Question

Why do auditors usually evaluate general controls before evaluating transaction-level application controls? Discuss.

Answer 1

General control includes all such control that ensures the authenticity of the data or transactions and such controls covers almost the entire gamut of the organization like internal accounting control, IT security control, operational and administration control and all such controls to ensure that adequate safeguards are maintained over access of documents and records including IT resources.

The first step that an auditor undertakes before starting an audit is to ensure that proper general control is in place. If the auditor is satisfied with the control system, then the auditor shall proceed further and the next step will be evaluating the transaction level application control.

The application control ensures that the input fed is authorized, reliable and recorded in the manner intended and the processing is done thereon completely and accurately so that the output obtained is true and correct and meet the expectation. That’s why application control are control over IPO i.e.. Input, processing and output functions.

Conclusion: By carrying evaluating general control the auditor makes sure that only correct input is fed. If input fed is correct, the output will be correct. If the general control is not adequate, there is a possibility that input data may get manipulated in its handling or if the input is wrongly coded, the computer will read the input wrongly.