AAP - James Hall 2016 Overview of Accounting Information Systems PDF

Document Details

Uploaded by Deleted User

James Hall

Tags

accounting fraud internal controls business

Summary

This document overview of accounting information systems discusses payroll fraud, expense reimbursements, thefts of cash, and non-cash misappropriations, as well as the concepts and techniques of internal controls. It also covers computer fraud, and offers examples of various types of accounting fraud within an organiztion.

Full Transcript

112 IPN ARS I Overview of Accounting Information Systems Payroll Fraud Payroll fraud is the distribution of fraudulent paychecks to existent and/or nonexistent employees. For example, a supervisor keeps an employee on the payroll who has left the organization. Each...

112 IPN ARS I Overview of Accounting Information Systems Payroll Fraud Payroll fraud is the distribution of fraudulent paychecks to existent and/or nonexistent employees. For example, a supervisor keeps an employee on the payroll who has left the organization. Each week, the supervisor continues to submit time cards to the payroll department as if the employee were still working for the victim organization. The fraud works best in organizations in which the supervisor is responsible for distributing paychecks to employees. The supervisor may thus inter- cept the paycheck, forge the former employee’s signature, and cash it. Another example of payroll fraud is to inflate the hours worked on an employee time card so that he or she will receive a larger than deserved paycheck. This type of fraud often involves collusion with the supervisor or timekeeper. Expense Reimbursements Expense reimbursement frauds are schemes in which an employee makes a claim for reimburse- ment of fictitious or inflated business expenses. For example, a company salesperson files false expense reports, claiming meals, lodging, and travel that never occurred. Thefts of Cash Thefts of cash are schemes that involve the direct theft of cash on hand in the organization. An example of this is an employee who makes false entries on a cash register, such as voiding a sale, to conceal the fraudulent removal of cash. Another example is a bank employee who steals cash from the vault. Non-Cash Misappropriations Non-cash fraud schemes involve the theft or misuse of the victim organization’s non-cash assets. One example of this is a warehouse clerk who steals inventory from a warehouse or storeroom. Another example is a customer services clerk who sells confidential customer information to a third party. Computer Fraud Because computers lie at the heart of modern accounting information systems, the topic of computer fraud is of importance to auditors. Although the fundamental structure of fraud is unchanged by computers—fraudulent statements, corruption, and asset misappropriation—computers do add com- plexity to the fraud picture. To fully appreciate these complexities requires an awareness of technol- ogy and internal control issues that are discussed in subsequent chapters. Computer fraud is therefore deferred to Chapter 15, where we examine a number of related topics. Internal Control Concepts and Techniques With a backdrop of ethics and fraud in place, let’s now examine internal control concepts and techniques for dealing with these problems. The internal control system comprises policies, prac- tices, and procedures employed by the organization to achieve four broad objectives:. To safeguard assets of the firm.. To ensure the accuracy and reliability of accounting records and information. NO W—. To promote efficiency in the firm’s operations.. To measure compliance with management’s prescribed policies and procedures.” JBN 17 American Institute of Certified Public Accountants, AICPA Professional Standards, Vol. 1. AU Sec. 320. (New York: AICPA, 1987): 30-35. GyHeAGR A BERS 3 Ethics, Fraud, and Internal Control 113 Modifying Assumptions Inherent in these control objectives are four modifying assumptions that guide designers and audi- tors of internal controls.!® MANAGEMENT RESPONSIBILITY. This concept holds that the establishment and mainte- nance of a system of internal control is a management responsibility. This point is made eminent in SOX legislation. REASONABLE ASSURANCE. The internal control system should provide reasonable assurance that the four broad objectives of internal control are met in a cost-effective manner. This means that no system of internal control is perfect and the cost of achieving improved control should not outweigh its benefits. METHODS OF DATA PROCESSING. Internal controls should achieve the four broad objec- tives regardless of the data processing method used. The control techniques used to achieve these objectives will, however, vary with different types of technology. LIMITATIONS. Every system of internal control has limitations on its effectiveness. These include (1) the possibility of error—no system is perfect, (2) circumvention—personnel may cir- cumvent the system through collusion or other means, (3) management override—management is in a position to override control procedures by personally distorting transactions or by directing a subordinate to do