Question

INSTRUCTIONS: A company has a centralized accounting system. Each individual department currently compiles its accounting paper transactions from its local accounting system. To eliminate the paper and increase efficiency, the Audit Manager of the company just asked you, IT auditor, to help him come up with a plan to implement an interface from each individual department’s accounting system to the centralized accounting system.

TASK: Prepare a memo to the Audit Manager naming and describing the most critical controls that you would recommend in this particular case. You are required to search beyond the chapter (i.e., IT literature and/or any other valid external source) to support your response. Include examples, as appropriate, to evidence your case point. Submit a word file with a cover page, responses to the task above, and a reference section at the end. The submitted file should be 5 pages long (double line spacing), including cover page and references. Be ready to present your work to the class.

Answer 1

Control issues in AIS center on three areas-

• Information management,
• Financial Statements Transparency,
• Asset Protection.

In this sense, AIS must integrate various control procedures to achieve the objectives of reliability and asset security, along with the objectives of information processing.

Preventive controls - Preventive checks are meant to avoid issues until they arise. These processes are aimed at preventing workers from making mistakes or anomalies. They are developed to prevent the occurrence of any inefficiency, and are also known as controls "before the reality." Preventive checks are widely used to recruit highly skilled accounting personnel, efficiently monitor physical access to funds, equipment and records, separate monitoring and custodial duties for cash transactions. This form of test is comparatively much more costly than other monitoring forms.

Detective controls- Detective controls relate to the monitoring processes used to diagnose mistakes and anomalies, and attract the attention of management to inconsistencies. Detective control begins from the stage that 'preventive control' is terminated. Such kinds of controls are sometimes referred to as "After analysis of the reality." The lack of effective investigator monitoring is deterring staff from committing errors and irregularities. Examples of 'Detective Monitoring' include repeated estimate checks, regular product collection, scheduling of monthly sample accounts and bank reconciliations, international audit work, etc.

Corrective controls-Corrective controls suit the preventive and investigator checks. They solve found issues with detective systems. If the mistakes and anomalies are detected, corrective tests work to resolve the problem, review the processes and identify the source of anomalies. They require steps taken to determine the source of the problem (ii) fix subsequent mistakes and complications, and (iii) change the program to mitigate and avoid potential issues. Corrective checks and investigator checks are generally less onerous than preventive checks. Examples of correction measures include keeping Duplicate versions of key transactions and master register, adhering to protocols for correcting data entry mistakes including those for reposting transactions for eventual processing.

Feedback controls-Certain detective systems are considered feedback systems as they monitor and modify a mechanism as it deviates from the schedule. Within a business, input management is programmed to divulge differences from real and normal quantities and quantities. Feedback management may be practiced where the real cost of production and the normal cost of production is substantially different. A system of accounts for accountability can act as a feedback control system.

Application control and output control- Code checks are used as they are stored to avoid, identify and correct mistakes and anomalies in the transactions. General controls are intended to ensure a safe and well-managed management system within an enterprise to improve the effectiveness of the application controls.

Control of information, encoding, and output - Input controls are structured to ensure that only reliable, appropriate, correct, and approved data is inserted into the program.
Management controls are programmed to ensure correct and full handling of all transactions and proper monitoring of all files and documents. Output controls are conceived to ensure optimal monitoring of system performance.