This preview shows pages 1–3. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: CHAPTER 8 Consideration of Internal Control in an IT Environment Review Questions 8-1 System software monitors and controls hardware and provides other support to application programs. The computer's operating system and utility programs are important components of system software. Application software consists of programs that perform specific tasks, such as updating the accounts receivable master file. 8-2 End user computing makes the user responsible for the development and execution of the IT application that generates the information employed by that same user. In end user computing a user frequently uses off-the-shelf software on a microcomputer. A distributed data processing network uses communication links to share centralized data and programs among various users in remote locations throughout the organization. 8-3 A local area network interconnects computers within a limited area, typically a building or a small cluster of buildings. 8-4 User control activities are procedures applied by users to test the accuracy and reasonableness of computer output. Manual application control activities typically involve information system employee follow-up of items listed on computer exception reports. 8-5 Internal labels are machine readable messages at the beginning and end of a tape or disk file. The header label, at the beginning, identifies the file and its creation date, and the trailer label marks the end of the file and usually includes one or more control totals. External labels are gummed paper labels placed on the outside of a tape or disk pack to identify its contents. Both internal and external labels are designed to prevent computer operators from processing the wrong files. 8-6 The term general control activities is used to describe controls that apply to all or many IT systems in an organization. General control activities include controls over the development of programs and systems, controls over changes to programs and systems, controls over computer operations, and controls over access to programs and data. Application control activities are controls that apply to specific computer accounting tasks, such as the updating of accounts receivable. This category includes programmed controls embedded in computer programs and manual follow-up activities consisting of follow-up procedures on computer exception reports. 8-7 No. While it is true that many duties that might be separated in a manual system are combined in an information systems department, separation of duties is still an important means of achieving internal control. The separation of duties in an information systems department follows a somewhat different pattern than in a manual system. In the latter, duties are separated to enable independent records to be maintained and reconciled. In an information systems department, many records can be maintained and reconciled by computer. However, separation of duties is necessary so that no one employee is in a position to make unauthorized changes in programs or data files. in a position to make unauthorized changes in programs or data files....
View Full Document
- Spring '08