so, and (4) changing conditions—conditions may change over time and render existing controls ineffective. Exposures and Risk Figure 3-2 portrays the internal control system as a shield that protects the firm’s assets from numerous undesirable events that bombard the organization. These include attempts at unautho- rized access to the firm’s assets (including information); fraud perpetrated by persons both inside and outside the firm; errors due to employee incompetence, faulty computer programs and cor- rupted input data; and mischievous acts, such as unauthorized access by computer hackers and threats from computer viruses that destroy programs and databases. The absence or weakness of a control is called an exposure. Exposures, which are illustrated as holes in the control shield in Figure 3-2, increase the firm’s risk to financial loss or injury from undesirable events. A weakness in internal control may expose the firm to one or more of the fol- lowing types of risks: 1. Destruction of assets (both physical assets and information). 2. Theft of assets. 3. Corruption of information or the information system. 4. Disruption of the information system. The Preventive-Detective-Corrective Internal Control Model Figure 3-3 illustrates that the internal control shield is composed of three levels of control: preven- tive controls, detective controls, and corrective controls. This is the preventive-detective-corrective (PDC) control model. PREVENTIVE CONTROLS. Prevention is the first line of defense in the control structure. Preventive controls are passive techniques designed to reduce the frequency of occurrence of 18 American Institute of Certified Public Accountants, Committee on Auditing Procedure, /nternal Control—Elements of a Coordinated System and Its Importance to Management and the Independent Public Accountant, Statement on Auditing Standards No. 1, Sec. 320 (New York: AICPA, 1973). 114 PEARS Tar Overview of Accounting Information Systems FIGURE ey. INTERNAL CONTROL SHIELD Undesirable Events e Access e Fraud e Errors e Mischief Exposure INTERNAL CONTROL Learning” Cengage © undesirable events. Preventive controls force compliance with prescribed or desired actions and thus screen out aberrant events. When designing internal control systems, an ounce of prevention is most certainly worth a pound of cure. Preventing errors and fraud is far more cost-effective than detecting and correcting problems after they occur. The vast majority of undesirable events can be blocked at this first level. For example, a well-designed source document is an example of a preventive control. The logical layout of the document into zones that contain specific data, such as customer name, address, items sold, and quantity, forces the clerk to enter the necessary data. The source documents can therefore prevent necessary data from being omitted. However, not all problems can be anticipated and prevented. Some will elude the most comprehensive net- work of preventive controls. CrHPACRAlEE eRe Ss Ethics, Fraud, and Internal Control 115 FIGURE a3 PREVENTIVE, DETECTIVE, AND CORRECTIVE CONTROLS Undesirable Events Preventive Preventive Preventive Preventive Sexe Levels Detective Detective Detective of Control N“ we eae aoe ® Cengage © Learning DETECTIVE CONTROLS. Detective controls form the second line of defense. These are devices, techniques, and procedures designed to identify and expose undesirable events that elude preven- tive controls. Detective controls reveal specific types of errors by comparing actual occurrences to pre-established standards. When the detective control identifies a departure from standard, it sounds an alarm to attract attention to the problem. For example, assume a clerk entered the fol- lowing data on a customer sales order: Quantity Price Total 10 $10 $1,000 Before processing this transaction and posting to the accounts, a detective control should recal- culate the total value using the price and quantity, and expose the error. CORRECTIVE CONTROLS. Corrective controls are actions taken to reverse the effects of errors detected in the previous step. There is an important distinction between detective controls and cor- rective controls. Detective controls identify anomalies and draw attention to them; corrective con- trols actually fix the problem. For any detected error, however, there may be more than one feasible corrective action, and the best course of action may not always be obvious. For example, in viewing the error above, your first inclination may have been to change the total value from $1,000 to $100 to correct the problem. This presumes that the quantity and price values on the document are correct; they may not be. At this point, we cannot determine the real cause of the problem; we know only that one exists. Linking a corrective action to a detected error, as an automatic response, may result in an incor- rect action that causes a worse problem than the original error. For this reason, error correction should be viewed as a separate control step that should be taken cautiously. The PDC control 116 BeAV Riel Overview of Accounting Information Systems model is conceptually pleasing but offers little practical guidance for