… here documents would allow management to decide if the system being developed would be viable and cost effective. Without such controls, expensive projects can be started and never finished, costing the organization a great deal in time and money. These managerial controls force the development team to do a thorough job since they are accountable to management… Testing Testing and trials are important controls and require that systems are thoroughly tested before they become operational. The extensive testing of programs will minimize or even eliminate the errors in the computer system.
The tests will show exactly what type of problems occur in the system in the processing of certain data and would also indicate any problems in the response time of the systems. Also, the benchmarks that are calculated in testing can be compared with benchmarks taken later on to see if the program has been tampered with. Training The training of the data processing staff is a very important control. Proper training of staff would reduce the number of errors that would occur in the system due to inadequate knowledge of the system. The trained staff would be less likely to make mistakes. Concurrent Running of old and new systems.
Running the old and new systems concurrently is also an important control. This control would allow the organization to compare the results of the two systems when they do different tasks. These results would allow them to find any problems in the new system by validating the results of the new system with the results of the old one Procedural Controls. Procedural controls are one of the most important set of controls as they are the ones that are placed on the day to day running of the system. Procedural controls are particularly effective in detecting whether a system has been tampered with and so are effective in detecting fraud. Procedural controls are divided into those controls placed on input, output, processing and storage.
Input Controls These are procedural controls that are placed on the input of data intothe system. These controls are. Serial numbering of documents. Validation checks on documents.
Batching documents and checking of batch totals. authorization procedures These controls are carried out by the user department. The Data processing depart also then gets the data and put carry out their own controls. These are. Vetting of batches to ensure that they are correct.
checks on data conversion methods These checks are made so that the data that is entered is as accurate and as error free as possible. Processing Controls Once that data has been entered into the system and is being processed, the processing controls are used to ensure that the data is processed properly. Processing controls are divided into two categories. These are 1. Validation tests 2. File checks The validation checks are made on the data when it is being processed.
These checks ensure that the data is processed correctly. Validation checks include. Check digit verification. Checks in the size of file and records. check on mode of the file. Check on consistency of fields in files.
Range tests on numbers and values. Hash totals. Control record checks. Sequence checks to ensure that records are entered in the right order. Error logs which contain a record of all errors that have occurred during the processing of the data… Transaction logs which contain a record of each transaction that has been made.
This provides an audit trail for the auditor. The transaction log would contain where a particular transaction originated and who initiated it. File checks are the controls to ensure that the integrity of the files that hold the data for the organization remain intact during processing. Some file checks are.
Use of header tables to identify files. Use of trailer labels to ensure that the record is completely read… Arithmetic proof of the validation of certain fields by checking them with other fields in the record Output controls The outputting of processed data also has certain controls. These output controls are used to ensure the completeness, accuracy and timeliness of the output on screen, printed form as well as on storage media. Some output control procedures are. Initial screening of the output to detect obvious errors.
Output should only be distributed by authorized persons to authorized persons… Controls totals on the output should be checked against the control totals of the input to ensure the consistency of data… All the documents produced should be numbered and accounted for. Highly sensitive materials should not be seen by the general data processing staff but should be outputted to a secure location… A feedback system must be developed between the users and the data processing department so that any errors that occur would be reported and subsequently corrected. Storage Controls When data is stored additional controls must be put into place to ensure that the data is stored properly and that the data is to tampered with in anyway.
These controls ensure that no unauthorized persons would be able to tamper with or destroy the data whether it be intentionally or deliberately. Some of these controls are. Authorization controls to ensure that only authorized personnel is allowed to make amendments and deletions to the files… Controls to ensure that amendments and deletions are to be thoroughly documented so that the person who made the amendments can be made accountable for the changes they made… Controls to ensure that there are proper facilities for the backup of files. These include ensuring that files are backed up regularly, multiple backup files are kept and that these files are kept at a secure location and are easily retrievable in case of an emergency…
Controls that would ensure that the data can be recovered in case of disaster. This includes transaction logs of complete system dumps which will make periodic backups of all the transactions that occur within the system. Computerized accounting systems bring with then a set of new and unique problems. The internal controls that have been put into place for a manual system to help the internal auditor cannot fully prevent or minimize the possibility of errors or fraud that come with the computerized systems.
Therefore the old controls must be modified for the new system and new controls must be put in. Only then can the internal auditor ensure that the number of errors that occur within the system be minimized or even eliminated… Bibliography Basset P. H. (1993) Computerised accounts, 3 rd Edition, Manchester: NCC Blackwell.
1-85554-205-6. Grudinsku G. , Burch J. , (1989), Information Systems Theory and Practice, 5 thE dition, John Wiley and Sons, Inc. 0-471-61293-6.