Question

When auditing a computerized accounting system, the independent auditor should have a general familiarity with the effects of the use of Information Technology on the various characteristics of accounting control and on the auditor’s study and evaluation of such control. The independent auditor must be aware of those control procedures that are commonly referred to as general controls and those that are commonly referred to as application controls. General controls relate to all Information Technology activities and application controls relate to specific accounting tasks.

Required:

1.What are the general controls that should exist in computerized accounting systems?

2. What are the purposes of each of the following categories of application controls?

Input controls

Processing controls

Output control

Answer 1

General controls

The audit process for a computerized accounting system involves five main steps: conducting the initial review (planning the audit); reviewing and assessing internal controls; compliance testing (testing the internal controls); substantive testing (testing the detailed data); and reporting (conclusions and findings). The auditor(s) should reach an understanding with the client concerning the scope and limitations of the audit from the very beginning. This will facilitate the accomplishment of the audit objectives in an effective and efficient manner.

Input controls

. input controls are computer controls designed to provide reasonable assurance that transactions are properly authorized before processed by the computer, accurately converted to machine readable form and recorded in the computer, that data files and transactions are not lost, added, duplicated or improperly changed, and that incorrect transactions are rejected, corrected and, if necessary, resubmitted on a timely basis

Processing controls

There is a wide range of size, type and complexity, but it enables a small number of operators to manage complex processes to a high degree of consistency. The development of large automatic process control systems was instrumental in enabling the design of large high volume and complex processes, which could not be otherwise economically or safely operated.

To determine the fundamental model for any process, the inputs and outputs of the system are defined differently than for other chemical processes.^[5] The balance equations are defined by the control inputs and outputs rather than the material inputs

Output control

Technology has become ubiquitous in the processing of millions of business transactions. Computer programs and analytical software have contributed to major increases in productivity, consistency and accuracy of today’s work product. Output controls ensure that computer programs process these transactions accurately and produce the results we expect to see. But what happens when things go wrong or undetected for long periods of time? We place tremendous faith in the accurate operation of these varied output controls. So what happens when system controls themselves are inadvertently changed without the proper authorization, testing, or verification?