Scribd Logo
Upload

Welcome to Scribd!

  • ULOb - Risk Exposure, General Controls, Application Controls - 0

    Uploaded by

    lilienesiera
    10 views8 pages
    The document provides information about internal controls for accounting information systems. It discusses general controls like organizational controls that separate duties, software controls over documentation and changes, and hardware controls built into computers. It also discusses application controls for input validation and processing. The overall purpose is to explain controls that help ensure accurate and secure processing of accounting information.

    Original Description:

    Original Title

    ULOb_Risk Exposure, General Controls, Application Controls_0

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document provides information about internal controls for accounting information systems. It discusses general controls like organizational controls that separate duties, software controls over documentation and changes, and hardware controls built into computers. It also discusses application controls for input validation and processing. The overall purpose is to explain controls that help ensure accurate and secure processing of accounting information.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    10 views8 pages

    ULOb - Risk Exposure, General Controls, Application Controls - 0

    Uploaded by

    lilienesiera
    The document provides information about internal controls for accounting information systems. It discusses general controls like organizational controls that separate duties, software controls over documentation and changes, and hardware controls built into computers. It also discusses application controls for input validation and processing. The overall purpose is to explain controls that help ensure accurate and secure processing of accounting information.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 8

    Department of Accounting Education

    Mabini Street, Tagum City


    Davao del Norte
    Telefax: (084) 655-9591, Local 116

    Big Picture C
    Week 6 & 7: Unit Learning Outcomes (ULO): At the end of the unit, you are expected to:
    a. Explain the risk exposure and the internal structure and know the general controls and
    application controls and the management of the security of information.
    b. Apply the concept of expenditure cycle in SAP Business One.

    Big Picture in Focus: ULOa. Explain the risk exposure and internal
    structure know the general controls and application controls and the
    management of the security of information.

    Metalanguage
    The terms used for this specific unit learning outcome are already discussed and explained
    in the essential knowledge section as part of the discussion. Hence, having separate
    presentation will mean redundancy.

    Essential Knowledge
    To perform the aforesaid big picture (unit learning outcomes), you need to fully understand
    the following essential knowledge laid down in the succeeding pages. Please note that you
    are not limited to exclusively refer to these resources. Thus, you are expected to utilize other
    books, research articles and other resources that are available in the university’s library e.g.
    ebrary, search.proquest.com etc., and even online tutorial websites.

    SYSTEMS CONTROLS AND SECURITY MEASURES IN AN ACCOUNTING


    INFORMATION SYSTEM

    CONTROLS FOR COMPUTERIZED ACCOUNTING INFORMATION SYSTEM

    CONTROLS
    Refer to measures or techniques that prevent, detect, and/or correct conditions that may lead
    to loss or damage to the business firm. Some of the reasons why computers can cause
    control problems are:
    1. Effects or errors may be magnified.
    2. Inadequate separation of duties because of decreased manual involvement.
    3. Audit trails may be undermined.
    4. Human judgment is bypassed.
    5. Changes to data and programs may be made by individuals lacking knowledge.
    6. More individuals may have access to accounting data.

    Computer controls can be classified as:


    1. General Controls 2. Application controls

    GENERAL CONTROLS

    1
    Department of Accounting Education
    Mabini Street, Tagum City
    Davao del Norte
    Telefax: (084) 655-9591, Local 116

    General controls are measures that ensure that a company’s control environment is stable
    and well managed. These controls provide reasonable assurance that development of, and
    changes to computer programs are authorized, tested and approved prior uses.

    1. Organizational or Personnel Controls

    a) These will involve separation of incompatible duties at minimum, segregate programming,


    operations, and library functions within the information systems department .One way to
    separate key functions is as follows :

    1. System analysis - The system analyst analyzes the present user environment and
    requirements and may (1) recommend specific changes (2) recommend the purchase
    of a new system, or (3) design a new information system.

    2. System programming - The systems programmer is responsible for implementing,


    debugging the software necessary for making the hardware work.

    3. Applications programming - The applications programmer is responsible for


    writing, testing and debugging the application programs for the specifications
    provided by the system analyst.

    4. Database administration - In a database environment, a database administrator


    (DBA) is responsible for maintaining the database and restricting access to the
    database to authorized personnel.

    5. Data preparation - Data may be prepared by user departments and input by key to
    magnetic disk or magnetic tape.

    6. Operations - The operator is responsible for the daily computer operations of both
    hardware and software.

    7. Data library - The librarian is responsible for custody of the removable media and
    for the maintenance of program and system documentation.

