Please enable JavaScript.
Coggle requires JavaScript to display documents.
Application controls, Auditing in an information technology environment,…
Application controls
Master File
-
-
-
-
Files which are used to store only standing information. Changes to standing data on master file are referred to as mater file amendments.
Input controls
Accuracy of input
-
Staff Training- Training on how to use the system for users and operating and instruction manuals available.
Review by users or senior staff- info that has been entered, input reports to source documents
-
Matching by the computer- Input transactions with data on file;. Info generated by computer; Any unmatched items should be printed on an exception report and should be followed up by senior management
-
Completeness of input
Sequential testing by computer: Numeric sequence, missing numbers should be followed up
Review of output reports by users: ensuring that there is numerical sequence, follow up on missing numbers balance output with inputs
Matching by computer: transactions entered should be compared to masterfile and missing/unmatched items should be followed up
Examining of processing logs: for missing entries and missing entries should be printed on exception report to be followed up by senior management
Stationary controls: Forms should be understandable, be prenumbered
Control totals: These controls are built into the system, financial totals(Ensures that the totals of the fields that hold monetary
value is equal to the total that has been entered.), hash totals (Ensures that the totals of the fields that are numeric is equal
to all the numeric fields that have been entered.), record counts (Ensures that the total number of records are equal to the
total number of records you have submitted)
Validity of input
Authorisation: user program- via online password, signature, or Computer- the computer will verify the data against the codes/ master file.
Changes in Data: Authorised by senior management, should be done by independant person, under supervision, changes should be tested and documented, printed and followed up by senior management.
-
Overrides of system generated information: Specific authorisation, exception report should be printed and reviewed by senior management as well as internal auditor.
Access Controls: Terminals. ID of users; Authorisation of users; monitor of access and processing; communication line and networks, password control, programme libraries; utilities. programmed controls like passwords and physcical controls on terminals and hardware
Processing controls
-
-
Validity of processing
-
-
Manual intervention: Obtain authorisation from management if there is a breakdown, distaster recovery plan.
-
-
Manual logs: review unscheduled use, printed on exception report to be reviewd by senior management
Access Controls: Terminals. ID of users; Authorisation of users; monitor of access and processing; communication line and networks, password control, programme libraries; utilities. programmed controls like passwords and physcical controls on terminals and hardware
-
Overrides: Authorisation by management, printed on exception report
-
-
Ensure the accuracy, completeness, and timeliness of data
during either batch or real-time processing by the computer application. Someone reviewing these controls should determine the adequacy of controls over application programs and related computer operations to ensure that data is accurately processed through the application and that no data is added, lost, or altered during processing.
Data can be entered into a computer application from either manual online input or by batch processing, controls that the entity has in place over the actual user of the computer system and programmed into the system code of the operating system that the entity is using
Data output is the distribution of any output produced. Output can be in hardcopy form, in the form
of files used as input to other systems, or information available for online viewing