designing specific controls. For this, we need a more precise framework. The current authoritative document for specifying internal control objectives and techniques is Statement on Auditing Standards (SAS) No. 109,!? which is based on the COSO framework. We discuss the key elements of the COSO framework later. Sarbanes-Oxley and Internal Control Sarbanes-Oxley legislation requires management of public companies to implement an adequate system of internal controls over their financial reporting process. This includes controls over trans- action processing systems that feed data to the financial reporting systems. Management’s respon- sibilities for this are codified in Sections 302 and 404 of SOX. Section 302 requires that corporate management (including the CEO) certify the organization’s internal controls on a quarterly and annual basis. In addition, Section 404 requires the management of public companies to assess the effectiveness of the organization’s internal controls. This entails providing an annual report addressing the following points: (1) a statement of management’s responsibility for establishing and maintaining adequate internal control, (2) an assessment of the effectiveness of the company’s internal controls over financial reporting, (3) a statement that the organization’s external auditors have issued an attestation report on management’s assessment of the company’s internal controls, (4) an explicit written conclusion as to the effectiveness of internal control over financial report- ing,’ and (5) a statement identifying the framework used in the assessment of internal controls. Regarding the control framework to be used, both the PCAOB and the SEC have endorsed the framework put forward by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Further, they require that any other framework used should encompass all of COSO’s general themes.*’ The COSO framework was the basis for SAS 109, which was developed for audi- tors and describes the complex relationship between a firm’s internal controls, the auditor’s assess- ment of risk, and the planning of audit procedures. The key elements of the COSO framework are presented in the following section. COSO INTERNAL CONTROL FRAMEWORK The COSO framework consists of five components: the control environment, risk assessment, information and communication, monitoring, and control activities. The Control Environment The control environment is the foundation for the other four control components. The control environment sets the tone for the organization and influences the control awareness of its manage- ment and employees. Important elements of the control environment are: ¢ The integrity and ethical values of management. ¢ The structure of the organization. ¢ The participation of the organization’s board of directors and the audit committee, if one exists. * Management’s philosophy and operating style. * The procedures for delegating responsibility and authority. * Management’s methods for assessing performance. ¢ External influences, such as examinations by regulatory agencies. * The organization’s policies and practices for managing its human resources. 19 SAS 109, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement, New York: AICPA March 2006. 20 Management may not conclude that internal controls are effective if one or more material weaknesses exist. In addi- tion, management must disclose all material weaknesses that exist as of the end of the most recent fiscal year. 21 A popular competing control framework is Control Objectives for Information and related Technology (COBIT®) published by the IT Governance Institute (ITGI). This framework maps into COSO’s general themes. (© el ARP Ue AY 33} Ethics, Fraud, and Internal Control 117 SAS 109 requires that auditors obtain sufficient knowledge to assess the attitude and awareness of the organization’s management, board of directors, and owners regarding internal control. The following paragraphs provide examples of techniques that may be used to obtain an understand- ing of the control environment. 1. Auditors should assess the integrity of the organization’s management and may use investiga- tive agencies to report on the backgrounds of key managers. Some of the “Big Four” public accounting firms employ former FBI agents whose primary responsibility is to perform back- ground checks on existing and prospective clients. If cause for serious reservations comes to light about the integrity of the client, the auditor should withdraw from the audit. The repu- tation and integrity of the company’s managers are critical factors in determining the audit- ability of the organization. Auditors cannot function properly in an environment in which client management 1s deemed unethical and corrupt. i) Auditors should be aware of conditions that would predispose the management of an organi- zation to commit fraud. Some of the obvious conditions may be lack of sufficient working capital, adverse industry conditions, bad credit ratings, and the existence of extremely restric- tive conditions in bank or indenture agreements. If auditors encounter any such conditions, their examination should give due consideration to the possibility of fraudulent