup copies frequently tested
✴ Sufficient and appropriate insurance cover
✴ Written emergency recovery plan/ strategy document, list of data program files that
are key to operations
✴ Alternative processing facility should be in place
✴ Provision should be made for testing the emergency recovery plan to identify
weaknesses

Operational Controls
✤ Scheduling production runs and when processing takes place
✤ Setting standards for operating activities, maintenance and use of assets
✤ Maintaining logs and activity registers for use of software and hardware
✤ Ensuring library controls are in place to keep track of secure data, files, programs
and documentation.