94%(172)162 out of 172 people found this document helpful
This preview shows page 142 - 145 out of 145 pages.
In studying and evaluating the controls surrounding computerized systems, theindependent auditor anticipates finding certain procedures in use. Computercontrols are divided into "general" and "applications" controls. General controlsrelate to all EDP activities and include: A plan of organization and operation of the EDP function.Procedures for documenting, reviewing, testing, and approving systems orprograms and changes in them.Hardware and programmed controls built into the operating systems.Access controls.Other data and procedural controls (e.g., record reconstruction, backupfacilities, emergency procedures, etc.).Applications controlsrelate to specific tasks performed by the EDP department,such as preparing payroll. These controls are intended to provide assurance thatthe recording, processing, and reporting of data are properly performed.Applications controls can be further divided into "input," "processing," and"output" controls. Input controls ensure that input data is authorized, converted into machine-sensible form, verified, and not lost, duplicated, or altered.Processing controls provide assurance that transactions are processed, asauthorized, and that none were added or omitted.Output controls ensure that output data are accurate and received only byauthorized personnel.In Lakeside's situation, specific controls would include the following:-All programs should be purchased from reputable software firms or written byemployees with an appropriate background in software development. Thecompany's entire accounting system often depends on the reliability of theseprograms; thus, control must begin with their very creation. Programmersshould be segregated from computer operators and not permittedunrestricted access to the hardware so that the programmers cannotmanipulate any of the programs. -Proper documentation should be furnished with all programs to indicate thecontrols that have been established within the various functions. Thisdocumentation allows the client to verify that each program was developed inan appropriate manner and has not been improperly modified since it wasput into operation. All program alterations and updates are to bedocumented and reviewed by appropriate supervisory personnel prior to anychanges being made.-Testing of all programs should be performed before the client relies on them.For a time, as an example, the company may want to run parallel processingwhere all functions are carried out both manually as well as through the new143
information system to ensure that the output is accurate. In addition,Lakeside should process test (or erroneous) data using the various computersystems to further verify the reliability of the output.