introduction to application...
TRANSCRIPT
To revise the relationship between
general and application controls.
To explain the importance of application
controls
To identify the roles and responsibilities
of application users
To examine how the external financia
auditor can place reliance on a client'
application controls
General controls ensure the
integrity of the
systems as a whole, including an
application run on the systems
and the
data files they produce.
r: Usually incorporate
Change Management Process
- Source code/Document version control procedures
- Software development life cycle standards
- Security Policies, Standards and Processes
- Incident Management Policies and Procedures
-Technical Support Policies and Procedures
- Hardware/Software configuration, installation,
testing, management stds, policies and procedures
- Disaster Recovery/Backup and Recovery Procedures
Definition for Application
[ A program or group of
programs designed for end
users. Software can be divided
into two general classes:
systems software and
applications software.
[ Systems software consists of
low-level programs that interact
with the computer at a very
basic level. This includes
operating systems, compilers,
and utilities for managing
computer resources
In contrast, applications software (also
called end-user programs) includes
database programs, word processors, and
spreadsheets.
E Figuratively speaking, applications
software sits on top of systems software
because it is unable to run without the
operating system and system utilities.
Whilo: most functIonal bugs are: the re s ult of missing
funa:ii".Jr"lity.
most security bugs are tn..: result of ettr, furu:t:ior,.Ju:v.
Application controls are used to
ensure the
completeness, accuracy and validity
of
accounting records/transactions.
Controls are applied at each stage:
-Input
- Processing
-Output
1·--- '!i==- JIl==- 1;...—1
The control objectives remain the same
Application controls can automate control
procedures previously carried out by
finance personnel.
Trend is towards more automated
systems.
Application controls = manual + automated
File integrity controls
Application security controls
Data input controls
r Processing controls
EF Output controls
L Masterfile and Standing Data controls.
£ A senior user
~. Ultimate responsibility for an
application
I: Not involved in the detailed
running
of the application
E Delegates day to day duties
Tasks include:
- Ensuring logical access controls work as
intended and are up to date
- Checking that the application is backed up
- Resolving user queries
- Identification, monitoring and reporting of
problems
- Documentation storage and distribution
- Liaison : with IT department, other system
users and the software supplier.
Part of the IT function or part of finance?
These account for the vast majority of
application users.
They use the application as a tool to meet
business goals.
- They are trained on how to use the
application in relation to their jobs
Batch data entry systems
Batch data entry with on line
enquiry
II Batch processing with on
line enquiry
If Real time systems
The auditor should adopt an efficient and
effective audit approach.
r: The auditor should obtain an
understanding of the systems, and internal
controls.
May include reliance on the system of
internal controls, which may be IT based.
If controls cover audit objectives and are
likely to be robust the auditor may carry out
compliance tests
Programmes normally include:
a description of the control the evidence
that we expect to
obtain . the extent of planned testing
what will constitute a control
failure
how many such failures can be
tolerated.
[: Evidence of the controls in operation may
be in the form of access control lists,
automated user authorisation limits,
security logs, change request forms etc.
[: Obtained by using a combination of :
- Observation
- Enquiry
- Examination
- Sampling
(Computer assisted audit techniques )
E: Evidence of an automated control having
been applied.
l: Many application controls are preventative
in nature.
[ Spans of computer control.
[' Fear of the hacker, or the "intelligent" thief ,;;
~. Computer controls are frequently
preventative.
Based largely on a combination of audit
judgement and "statistics
Judgement affected by :
- the frequency of control
- the degree of reliance to be placed on the
control
- source/nature of evidence
- continuous nature of the control
- the importance of the control (and
transactions)