Please enable JavaScript.
Coggle requires JavaScript to display documents.
General Computer Controls and Application Controls - Coggle Diagram
General Computer Controls and Application Controls
7 General Computer Controls
System development and implementation controls
- to ensure self developed/ purchased system properly developed, authorised and meet users needs.
System maintenance
- to enusre chnages to system is authorised , meet users needs and made effectively.
Organisational and management controls
- organisational framework such as SOD, supervision and review and virus protection.
Access controls
- prevent unauthorised changes to programs, data, terminals, files.
Computer operating controls
- ensuring procedures applied correctly and consistently during processing
System software controls
- to ensure installation, development, maintenance of sofware packages authorised and effective.
Business Continuity
- prevent/ limiy system interruption (downtime)
Application controls for input
Accuracy of input
Matching by the computer - input transactions with data on file
Reveiw by users or senior staff - info that has been enetred onto the screen
Edit checks - checks built into the system
Staff training - training on how to use the system
Controls over documents and forms - well designed documents
Control over screens - user friendly screens
Completenes of input
Stationery controls - pre numbered documents
Matching by the computer - invoices to GRN
Sequential testing by the computer - numeric sequence
Review of output reports by user - ensure there is numeric sequence
Examining processing logs - for missing entries
Control tests - controls built into the system
Validity of input
Access controls - restrict unauthorised access to terminals and data
Segregation of duties - same person cannot perform all tasks
Authorisation - user of the program
Override of system generated info - specific authorisation
Changes in data - authorisation done by senior management
Application controls for output
Validity of output
Distribution should be controlled - CIS department is responsible to control distribution of output
Distribution list - specifies who the authorised users are
Distribution schedule - determine which output will be received
Distribution register - users should sign for the output
Output logs - be reviewed for unauthorised output
Online output - be controlled by the CIS department
Access of input - restrict unathorised access to terminals and data
Accuracy of output
Reconciliations - input to output
Review by outputs - by CIS users and check for errors
Completeness of output
Reports - sequentially numbered
Reconciliations - input to output
Sequence checks - on page numbers or document numbers
Review of reports - by users to inspect for missing items
Changes to masterfiles
Validity of processing changes - authorisation of changes in writing by senior management on a mastefile amendment form.
Accuracy of processing changes - Recon of MF with amendment forms and 3rd party confirmation
Completeness of processing changes - sequential numbered audit trail of MF changes.
Audit softwares
System CAATs -concentrate on the accounting system and
related control procedures and are used predominantly to perform tests of controls
Data CAATs - concerned mainly with substantive testing, obtaining evidence to support
the assertions relating to balances in the statement of financial position and totals of transactions
that underlie the statement of comprehensive income.