1)Information processing controlsthat cover risks related to the authorization,completeness and accuracy of transactions.A.General controlapply to computer information systems as a whole andinclude controls related vary software and hardware. General controlsare evaluated before application controls because weak generalcontrols may allow strong application controls to be compromised.a)Organization controlsconsider the segregation of duties within theIT department and between IT and user department.b)Systems development and maintenance controlsrelate to review,testing and approval of new systems and program changes, andcontrols over documentation.c)Access controlsare designed to prevent unauthorized use of ITequipment, data files and computer programs.d)Data and procedural controlsprovide vary operations in the event ofa physical disaster or computer failure through adequate file backupand other controls.B.Application controlsis to use the power of information technology tocontrol transactions in individual transaction cycles. Following controlsprovide reasonable assurance that the recording processing andreporting of data by IT are properly performed for specificapplication.a)Input controlare program controls designed to detect and reporterrors in data that are input for processing.b)Processing controlsare designed to provide reasonable assurancethat the computer processing has been performed as intended forthe particular application.c)Output controlsare designed to ensure that the processing resultsare correct and that only authorized personnel receive the output.2)Segregation of dutiesensure that individuals do not perform incompatibleduties.3)Physical controlslimit access to assets and important records. Such controlcan be direct control and indirect control.4)Performance reviews involve manager’s participation in the supervision ofoperations.5.Monitoring is a process to ensure the quality of internal control performanceover time. It usually involve 1) ongoing monitoring programs, 2)separateevaluations, and 3)reporting deficiencies to the audit committee.
Limitations of controlCosts v benefits,the cost of an entity’s internal control structure should notexceed the benefits that are expected to ensue.Management override,management can overrule prescribed policies orprocedures for illegitimate purposes. Non-routine transactions,will generally be an increased risk associated withinthe entity.Mistakes in judgment,inadequate information, time constraints or otherpressures, management and other personnel may exercise poor judgment inmaking business decisions or performing routing duties.Collusion,individuals acting together may evade the planned segregation ofduties to perpetrate and conceal an irregularity.