The elements of internal control are the same; the computer just hanged the methods by which these elements are implemented. 2. What is meant by “general controls” in relation to SIS environment? General controls are those control policies and procedures that relate to the overall computer information system. The purpose of general SIS controls is to establish a framework Of overall controls over the SIS activities and to provide a reasonable assurance that the overall objectives of internal control are achieved.
These may include: -organization and management controls -application systems development and maintenance controls -computer operation controls -system software controls data entry and program controls 3.
Enumerate and describe each of the five (5) general controls in a SIS environment. A. Organizational Controls – just as in a manual system, there should be a written plan of the organization, with clear assignment of authority and responsibility.
In a SIS environment, the plan of an organization for an entity computer system should include segregation between the user and SIS department, and segregation of duties within the SIS department.
B. Systems development and documentation controls – software development as well as changes thereof must be approved by the appropriate level of management and the user department. To ensure that computer programs are functioning as designed, the program must be tested and modified, if needed, by the user and SIS environment. C.
Access Controls – every computer system should have adequate security controls to protect equipment, files and programs. Access to the computer should be limited only to operators and other authorized employees.
D. Data recovery controls – it provides for the maintenance of back-up files and off-site storage procedures. Computer files should be copied daily to tape or disks and secured off-site. In the event of disruption, reconstruction of files is achieved by updating the most recent back-up with subsequent transaction data. E. Monitoring controls – are designed to ensure that SIS controls are working effectively as planned.
These include periodic evaluation of the adequacy and effectiveness Of the overall SIS operations conducted by persons within or outside the entity. 4. What are the primary responsibilities of the following? A. SIS Director – Exercises control over the SIS operation. B. System Analyst Designs new systems, evaluates and improves existing systems, and prepares pacifications for programmers. C. Programmers – Guided by specifications of the systems analyst, the programmers writes a program, test and debugs such programs, and prepares the computer operation instruction. . Computer Operator – Using the program and detailed operation instructions prepared by the programmer, computer operator operates the computer to process transactions. E. Data Entry Operator – Prepares and verifies input data for processing. F. Librarian – Maintains custody of systems documentation, programs and files. G. Control Group -Reviews all input reoccurred, monitor computer processing follow-up data processing errors, reviews the reasonableness of output, and distributes output to authorized personnel. . Enumerate and describe each of the three (3) application controls in a SIS environment. A. Controls over Input – Input controls are designed to provide reasonable assurance that data submitted for processing are complete, properly authorize and accurately translated into machine readable form b. Controls over processing -? Processing controls are designed to provide reasonable assurance that input data are processed accurately, and that data re not lost, added, excluded, duplicated or improperly changed. C.
Control over output – Output controls are designed to provide reasonable assurance that the results of processing are complete, accurate and that these output are distributed only to authorized personnel. 6. Give at least six (6) input controls in relation to SIS environment. A. Key verification b. Field check c. Validity check d. Self-checking digit e. Limit check f. Control totals 7. What is meant by test of control in a SIS environment? Test of control in a SIS environment involves evaluation the client’s internal intro policies and procedures to determine if they are functioning as intended.
Regardless of the nature of the client’s data processing system, auditors must perform tests of controls fifthly intend to rely on the client’s internal control. The auditor’s objectives and scope of the audit do not change in a SIS environment. However, the use of the computer changes the processing and storage of financial information and may affect the organization and procedures employed by the entity to achieve adequate internal control. Accordingly, the methods employed by the auditor in testing he control may also be affected.
Testing the reliability of general controls may include observing clients personnel in performing their duties; inspecting program documentation; and observing the security measures in force. In testing application controls, the auditor may either audit around the computer or use Computer-Assisted Techniques. 8. What is meant by auditing around the computer? Auditing around the computer is similar to testing control in manual control structure in that it involves examination of documents and reports to determine the reliability of the system.
When using this approach, the auditor Norse the client’s data processing procedures, focusing solely on the input documents and the SIS output. Input data are simply reconciled with the output to verify the accuracy of processing. Auditing around the computer is based in the assumption that if the input reconciles with the output, the computer program must have processed the transaction accurately. 9. Distinguish between “Test data” and “Integrated Test Facility (TIFT’. Test Data is primarily designed to test the effectiveness of the internal control procedures which are incorporated in the client’s computer program.
The objective of the test data technique is to determine whether the client’s computer programs can correctly handle valid and invalid conditions as they arise while when using integrated test facility, the auditor creates dummy or fictitious employee or other appropriate unit for testing within the entity’s computer system. Unlike test data, which is run independent of the client’s data, an I TAP integrates the processing of the test data with the actual processing of ordinary transactions without management being aware of the testing process 10. Compare and contrast “parallel simulation”, ‘test data” and “integrated est. facility (TIFT)”.