financial reporting. Appropriate measures should be taken, and every attempt should be made to uncover any fraud.. Auditors should understand a client’s business and industry and should be aware of condi- tions peculiar to the industry that may affect the audit. Auditors should read industry-related literature and familiarize themselves with the risks that are inherent in the business.. The board of directors should adopt, as a minimum, the provisions of SOX. In addition, the following guidelines represent established best practices. ¢ Separate CEO and chairman. The roles of CEO and board chairman should be separate. Executive sessions give directors the opportunity to discuss issues without management present, and an independent chairman is important in facilitating such discussions. ° Set ethical standards. The board of directors should establish a code of ethical standards from which management and staff will take direction. At a minimum, a code of ethics should address such issues as outside employment conflicts, acceptance of gifts that could be construed as bribery, falsification of financial and/or performance data, conflicts of interest, political contributions, confidentiality of company and customer data, honesty in dealing with internal and external auditors, and membership on external boards of directors. ¢ Establish an independent audit committee. The audit committee is responsible for selecting and engaging an independent auditor, for ensuring that an annual audit is conducted, for reviewing the audit report, and for ensuring that deficiencies are addressed. Large organi- zations with complex accounting practices may need to create audit subcommittees that specialize in specific activities. * Compensation committees. The compensation committee should not be a rubber stamp for management. Excessive use of short-term stock options to compensate directors and execu- tives may result in decisions that influence stock prices at the expense of the firm’s long- term health. Compensation schemes should be carefully evaluated to ensure that they create the desired incentives. * Nominating committees. The board nominations committee should have a plan to maintain a fully staffed board of directors with capable people as it moves forward for the next sey- eral years. The committee must recognize the need for independent directors and have cri- teria for determining independence. For example, under its newly implemented governance standards, General Electric (GE) considers directors independent if the sales to, and pur- chases from, GE total less than | percent of the revenue of the companies for which they serve as executives. Similar standards apply to charitable contributions from GE to any 118 P2AGRST al Overview of Accounting Information Systems organization on which a GE director serves as officer or director. In addition, the company has set a goal that two-thirds of the board will be independent nonemployees.”” ¢ Access to outside professionals. All committees of the board should have access to attorneys and consultants other than the corporation’s normal counsel and consultants. Under the provisions of SOX, the audit committee of an SEC reporting company is entitled to such representation independently. Risk Assessment Organizations must perform a risk assessment to identify, analyze, and manage risks relevant to financial reporting. Risks can arise or change from circumstances such as: ¢ Changes in the operating environment that impose new or changed competitive pressures on the firm. ¢ New personnel who have a different or inadequate understanding of internal control. ¢ New or reengineered information systems that affect transaction processing. ¢ Significant and rapid growth that strains existing internal controls. ¢ The implementation of new technology into the production process or information system that impacts transaction processing. ¢ The introduction of new product lines or activities with which the organization has little experience. ¢ Organizational restructuring resulting in the reduction and/or reallocation of personnel such that business operations and transaction processing are affected. Entering into foreign markets that may impact operations (that is, the risks associated with for- eign currency transactions). * Adoption of a new accounting principle that impacts the preparation of financial statements. SAS 109 requires that auditors obtain sufficient knowledge of the organization’s risk assessment procedures to understand how management identifies, prioritizes, and manages the risks related to financial reporting. Information and Communication The accounting information system consists of the records and methods used to initiate, identify, analyze, classify, and record the organization’s transactions and to account for the related assets and liabilities. The quality of information the accounting information system generates impacts management’s ability to take actions and make decisions in connection with the organization’s operations and to prepare reliable financial statements. An effective accounting information system will: ¢ Identify and record all valid financial transactions. ¢ Provide timely information about transactions in sufficient detail to permit proper classification and financial reporting. ¢ Accurately measure the financial value of transactions so their effects can be recorded in finan- cial statements. ¢ Accurately record transactions in the time period in which they occurred. SAS 109 requires that auditors obtain sufficient knowledge of the organization’s information sys- tem to understand: e The classes of transactions that are material to the financial statements and how those transac- tions are initiated. 