Aims of a computerised

accounting

information systems General and application controls

Limitations of controls

Threats to internal controls

Internal Controls (Part II)

Accounting System Design and Development

Identify 3 advantages of

computerised

application controls.

Proper authorisation such as authoring

valid

transaction

Proper record such as input and

output

accuracy Completeness

Timeliness

Consistent execution, authorisation,

and

application Enforce Completeness

More difficult to avoid

More timely and efficient to execute

More timely reporting and feedback!!

…etc

Some risks apply across a number of areas of the

organisation. To address these risks we have GENERAL

CONTROLS. General controls effect the overall information system.

General controls are established with the aim of providing

reasonable assurance that the internal control objectives are

achieved. These controls effect all applications

Seen as pervasive – these controls will apply across almost

all

of the information systems in an organisation. Support the effective operation of application controls

General Control◦ Policies/procedures relating to many applications

◦ Support the effective operation of application controls

Application Control

◦ Manual or automated

◦ Operate within a business process / application

◦ Relate to the initiation, recording, reporting and

processing

of events

◦ Deal with the aims of occurrence,

authorisation,

completeness and accuracy

custody of ◦ Access to systems

◦ Policies and procedures ◦ Data protectionTelecommunications

Access encryption techniques

To data files ◦ Disaster recovery

Hardware

Physical controls Segregation of duties

User access

System development procedures

User awareness of risks

Data storage procedures

Organisational Systems Development◦ Separation of duties ◦ User involvement Design, programming, ◦ Authorisation

operations, data entry, ◦ Documentation

documentation software restricted

Recruitment Termination ◦ Transmission /

To computer facilities Other

Authorised users ◦ Backup/Off site

storage

◦ Monitor and

detect

failures

processed, and use system output.

information needs and then design an information

analysts and creates an information system by

company’s computer. They ensure that data is

right output is produced.

corporate databases and files.

Systems administration – ensure that the

different

parts of an information system operate smoothly

and efficiently.

Network management – ensure that all

applicable

devices are linked to the organisation’s internal

and external networks and that the networks

operate continuously and properly.

Change management – manage all changes to

an

organisation’s information system to ensure they

are made smoothly and efficiently and to prevent

errors and fraud.

Users – record transactions, authorize data to be

Systems analysis – helps users determine

their system to meet those needs. Programming – take the design provided by system

writing the computer programs. Computer operations – run the software on the

input properly and correctly processed and the

Database administration – maintain and

manage

◦ Virtual private networks

◦ Electronic eavesdropping

◦ Message acknowledgement procedures

◦ What unique risks do microcomputers present to an

Wireless technology

Wired Networks

◦ Routing verification procedures

Microcomputers

organisation? Location of computing facility Restrict employee access The use of Biometrics

Change management – the person (usually

a

developer) who makes the IS change should

be different from the person who makes the

change available to users – the process of

making changes available to all users is

usually called “migration into production”

Why do we need to segregate

these

functions?

Fault tolerant / Built in redundancies Disk mirroring

Backups◦ Hierarchically performed

◦ Where to store backup data?

◦ How often to backup?

Uninterruptible power supply

Separation of duties◦ Accounting from other sub-systems◦ Responsibilities within IT

Programming Data management Design / Analysis Testing

◦ Within a process Authorisation,

Execution, Custody,

Recording

Computer accounts / Logins / Access controls

DRP Considers:◦ Natural disasters

◦ Deliberate malicious acts◦ Accidental destructive acts…

DRP Usually covers:◦ Staff

Employees Customers Suppliers Other Stakeholders…

◦ Physical resources Buildings Equipments Cash…

◦ Information resources Data Information…

DRP refers to the strategy an organisation

will put into action in the event of a disaster

that disrupts normal operations. The aim is

business continuity, i.e. to resume

operations as soon as possible with minimal

loss or disruption to data and information.

This plan describes procedures to be

followed in the case of an emergency as

well as the role of each member of the

disaster recovery team.

Controls over specific

systems/business

processes

◦ Relate to the initiation, recording, reporting

and

processing of events

Provide reasonable assurance that the

events

occurring in a system/process are

authorised

and recorded, and are processed

completely,

accurately and on a timely basis and that

resources in that system are protected.

