Please enable JavaScript.
Coggle requires JavaScript to display documents.
General Computer Controls AO2 - Coggle Diagram
General Computer Controls AO2
Compromises in Internal Controls for
:star:
Systems Development & Implementation
Purchased Package
5.) Inadequate planning and preparation:
During the
conversion from an old system to a new system
, it's important to
have proper planning and preparation in place
. This includes
preparing timetables, defining methods, preparing data files, training staff
, and
updating system documentation
. Failure to do so can compromise internal controls.
6.) Insufficient testing:
Testing is crucial during the implementation of a new system
to ensure that it works properly and
to identify any errors or issues
. Insufficient testing can compromise internal controls and
lead to errors, inefficiencies, and security breaches
.
4.) Lack of flexibility:
Purchased systems may be too general or
inflexible to cater to an organization's specific needs
, which can compromise internal controls. It's important to
balance the advantages of a purchased system
(such as lower cost and immediate implementation)
with the disadvantages
(such as inflexibility).
3.) Dependence on vendors:
When purchasing a package, there is a
risk of dependence on vendors for maintenance
, which can compromise internal controls. It's important to
consider the quality of maintenance service from the supplier
and to
have a backup plan in case the vendor is unable to provide adequate support.
2.) Lack of oversight:
L
ack of oversight during the selection
and
implementation of a new package
or system can also compromise internal controls. It's
Important to involve users, data processing, management
, and
quality assurance
in the process, and to
have senior managemen
t and
auditors supervise the process
.
7.) Lack of backup and post-implementation review:
After implementing a new system, it's important to
have a backup in place and to conduct a post-implementation review to identify any issues or areas for improvement.
Failure to do so can compromise internal controls and lead to issues in the future.
1.) Failure to follow proper procedures:
When
selecting and implementing a new package or system
, it's important to follow proper procedures to ensure that the
package meets user requirements
and that
any modifications are made according to normal rules
. Failure to follow these procedures can compromise internal controls.
System Developed In-House
4.) Lack of involvement from relevant departments:
If
user departments, internal/external auditors, data processing departments
, and
quality control departments
are
not adequately involved
, internal controls can be compromised. Each department
has specific roles in ensuring departmental requirements
, technical soundness, compatibility, operational aspects, design standards, testing, and documentation.
5.) Neglecting feasibility study and analysis:
Failure to conduct a proper feasibility study
and analysis
before authorizing a project
can compromise internal controls. The
feasibility study should consider factors like whether to buy or self-develop the system
and
perform cost/benefit analysis.
3.) Insufficient project authorization and management:
P
oor project authorization
and
management can compromise internal controls
. The
steering committee
should ensure that projects are
properly authorized
,
timetables
are adhered to
,
budgets are achieved
, and
quality requirements are met
.
2.) Inadequate feasibility study and selection criteria:
If a steering committee
fails to conduct a thorough feasibility study
and
define proper selection criteria
, the system development process may be compromised. This
can result in selecting an unsuitable system that doesn't meet the organization's needs.
6.) Inadequate system specification and user needs definition:
Insufficient attention to system specification
and
user needs definition
can lead to compromised internal controls.
Properly defining how the system should work
and
meeting user and business specifications
are
crucial for effective control
.
1.) Lack of Clear Strategic Business Plan:
Developing a system
without a clear view of the strategic business plan can compromise internal controls.
The system
may not effectively support the organization
in achieving its business
objectives
.
7.) Lack of system design and programming standards:
Without appropriate system design
and
programming standards
,
internal controls can be compromised.
Standards ensure proper system interaction
,
incorporation of control-related procedures
,
supervision over design
, and
compliance with predetermined standards
.
8.) Incomplete or inadequate testing:
I
nsufficient testing
of in-house systems can compromise internal controls.
Testing should be conducted in three stages
:
program testing
,
system testing
, and
live testing
(operational conditions). Testing methods include
test data
,
desk checking
, and
user testing
9.) Lack of controls over purchased packages:
When
implementing purchased packages
, it's important to consider specific controls. While the text does not provide specific details,
controls may include assessing vendor reputation
,
evaluating system compatibility
,
conducting vendor due diligence
, and
ensuring proper implementation and integration with existing systems.
How Internal Controls Can Be Compromised:
:star:System Maintenance Controls
1.) Lack of proper authorization:
C
hange requests
made by users must be
approved by the Line Manager
, but if the approval process is not followed or if unauthorized individuals can bypass the approval step, internal controls can be compromised.
2.) Inadequate documentation:
C
hange forms
need to be
signed by management
or the
Computer Steering Committee
, but if the
forms are not properly documented
or
if signatures can be forged
, internal controls can be compromised.
3.) Insufficient testing:
After a change has been made, an
IT expert is supposed to test it for accuracy
and
effectiveness
. However, if the testing process is not thorough or if the results are not properly reviewed, internal controls can be compromised.
4.) Failure to process all approved change requests:
T
o ensure completeness of changes
,
all approved requests should be processed
. If there is no proper tracking mechanism,
such as pre-numbered change request forms
or
a change register,
some approved changes may be overlooked
, compromising internal controls.
5.) Approval by incorrect authority level:
Change requests should be
approved by the correct level of authority based on their importance.
If requests are approved by individuals who do not have the appropriate authority or
if there is no proper review process in place
, internal controls can be compromised.
6.) Inadequate review of user requirements:
U
ser requirements
should be
reviewed by the data processing department
to
ensure they align with the needs of the system.
If this review process is not thorough or if requirements are not properly documented, internal controls can be compromised.