Professional Documents
Culture Documents
9-1
Chapter 9
Computer Controls for
Accounting Information Systems
Introduction
General Controls For Organizations
Integrated Security for the Organization
Organization-Level, Personnel, File Security
Controls
Fault-Tolerant Systems, Backup, and Contingency
Planning and Computer Facility Controls
Access to Computer Files
Chapter
9-2
Chapter 9
Computer Controls for
Accounting Information Systems
Introduction
Internal control systems with focus on
specific security in organizations
control procedures to ensure
stored or
transferred
Organization-Level
Controls
Important controls include
consistent policies and procedures
managements risk assessment process
centralized processing and controls
controls to monitor results of operations
controls to monitor the internal audit function, the audit
committee, and self-assessment programs
the period-end financial reporting process
Board-approved policies that address significant business
control and risk management practices
Chapter
9-9
Personnel Controls
An AIS depends heavily on people for the
creation of the system,
the input of data into the system,
the supervision of data processing
distribution of processed data, and
the use of approved controls
Chapter
9-10
Personnel Controls
General controls that affect personnel
include
separation of duties
use of computer accounts
separation of duties control procedures
Chapter
9-11
Separation of Duties
Separation of duties should be designed and
implemented in two ways:
separate accounting and information
processing subsystems
separate the responsibilities within the IT
environment
Chapter
9-12
Separation of Duties
Separate Responsibilities within IT
Environment.
Designated operational subsystems
initiate and authorize asset custody
detect errors in processing data
enter them on an error log, and
refer them back to the specific user subsystem
for correction.
Chapter
9-13
Division of Responsibility
Division of responsibility functions within an
IT environment can be on the following lines:
Systems Analysis Function
Data Control Function
Programming Function
Computer Operations Function
Transaction Authorization Function
AIS Library Function
Chapter
9-14
Chapter
9-15
Chapter
9-16
Chapter
9-17
Fault-Tolerant Systems
Fault-tolerant systems
are designed to tolerate computer errors
and keep functioning
are often based on the concept of redundancy
are created by instituting duplicate
communication paths and communications
processors
Chapter
9-19
Fault-Tolerant Systems
Redundancy in CPU processing can be
achieved
with consensus-based protocols
with a second watchdog processor
Backup
Backup
is essential for vital documents
is batch processed using Grandfather-parentchild procedure
can be electronically transmitted
to remote sites (vaulting)
needs an uninterruptible power system (UPS) as
an auxiliary power supply
Chapter
9-21
Backup
similar to the redundancy concept in
fault-tolerant systems
Chapter
9-22
Contingency Planning
Contingency planning
includes the development of a formal disaster
recovery plan.
describes procedures to be followed in an emergency
describes the role of each member of the team.
appoint one person to be in command and another
to be second-in-command
involves a recovery site that can either be
a hot site or cold site
Chapter
9-23
Computer Facility
Controls
Locate the Data Processing Center in a
safe place where
the public does not have access
it is guarded by personnel
there are limited number of
secured entrances
there is protection against
natural disasters
Chapter
9-24
Computer Facility
Controls
Limit employee access by
incorporating magnetic, electronic,
or optical coded identification badges
Buy insurance
Chapter
9-25
Chapter
9-26
INFORMATION TECHNOLOGY
GENERAL CONTROLS
The objectives of controls is to provide
assurance that
the development of and changes to computer
programs are authorized, tested, and
approved before their usage
access to data files is restricted
processed accounting data are accurate and
complete
Chapter
9-27
Control Concerns
INFORMATION TECHNOLOGY
GENERAL CONTROLS
IT general controls involve
Security for Wireless Technology
Controls for Hardwired Network Systems
Security and Controls for Microcomputers
IT Control Objectives for Sarbanes-Oxley
Chapter
9-29
Chapter
9-30
electronic eavesdropping
Chapter
9-31
errors,
irregularities or fraud
general threats to security (such as a computer
virus)
Chapter
9-33
Chapter
9-37
prevent,
detect, and
correct errors and irregularities
in transactions in
Chapter
9-38
the input
processing
the output stages of data processing
Application Controls
for Transaction
Processing
Chapter
9-39
Input Controls
Input controls attempt to ensure the
validity
accuracy
completeness of the data entered into an AIS
Observation, Recording,
and Transcription of Data
The observation control procedures to
assist in collecting data are
feedback mechanism
dual observation
point-of-sale (POS) devices
preprinted recording forms
Chapter
9-41
Data Transcription
Data transcription
Preformatted screens
Chapter
9-42
Edit Tests
Input validation routines (edit programs)
Chapter
9-43
entered, and
recorded on a machine-readable file of input data
Edit Tests
Edit tests
Processing Controls
Processing controls focus on the
manipulation of accounting data after
they are input to the computer system.
Key objective is a clear audit trail
Processing controls are of two kinds:
Data-access controls
Chapter
9-46
Data-Access Control
Totals
Some common processing control procedures
are
batch control total
financial control total
nonfinancial control total
hash total
record count
Chapter
9-47
Data Manipulation
Controls
Once data has been validated by earlier portions
of data processing, they usually must be
manipulated in some way to produce useful
output.
Data manipulation controls include:
Software documentation,
i.e. flow charts and diagrams
Compiler
Test Data
Chapter
9-48
Output Controls
The objectives of output controls
is to ensure
validity
accuracy
completeness
Chapter
9-49
Output Controls
regulating the distribution and
use of printed output through
Forms
Prenumbered forms
Chapter
9-50
Copyright
Copyright 2008 John Wiley & Sons, Inc. All rights reserved.
Reproduction or translation of this work beyond that permitted in
Section 117 of the 1976 United States Copyright Act without the
express written permission of the copyright owner is unlawful.
Request for further information should be addressed to the
Permissions Department, John Wiley & Sons, Inc. The purchaser
may make backup copies for his/her own use only and not for
distribution or resale. The Publisher assumes no responsibility for errors,
omissions, or damages, caused by the use of these programs or from the
use of the information contained herein.
Chapter
9-51
Chapter 9
Chapter
9-52