22 Rachel E. Silverman, “GE Makes Changes in Board Policy,” The Wall Street Journal (November 8, 2002). GH AGPATSE YR: 3: Ethics, Fraud, and Internal Control 119 ° The accounting records and accounts that are used in the processing of material transactions. * The transaction processing steps involved from the initiation of a transaction to its inclusion in the financial statements. ° The financial reporting process used to prepare financial statements, disclosures, and accounting estimates. Monitoring Management must determine that internal controls are functioning as intended. Monitoring is the process by which the quality of internal control design and operation can be assessed. This may be accomplished by separate procedures or by ongoing activities. An organization’s internal auditors may monitor the entity’s activities in separate procedures. They gather evidence of control adequacy by testing controls and then communicate control strengths and weaknesses to management. As part of this process, internal auditors make specific recommendations for improvements to controls. Ongoing monitoring may be achieved by integrating special computer modules into the infor- mation system that capture key data and/or permit tests of controls to be conducted as part of routine operations. Embedded modules thus allow management and auditors to maintain constant surveillance over the functioning of internal controls. In Chapter 17, we examine a number of embedded module techniques. Another technique for achieving ongoing monitoring is the judicious use of management reports. Timely reports allow managers in functional areas such as sales, purchasing, production, and cash disbursements to oversee and control their operations. By summarizing activities, highlighting trends, and identifying exceptions from normal performance, well-designed management reports provide evidence of internal control function or malfunction. In Chapter 8, we review the manage- ment reporting system and examine the characteristics of effective management reports. Control Activities Control activities are the policies and procedures used to ensure that appropriate actions are taken to deal with the organization’s identified risks. Control activities are grouped into two distinct categories: information technology (IT) controls and physical controls. IT CONTROLS. IT controls relate specifically to the computer environment. They fall into two broad groups: general controls and application controls. General controls pertain to entity-wide IT concerns such as controls over the data center, organization databases, network security, sys- tems development, and program maintenance. These control issues need to be discussed within the context of specific technologies that are the topics of several chapters of this book. Therefore, we defer treatment of general IT controls to Chapters 15, 16, and 17, which deal with this exten- sive body of material. Application controls ensure the integrity of specific computer systems such as sales order processing, accounts payable, and payroll applications. We examine application control issues and techniques later in this chapter. PHYSICAL CONTROLS. This class of controls relates to the human activities employed in accounting systems. These activities may be purely manual, such as the physical custody of assets, or they may involve the physical use of computers to record transactions or update accounts. Physical controls do not relate to the computer logic that actually performs accounting tasks. Rather, they relate to the human activities that trigger those tasks or utilize the results of those tasks. In other words, physical controls focus on people, but are not restricted to an environment in which clerks update paper accounts with pen and ink. Virtually all systems, regardless of their sophistication, employ human activities that need to be controlled. Our discussion will address issues pertaining to six categories of physical control activities: transaction authorization, segregation of duties, supervision, accounting records, access control, and independent verification. 