INFOTECH3-Module-4&5 PDF
Document Details
Uploaded by PrizeErbium3896
RTUian
Tags
Related
- Application Security Frame PDF
- Chapter 2 Powerpoint - Auditing Principles PDF
- National Guide for Auditors in Infection Control Auditing Strategies for Healthcare Facilities 2024 PDF
- Application of engineering controls and work practice control PDF
- Auditing and Assurance PDF Study Material
- REVIEWER-NG-MAKAKAPERPEK PDF
Summary
This document provides information on application controls and auditing computer processing systems (particularly on modules 4 & 5). It details various aspects of these topics, including prevention and detection controls, and the importance of data reliability and adherence to policies.
Full Transcript
Module 4 Application Controls Proud to be RTUian Application Controls - - consist of manual and automatic procedures that relate to specific accounting systems such as payroll, accounts, receivable and cash disbursements. Proud to be RTUian Application Con...
Module 4 Application Controls Proud to be RTUian Application Controls - - consist of manual and automatic procedures that relate to specific accounting systems such as payroll, accounts, receivable and cash disbursements. Proud to be RTUian Application Controls - the purpose is to ensure an acceptable level of internal control in each accounting system. - these are located in each of the data processing functions of input, processing and output. Proud to be RTUian Application Controls A. Controls methodology B. Audit trail C. Data entry controls D. Processing controls E. Output controls Proud to be RTUian A. Controls Methodology - a description of the role that controls play in accounting systems. - auditors must make a series of evaluation and determination before the usefulness of controls can be defined. Proud to be RTUian A. Controls Methodology - Steps to determine the usefulness of controls: 1. Determine the likelihood of exposures resulting from errors and irregularities. 2. Set broad management control objectives translated into system objectives. 3. Evaluate the role that controls play in an accounting system. 1. Determine the likelihood of exposures resulting from errors and irregularities: a. Unreliable data b. Improper processing c. Loss or destruction of assets and records d. Failure to accomplish organizational objectives e. Operational inefficiency Proud to be RTUian 2. Set broad management control objectives translated into system objectives Management Objective System Objectives a. Completeness 1. To provide b. Accuracy reliable data c. d. Uniqueness Reasonableness e. Errors are detected, corrected, and resubmitted. 2. Set broad management control objectives translated into system objectives Management Objective System Objectives 2. To encourage a. Timeliness adherence to b. Valuation prescribed c. Classification accounting policies 2. Set broad management control objectives translated into system objectives Management Objective System Objectives 3. To safeguard a. Transaction authorization assets and b. Distribution of output c. Validity records d. Security of data and records Application Controls A. Controls methodology B. Audit trail C. Data entry controls D. Processing controls E. Output controls Proud to be RTUian B. Audit trail - consists of the input, processing and output documentation and file data that permit the tracing of transaction processing. Proud to be RTUian Application Controls A. Controls methodology B. Audit trail C. Data entry controls D. Processing controls E. Output controls Proud to be RTUian C. Data entry controls Risk controllable during data entry: a. Unreliable data i. Omission ii. More than once iii. Inaccurate data Proud to be RTUian C. Data entry controls Risk controllable during data entry: b. Non-adherence to accounting policies i. Wrong accounting period ii. Improper valuation or classification c. Loss of assets and records i. Unauthorized/invalid transactions Proud to be RTUian C. Data entry controls: prevention and detection Prevention Controls a. Computer assisted procedures > screen formats and computer dialogue Detection Controls a. Data entry validation tests b. Record confirmation check c. Data approval test Proud to be RTUian Application Controls A. Controls methodology B. Audit trail C. Data entry controls D. Processing controls E. Output controls Proud to be RTUian D. Processing Controls Risk controllable during processing: a. Unreliable data i. Incorrect calculations ii. Incorrect processing logic iii. Use of wrong file / record Proud to be RTUian D. Processing Controls Risk controllable during processing: b. Adherence to accounting policies i. Wrong version of the program c. Loss of assets and records i. System generated transactions and financial entries may