Professional Documents
Culture Documents
ULOb - Risk Exposure, General Controls, Application Controls - 0
ULOb - Risk Exposure, General Controls, Application Controls - 0
Big Picture C
Week 6 & 7: Unit Learning Outcomes (ULO): At the end of the unit, you are expected to:
a. Explain the risk exposure and the internal structure and know the general controls and
application controls and the management of the security of information.
b. Apply the concept of expenditure cycle in SAP Business One.
Big Picture in Focus: ULOa. Explain the risk exposure and internal
structure know the general controls and application controls and the
management of the security of information.
Metalanguage
The terms used for this specific unit learning outcome are already discussed and explained
in the essential knowledge section as part of the discussion. Hence, having separate
presentation will mean redundancy.
Essential Knowledge
To perform the aforesaid big picture (unit learning outcomes), you need to fully understand
the following essential knowledge laid down in the succeeding pages. Please note that you
are not limited to exclusively refer to these resources. Thus, you are expected to utilize other
books, research articles and other resources that are available in the university’s library e.g.
ebrary, search.proquest.com etc., and even online tutorial websites.
CONTROLS
Refer to measures or techniques that prevent, detect, and/or correct conditions that may lead
to loss or damage to the business firm. Some of the reasons why computers can cause
control problems are:
1. Effects or errors may be magnified.
2. Inadequate separation of duties because of decreased manual involvement.
3. Audit trails may be undermined.
4. Human judgment is bypassed.
5. Changes to data and programs may be made by individuals lacking knowledge.
6. More individuals may have access to accounting data.
GENERAL CONTROLS
1
Department of Accounting Education
Mabini Street, Tagum City
Davao del Norte
Telefax: (084) 655-9591, Local 116
General controls are measures that ensure that a company’s control environment is stable
and well managed. These controls provide reasonable assurance that development of, and
changes to computer programs are authorized, tested and approved prior uses.
1. System analysis - The system analyst analyzes the present user environment and
requirements and may (1) recommend specific changes (2) recommend the purchase
of a new system, or (3) design a new information system.
5. Data preparation - Data may be prepared by user departments and input by key to
magnetic disk or magnetic tape.
6. Operations - The operator is responsible for the daily computer operations of both
hardware and software.
7. Data library - The librarian is responsible for custody of the removable media and
for the maintenance of program and system documentation.
8. Data control- The control group act as liaison between users and the processing
center. b) Companies may use separate computer accounts that are assigned
to users on either a group or individual bases. This will also involve the use of
PASSWORDS and CALL-BACK PROCEDURES to restrict access from remote
terminals.
2
Department of Accounting Education
Mabini Street, Tagum City
Davao del Norte
Telefax: (084) 655-9591, Local 116
3. Hardware Controls
a) These involve built-in controls in the computers by the manufacturer which will detect
machine malfunction.
b) Among the most common types of built-in controls are:
1. Parity check
2. Duplicate reading
3. Echo check
4. Dual circuitry
5. Interlock
6. Boundary protection
7. File protection ring
8. Validity test
c) The system should be examined periodically (often weekly) by a qualified service
technician.
4. Access to computer and data files controls or controls over access to equipment
and data files
a) Physical Security
1. Fireproof storage
2. Backup for the vital documents, files and programs
3
Department of Accounting Education
Mabini Street, Tagum City
Davao del Norte
Telefax: (084) 655-9591, Local 116
Cold sites - is a facility that provides everything necessary to quickly install computer
equipment, but doesn’t have the computer installed.
c) Insurance - should also be obtained to compensate the company for losses when they
occur.
APPLICATION CONTROLS
1) Input Controls
a) Attempt to ensure the validity, accuracy and completeness of the data entered into the
system.
Four Categories:
1) Data observation and recording
2) Data transcription
3) Programmed (source program) edit checks
These includes:
a) Control batch or proof totals
b) Completeness check
c) Hash total
d) Limit check
e) Logical (consistency) check
f) Self- checking digit
g) Record count
h) Sequence check
i) Validity check
j) Reasonableness check
2. Processing Controls
Included in the processing controls are:
a. File labels
b. Trailer Labels
c. Sequence Tests
4
Department of Accounting Education
Mabini Street, Tagum City
Davao del Norte
Telefax: (084) 655-9591, Local 116
d. Proof Totals
e. Cross-footing tests
f) Exception listings
g) Transmittal record
h) A record should be logged for each processing run showing the files used, time consumed,
machine halts, operator actions and other relevant data.
3. Output Controls
These govern the accuracy and reasonableness of the output of data processing and prevent
authorized use of output.
Important measures includes:
a) Error log
b) Follow-up control totals
c) Distribution log
d) Audit trail storage
e) Visual review for apparent reasonableness and completeness.
f) Exceptions should be properly handled.
g) Complete resubmission of corrected errors should be assured.
h) Provision should be made to see that all output reports are delivered on time
and to authorized destinations.
i) Users should be periodically queried for the continued needs for the output.
j) Shred sensitive documents.
COMPUTER FRAUD
Type of Fraud
1. Input Manipulation
2. Program Alteration
Self-Help: You can also refer to the sources below to help you
further understand the lesson:
Note:
The content of this manual is based on the textbook for MAS 3 titled “Management
Consultancy: Concepts and Application” by Cabrera, Ma. Elenita B.
5
Department of Accounting Education
Mabini Street, Tagum City
Davao del Norte
Telefax: (084) 655-9591, Local 116
Let’s Check
Activity 1. True or False. Write “TRUE” if the statement is true otherwise write “FALSE” if
the statements is incorrect.
Activity 2. Multiple Choice Questions. Encircle the letter that corresponds to your answer.
1. An employee in the receiving department keyed in a shipment from a remote terminal and
inadvertently omitted the purchase order number. The best systems control to detect this
error would be.
a. batch total c. sequence check
b. completeness test d. reasonableness check
2. Some of the more important controls that relate to automated accounting information
systems are validity checks, limit checks, field checks, and sign test. These are classified
as
a. control total validation routines
b. hash totaling
c. data access validation routines
d. input validation routines
3. The use of a header label in conjunction with magnetic tape is most likely to prevent errors
by the
a. Computer operator
b. Keypunch operator
c. Computer programmer
d. Maintenance technician
4. For control purposes, which of the following should be organizationally segregated from
computer operations function?
a. Data conversion
b. Surveillance of CRT messages
c. Systems development
d. Minor maintenance according to a schedule
5. Which one of the following terms best describes a decision support system (DSS)?
6
Department of Accounting Education
Mabini Street, Tagum City
Davao del Norte
Telefax: (084) 655-9591, Local 116
Let’s Analyze
Activity 1. In this activity, you are required once again to elaborate your answer to each of
the questions below.
3. Enumerate and explain in your own words the components of General controls.
________________________________________________________
________________________________________________________
________________________________________________________
In a Nutshell
In this part you are going to jot down what you have learned in this unit. The said
statement of yours could be in a form of concluding statements, arguments, or perspective
you have drawn from this lesson.
1. ________________________________________________________.
2. ________________________________________________________.
3. ________________________________________________________.
4. ________________________________________________________.
5. ________________________________________________________.
7
Department of Accounting Education
Mabini Street, Tagum City
Davao del Norte
Telefax: (084) 655-9591, Local 116
Q&A List
In this section you are going to list what boggles you in this unit. You may indicate your
questions but noting you have to indicate the answers after your question is being raised and
clarified. You can write your questions below.
Questions/Issues Answers
1.
2.
3.
4.
5.
Keyword Index
• General Control
• Application Control
• Computer Fraud