    8. Data control- The control group act as liaison between users and the processing
    center. b) Companies may use separate computer accounts that are assigned
    to users on either a group or individual bases. This will also involve the use of
    PASSWORDS and CALL-BACK PROCEDURES to restrict access from remote
    terminals.

    2. File security / Software Controls

    a) These will require


    1. Documentation of all programs, procedures and operating investments.
    2. Segregation of duties as to:
    a. Systems design and operation
    b. Testing of new systems and operations
    3. Approval of new programs and changes to program by management, users and
    information systems personnel.

    2
    Department of Accounting Education
    Mabini Street, Tagum City
    Davao del Norte
    Telefax: (084) 655-9591, Local 116

    4. Library control of all master and transaction file conversions to prevent


    unauthorized changes and to verify the accuracy of the results.
    5. Back-up storage of software off-premises.

    3. Hardware Controls

    a) These involve built-in controls in the computers by the manufacturer which will detect
    machine malfunction.
    b) Among the most common types of built-in controls are:
    1. Parity check
    2. Duplicate reading
    3. Echo check
    4. Dual circuitry
    5. Interlock
    6. Boundary protection
    7. File protection ring
    8. Validity test
    c) The system should be examined periodically (often weekly) by a qualified service
    technician.

    4. Access to computer and data files controls or controls over access to equipment
    and data files

    a) These will include the following segregation controls as follows:


    1. Access to program documentation should be limited to those persons who
    require it in the performance of their duties.
    2. Access to data files and programs should be limited to those individuals
    authorized to process data.
    3. Access to computer hardware should be limited to authorized individuals such as
    computer operators and their supervisors.

    b) Physical access to computer facility controls.


    c) Use of visitor entry log which document those who have had access to the area.
    d) Use of identification code and a confidential password to control access to software
    e) Use of “call back” which is a specialized form of user identification in which the user dial
    the system, identifies him/herself and disconnected from the system.
    f) Use of “encryption” where data is encoded when stored in computer files and/or from
    remote locations. Data encryption transforms plaintext messages into unintelligible
    cyphertext using an encryption key.
    5. Other data and procedural controls including security and disaster controls (Fault-
    tolerant systems, backup, and contingency planning)

    a) Physical Security
    1. Fireproof storage
    2. Backup for the vital documents, files and programs

    b) Contingency planning - which includes the development of a formal disaster recovery.


    Hot sites - is a facility that is configured and ready to operate within few hours.

    3
    Department of Accounting Education
    Mabini Street, Tagum City
    Davao del Norte
    Telefax: (084) 655-9591, Local 116

    Cold sites - is a facility that provides everything necessary to quickly install computer
    equipment, but doesn’t have the computer installed.

    c) Insurance - should also be obtained to compensate the company for losses when they
    occur.

    APPLICATION CONTROLS
    1) Input Controls
    a) Attempt to ensure the validity, accuracy and completeness of the data entered into the
    system.

    Four Categories:
    1) Data observation and recording
    2) Data transcription
    3) Programmed (source program) edit checks
    These includes:
    a) Control batch or proof totals
    b) Completeness check
    c) Hash total
    d) Limit check
    e) Logical (consistency) check
    f) Self- checking digit
    g) Record count
    h) Sequence check
    i) Validity check
    j) Reasonableness check

    B. Control procedures that should be followed in the input data are:

    1) Systems specifications documenting all necessary steps in the preparation should be


    written and used.
    2) Serial controls should be logged.
    3) Signature approvals should be received and accounted for.
    4) A peso-value unit or hash totals should be prepared for a batch or a processing period and
    compared by the computer with the totals processed.
    5) Data to be entered into the system should be verified.
    6) An editing procedure should be followed whereby all input information is compared with
    tables of valid codes.
    7) Check digits should be used whenever possible.
    8) All rejected items in the editing procedure should be listed with references and their
    disposition accounted for.
    9) Specific procedures should be established for delivery of data to the computer department.

    2. Processing Controls
    Included in the processing controls are:
    a. File labels
    b. Trailer Labels
    c. Sequence Tests

    4
    Department of Accounting Education
    Mabini Street, Tagum City
    Davao del Norte
    Telefax: (084) 655-9591, Local 116

    d. Proof Totals
    e. Cross-footing tests
    f) Exception listings
    g) Transmittal record
    h) A record should be logged for each processing run showing the files used, time consumed,
    machine halts, operator actions and other relevant data.