120 PVAGR Si I Overview of Accounting Information Systems Ce 3-4 SEGREGATION OF DuTiEs OBJECTIVES TRANSACTION [ | Control Objective 2 Authorization Custody idi General Control Objective 3 aaa ; ee Learning” ©Cengage TRANSACTION AUTHORIZATION. The purpose of transaction authorization is to ensure that all material transactions processed by the information system are valid and in accordance with management’s objectives. Authorizations may be general or specific. General authority is granted to operations personnel to perform day-to-day operations. An example of general authorization 1s the procedure to authorize the purchase of inventories from a designated vendor only when inven- tory levels fall to their predetermined reorder points. This is called a programmed procedure (not necessarily in the computer sense of the word) in which the decision rules are specified in advance, and no additional approvals are required. On the other hand, specific authorizations deal with case-by-case decisions associated with nonroutine transactions. An example of this is the decision to extend a particular customer’s credit limit beyond the normal amount. Specific authority is usually a management responsibility. SEGREGATION OF DUTIES. One of the most important control activities is the segregation of employee duties to minimize incompatible functions. Segregation of duties can take many forms, depending on the specific duties to be controlled. However, the following three objectives provide general guidelines applicable to most organizations. These objectives are illustrated in Figure 3-4. Objective 1. The segregation of duties should be such that the authorization for a transaction is separate from the processing of the transaction. For example, the purchasing department should not initiate purchases until the inventory control department gives authorization. This separation of tasks is a control to prevent individuals from purchasing unnecessary inventory. Objective 2. Responsibility for the custody of assets should be separate from the record-keeping responsibility. For example, the department that has physical custody of finished goods inventory (the warehouse) should not keep the official inventory records. Accounting for finished goods inventory is performed by inventory control, an accounting function. When a single individual or department has responsibility for both asset custody and record keeping, the potential for fraud exists. Assets can be stolen or lost, and the accounting records falsified to hide the event. Objective 3. The organization should be structured so that a successful fraud requires collusion between two or more individuals with incompatible responsibilities. For example, no individual should have sufficient access to accounting records to perpetrate a fraud. Thus, journals, subsidiary CAHPAGR ATE Bere 3) Ethics, Fraud, and Internal Control 121 ledgers, and the general ledger are maintained separately. For most people, the thought of approaching another employee with the proposal to collude in a fraud presents an insurmountable psychological barrier. The fear of rejection and subsequent disciplinary action discourages solicitations of this sort. However, when employees with incompatible responsibilities work together daily in close quarters, the resulting familiarity tends to erode this barrier. For this reason, the segregation of incompatible tasks should be physical as well as organizational. Indeed, concern about personal familiarity on the job is the justification for establishing rules prohibiting nepotism. SUPERVISION. Implementing adequate segregation of duties requires that a firm employ a suf- ficiently large number of employees. Achieving adequate segregation of duties often presents diffi- culties for small organizations. Obviously, it is impossible to separate five incompatible tasks among three employees. Therefore, in small organizations or in functional areas that lack suffi- cient personnel, management must compensate for the absence of segregation controls with close supervision. For this reason, supervision is often called a compensating control. An underlying assumption of supervision control is that the firm employs competent and trust- worthy personnel. Obviously, no company could function for long on the alternative assumption that its employees are incompetent and dishonest. The competent and trustworthy employee assumption promotes supervisory efficiency. Firms can thus establish a managerial span of control where a single manager supervises several employees. In manual systems, maintaining a span of control tends to be straightforward because both manager and employees are at the same physical location. ACCOUNTING RECORDS. The accounting records of an organization consist of source docu- ments, journals, and ledgers. These records capture the economic essence of transactions and pro- vide an audit trail of economic events. The audit trail enables the auditor to trace any transaction through all phases of its processing from the initiation of the event to the financial statements. Organizations must maintain audit trails for two reasons. First, this information is needed for con- ducting day-to-day operations. The audit trail helps employees respond to customer inquiries by showing the current status of transactions in process. Second, the audit trail plays an essential role in the financial audit of the firm. It enables external (and internal) auditors to verify selected transactions by tracing them from the financial statements to the ledger accounts, to the journals, to the source documents, and back to their original source. For reasons of both practical expedi- ence and legal obligation, business organizations must maintain sufficient accounting