Examples of systems/processes in

an

organisation:◦ Sales system, Accounts receivable system,

Purchases

system, Payments system, Payroll, Financial

Reporting, Inventory…

Temporary Site◦ Hot site

◦ Cold site

Staffing◦ Evacuating threatened staff

◦ Enabling staff to operate in DRP mode Staff need to know their roles

Restore relationships

◦ As organisations become integrated the

information asset is increasing in importance

required by the needs of the business process?

Classification based on the stage in

the

process at which the control occurs◦ Input controls

Designed to ensure data entering the system is

valid,

complete and accurate◦ Process controls

Detect errors and irregularities in the processing

of

data◦ Output controls

Protect the outputs of a system

Authorisation◦ Is the person authorised to execute the transaction?

Eg: Approvals for a large sale to proceed Recording

◦ Input Validity Is the data of the correct format/type? Does the data represent a valid event?

◦ Input Accuracy Is all data entered correct?

Completeness◦ Has all data about an event been recorded?

Transaction level◦ Have all events been recorded?

Business process level Timeliness

◦ Is data captured, processed, stored and available as

Edit Tests◦ Check validity and accuracy after data has been input

Test of content Numeric, Alphabetic, Alphanumeric

Test of reasonableness Is the input within a specified range of values

Eg Hours worked per week is between 0 and 60

Test of sign (+ive, -ive) Test of completeness

Test of sequence Has every document been input? Eg Cheques

Requires pre-numbered source documents

Test of consistency Check digit calculation

Eg: Credit Card – calculate security number from card number

Card Number 1234 5678 9012 3456

Security Number: 687

Observation, Recording and Transcription◦ Feedback mechanism

Eg: Customer reviews and signs sales form

◦ Dual observation

Eg: Approval from a supervisor, more than one employee

in

execution of sale◦ Pre-designed forms

Pre-numbered

Layout of forms

How does a pre-designed form help?

Invoice 001

Invoice 002

Invoice 007

Invoice 002

Invoice 003

Invoice 004

numbered documents

missing documents

SALES DEPT DATA ENTRY CLERK COMPUTER

Invoice 001

Sale occurs andinvoice prepared Invoices Missing

entered Invoice

006

Invoice 003 Invoice 005

Invoice 004 Invoice 007

Invoice 005Checks for gaps in the

Invoice 006 sequence of pre-

The sequence check and alerts Clerk of

has identified that

Invoice 006 has not been entered – we do not have

completeness.

Controls for the manipulation of data once

it

has been input.◦ Batch control totals◦ Record counts◦ Sequence checks◦ Run to run totals

Which aims do they achieve?◦ Reliable financial reporting

Accuracy of data processing / updates Completeness of data processing / updates

SALES PERSON COMPUTER

SalesOrder

OrderDetails

Capture sales

CalculateA/R check total

CreditUpdate Accts Sales

Receivable

Comparetotals

The computer takes the daily credit sales

data

and updates the accounts receivable master

balances.

The new balance for the accounts

receivable

should equal the opening balance + credit

sales

30

They include:

Financial control total Hash total

Record count

Judgement error Unexpected transaction

Collusion

Management override

Weak internal controls

Conflicting signals

Validation of process results◦ Activity listings

Distribution and Use◦ Who is able to access the outputs?

◦ Where are the outputs printed to?

◦ Has the relevant user got all of the output

Blair, B and Boyce, G, 2006 (Eds), Accounting

Information

Systems with Social and Organisational Perspectives, John

Wiley, Milton

Turner, L. & Weickgenannt, A. (2009) Accounting

InformationSystems: Controls and Processes, Wiley

I wish to acknowledge Dr. Chadi Aoun’s input and material that were

incorporated into the lecture slides as well as the supplementary

material and sources provided by John Wiley publishers.

Management incompetence External factors such as natural disasters

Fraud

Regulatory environment

Information technology such as viruses,

email

attacks

For more details on Assignment Help/ Homework Help/ Online Tuitions visit our website at

http://www.helpwithassignment.com

Thank You