    3. Output Controls
    These govern the accuracy and reasonableness of the output of data processing and prevent
    authorized use of output.
    Important measures includes:
    a) Error log
    b) Follow-up control totals
    c) Distribution log
    d) Audit trail storage
    e) Visual review for apparent reasonableness and completeness.
    f) Exceptions should be properly handled.
    g) Complete resubmission of corrected errors should be assured.
    h) Provision should be made to see that all output reports are delivered on time
    and to authorized destinations.
    i) Users should be periodically queried for the continued needs for the output.
    j) Shred sensitive documents.

    COMPUTER CONTROL ACTIVITIES


    Computer General Control activities-
    Computer Application Control activities-User Control Activities to test the Completeness and
    accuracy of computer Processed Transactions

    COMPUTER FRAUD
    Type of Fraud
    1. Input Manipulation
    2. Program Alteration

    Self-Help: You can also refer to the sources below to help you
    further understand the lesson:

    * Cabrera, M. B. (2015).Management consultancy: Principles and Engagement (2015),


    Philippines: GIC Enterprises & CO., Inc.

    Note:
    The content of this manual is based on the textbook for MAS 3 titled “Management
    Consultancy: Concepts and Application” by Cabrera, Ma. Elenita B.

    5
    Department of Accounting Education
    Mabini Street, Tagum City
    Davao del Norte
    Telefax: (084) 655-9591, Local 116

    Let’s Check

    Activity 1. True or False. Write “TRUE” if the statement is true otherwise write “FALSE” if
    the statements is incorrect.

    1) Security refers to measures or techniques that prevent, detect, and/or correct


    conditions that may lead to loss or damage to the business firm.
    2) File labels are part of output controls.
    3) Processing controls include shredding of sensitive documents.
    4) The use of visitor entry log document those who have had access to the area.
    5) Control procedures that should be followed in the input data include Specific
    procedures that should be established for delivery of data to the computer
    department.
    6) Input manipulation is not a computer fraud.
    7) The two types of controls are general control and software control.

    Activity 2. Multiple Choice Questions. Encircle the letter that corresponds to your answer.

    1. An employee in the receiving department keyed in a shipment from a remote terminal and
    inadvertently omitted the purchase order number. The best systems control to detect this
    error would be.
    a. batch total c. sequence check
    b. completeness test d. reasonableness check

    2. Some of the more important controls that relate to automated accounting information
    systems are validity checks, limit checks, field checks, and sign test. These are classified
    as
    a. control total validation routines
    b. hash totaling
    c. data access validation routines
    d. input validation routines

    3. The use of a header label in conjunction with magnetic tape is most likely to prevent errors
    by the
    a. Computer operator
    b. Keypunch operator
    c. Computer programmer
    d. Maintenance technician

    4. For control purposes, which of the following should be organizationally segregated from
    computer operations function?
    a. Data conversion
    b. Surveillance of CRT messages
    c. Systems development
    d. Minor maintenance according to a schedule

    5. Which one of the following terms best describes a decision support system (DSS)?

    6
    Department of Accounting Education
    Mabini Street, Tagum City
    Davao del Norte
    Telefax: (084) 655-9591, Local 116

    a. Management reporting system


    b. Formalized system
    c. Interactive system
    d. Accounting information system

    Let’s Analyze

    Activity 1. In this activity, you are required once again to elaborate your answer to each of
    the questions below.

    1. Explain brief the concept and importance of system controls.


    ________________________________________________________
    ________________________________________________________
    ________________________________________________________

    2. Distinguish briefly between general controls and application controls.


    ________________________________________________________
    ________________________________________________________
    ________________________________________________________

    3. Enumerate and explain in your own words the components of General controls.
    ________________________________________________________
    ________________________________________________________
    ________________________________________________________

    4. Give some examples of computer frauds.


    ________________________________________________________
    ________________________________________________________
    ________________________________________________________

    In a Nutshell
    In this part you are going to jot down what you have learned in this unit. The said
    statement of yours could be in a form of concluding statements, arguments, or perspective
    you have drawn from this lesson.
    1. ________________________________________________________.
    2. ________________________________________________________.
    3. ________________________________________________________.
    4. ________________________________________________________.
    5. ________________________________________________________.

    7
    Department of Accounting Education
    Mabini Street, Tagum City
    Davao del Norte
    Telefax: (084) 655-9591, Local 116

    Q&A List
    In this section you are going to list what boggles you in this unit. You may indicate your
    questions but noting you have to indicate the answers after your question is being raised and
    clarified. You can write your questions below.

    Questions/Issues Answers

    1.

    2.

    3.

    4.

    5.

    Keyword Index
    • General Control
    • Application Control
    • Computer Fraud

    You might also like