records to preserve their audit trails. ACCESS CONTROL. The purpose of access controls is to ensure that only authorized personnel have access to the firm’s assets. Unauthorized access exposes assets to misappropriation, damage, and theft. Therefore, access controls play an important role in safeguarding assets. Access to assets can be direct or indirect. Physical security devices, such as locks, safes, fences, and electronic and infrared alarm systems, control against direct access. Indirect access to assets is achieved by gain- ing access to the records and documents that control the use, ownership, and disposition of the asset. For example, an individual with access to all the relevant accounting records can destroy the audit trail that describes a particular sales transaction. Thus, by removing the records of the transaction, including the accounts receivable balance, the sale may never be billed and the firm will never receive payment for the items sold. The access controls needed to protect accounting records will depend on the technological characteristics of the accounting system. Indirect access control is accomplished by controlling the use of documents and records and by segregating the duties of those who must access and process these records. INDEPENDENT VERIFICATION. Verification procedures are independent checks of the accounting system to identify errors and misrepresentations. Verification differs from supervision because it takes place after the fact, by an individual who is not directly involved with the transac- tion or task being verified. Supervision takes place while the activity is being performed, by a 122 IP AIR I Overview of Accounting Information Systems supervisor with direct responsibility for the task. Through independent verification procedures, management can assess (1) the performance of individuals, (2) the integrity of the transaction pro- cessing system, and (3) the correctness of data contained in accounting records. Examples of inde- pendent verifications include: * Reconciling batch totals at points during transaction processing. * Comparing physical assets with accounting records. * Reconciling subsidiary accounts with control accounts. ¢ Reviewing management reports (both computer and manually generated) that summarize busi- ness activity. The timing of verification depends on the technology employed in the accounting system and the task under review. Verifications may occur several times an hour or several times a day. In some cases, verification may occur daily, weekly, monthly, or annually. IT APPLICATION CONTROLS Management and auditors are required under SOX to consider IT application controls relevant to financial reporting. Application controls are associated with specific applications, such as payroll, purchases, and cash disbursements systems, and fall into three broad categories: input controls, processing controls, and output controls. : Input Controls Input controls are programmed procedures, often called edits, which perform tests on transaction data to ensure that they are free from errors. Edit routines are designed into systems at different points, depending on whether processing is real time or batch. Edit controls in real-time systems are placed at the data collection stage to monitor data as they are entered from terminals. Batch systems collect data in transaction files, where they are temporarily held for subsequent processing. In that case, edit tests are performed in a separate procedure (the edit run) prior to the master file update process. Whatever the edit method used, transaction data should never update master files until the transactions have been tested for validity, accuracy, and completeness. If a record fails an edit test, it 1s flagged as an “error” record and rejected. Later, we will see how to deal with these records. The following are examples of input edit controls. CHECK DIGIT. Data codes are used extensively in transaction processing systems for represent- ing such things as customer accounts, items of inventory, and general ledger accounts in the chart of accounts. If the data code of a particular transaction is entered incorrectly and goes undetected, then a transaction processing error will occur, such as posting to the wrong account. These proces- sing problems are caused by two common types of data input errors: transcription errors and transposition errors. Transcription errors are divided into three categories: 1. Addition errors occur when an extra digit or character is added to the code. For example, inventory item number 83276 is recorded as 832766. i) Truncation errors occur when a digit or character is removed from the end of a code. In this type of error, the inventory item above would be recorded as 8327. 3. Substitution errors are the replacement of one digit in a code with another. For example, code number 83276 is recorded as 83266. 2 Transposition errors are of two types. 1. Single transposition errors occur when two adjacent digits are reversed. For instance, 83276 is recorded as 38276. 2. Multiple transposition errors occur when nonadjacent digits are transposed. For example, 83276 is recorded as 87236.

Use Quizgecko on...
Browser
Browser