not be in accordance with agreed policy. D. Processing Controls: prevention and detection Prevention Controls a. General controls Detection Controls a. Arithmetic accuracy test i. Double arithmetic, e.g., reverse multiplication ii. Overflow check b. Dual field input c. Run-to-run totals D. Processing Controls Correction Control a. Errors corrected and processed with current job b. Errors removed and corrected subsequently c. Errors discovered subsequent to processing - Corrected through adjusting entry Application Controls A. Controls methodology B. Audit trail C. Data entry controls D. Processing controls E. Output controls Proud to be RTUian E. Output Controls Risk controllable during data processing output: a. Unreliable data i. Output received by the user may be inaccurate or incomplete ii. Non-adherence to accounting policies iii. Improper classification and valuation E. Output Controls Risk controllable during data processing output: b. Loss of assets and records i. Distribution or display to unauthorized individuals Proud to be RTUian E. Output Controls: prevention/detection/correction Prevention Controls i. Distribution checklist and schedule Detection Controls i. Review of the checklist and schedule Correction Controls i. Should be corrected at source Application Controls A. Controls methodology B. Audit trail C. Data entry controls D. Processing controls E. Output controls Proud to be RTUian Module 5 Auditing Computer Processing Proud to be RTUian Auditing Computer Processing 1. Auditing Computer Programs 2. Auditing Computer Files 3. Auditing Computer Processing Systems performed through: - non processing of data - processing of actual data - processing of simulated data Compliance Auditing Computer Programs Auditing Testing Computer Files Non- - Flowchart verification - File access processing - Program code checking, desk control checking, program listing of data testing verification (Auditing - Review of job control - Printout around the information: halts, examination computer) interruption or termination - Review of printouts, transactions and error listings Compliance Auditing Computer Auditing Computer Testing Programs Files Processing - Controlled - Custom- of actual processing designed data - Controlled re- programs / special purpose processing programs - Parallel - Generalized simulation audit software Compliance Auditing Computer Auditing Computer Testing Programs Files Processing - Test records - Test records of simulated - Integrated test - Integrated test facility, mini-company, data dummy company, facility, mini- extended test data company, dummy - Auditor’s central company, office: use of extended test simulated data transactions intermixed with actual transactions Substantive Auditing Computer Auditing Testing Programs Computer Files Non- - Flowchart - Printout processing verification examination of data - Program code checking, desk checking, program listing verification - Review of printouts, transactions and error listings Substantive Auditing Computer Auditing Computer Testing Programs Files Processing - Controlled - Utility program: of actual processing a program for data - Controlled re- carrying out a processing routine - Parallel function simulation - Generalized audit software Substantive Auditing Computer Auditing Computer Testing Programs Files Processing of - Test records - Test records simulated data - Integrated test - Integrated test facility, mini-company, facility, mini- dummy company, company, dummy extended test data company, extended - Auditor’s central test data office: use of simulated transactions intermixed with actual transactions Auditing Computer Processing 1. Auditing Computer Programs 2. Auditing Computer Files 3. Auditing Computer Processing Systems performed through: - non processing of data - processing of actual data - processing of simulated data Auditing Computer Processing Systems a. Integration of parts of the computer processing systems Proud to be RTUian Auditing Computer Processing Systems b. Integration of types of tests i. Separate tests on each program or file ii. Single tests combining the test of programs and files iii. Multiple tests combines mixture of compliance and substantive tests Proud to be RTUian Non-processing of data (auditing around the computer) Conditions necessary for using approach The auditor must be able to: 1. locate copies of the source documents 2. read the source documents and accounting reports without the aid of a computer Proud to be RTUian Non-processing of data (auditing around the computer) Conditions necessary for using approach The auditor must be able to: 3. trace transactions from the source documents to the accounting reports and from the accounting reports back to the source Proud to be RTUian
