2 142 In studying and evaluating the controls surrounding computerized systems

2 142 in studying and evaluating the controls

This preview shows page 142 - 145 out of 145 pages.

(2) 142
Image of page 142
In studying and evaluating the controls surrounding computerized systems, the independent auditor anticipates finding certain procedures in use. Computer controls are divided into "general" and "applications" controls. General controls relate to all EDP activities and include: A plan of organization and operation of the EDP function. Procedures for documenting, reviewing, testing, and approving systems or programs and changes in them. Hardware and programmed controls built into the operating systems. Access controls. Other data and procedural controls (e.g., record reconstruction, backup facilities, emergency procedures, etc.). Applications controls relate to specific tasks performed by the EDP department, such as preparing payroll. These controls are intended to provide assurance that the recording, processing, and reporting of data are properly performed. Applications controls can be further divided into "input," "processing," and "output" controls. Input controls ensure that input data is authorized, converted into machine- sensible form, verified, and not lost, duplicated, or altered. Processing controls provide assurance that transactions are processed, as authorized, and that none were added or omitted. Output controls ensure that output data are accurate and received only by authorized personnel. In Lakeside's situation, specific controls would include the following: - All programs should be purchased from reputable software firms or written by employees with an appropriate background in software development. The company's entire accounting system often depends on the reliability of these programs; thus, control must begin with their very creation. Programmers should be segregated from computer operators and not permitted unrestricted access to the hardware so that the programmers cannot manipulate any of the programs. - Proper documentation should be furnished with all programs to indicate the controls that have been established within the various functions. This documentation allows the client to verify that each program was developed in an appropriate manner and has not been improperly modified since it was put into operation. All program alterations and updates are to be documented and reviewed by appropriate supervisory personnel prior to any changes being made. - Testing of all programs should be performed before the client relies on them. For a time, as an example, the company may want to run parallel processing where all functions are carried out both manually as well as through the new 143
Image of page 143
information system to ensure that the output is accurate. In addition, Lakeside should process test (or erroneous) data using the various computer systems to further verify the reliability of the output.
Image of page 144
Image of page 145

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture