Please enable JavaScript.
Coggle requires JavaScript to display documents.
Unit 6 Computers, definition, Internal control - Coggle Diagram
Unit 6 Computers
Master file controls
Validity of processing changes
Accuracy of processing changes
Completeness of processing changes
General controls over master file
General computer controls
establish an overall framework of controls for computer activities
should be in place before any processing of transactions gets underway
Frameworks
System Development and Implementation Controls
Self-developed system
Project authorisation and management
The project should be authorised and managed properly;
There should be a development plan that is fully authorised;
The IT Steering committee, that is made up of senior management from both user and computer departments should authorise the project/development.
must ensure that
The project is authorised;
Timetables are adhered to;
Budgets are achieved;
Quality requirements are met.
There should be involvement from the following departments during development
User department:
2 more items...
Data processing department
To assist/ensure technical soundness;
To ensure the system is compatible with other systems;
To test all operational aspects.
Quality control department
3 more items...
A feasibility study should be performed
A cost versus benefit analysis should also
be done.
A project team
should
The day to day management of the project;
Ensure the project is developed in stages;
Prepare timetables for each stage of the development.
Project should be authorised
Conversion to new system
Planning and preparation
Control over conversion of data by data control group
Update system documentation
Testing
Backup of new system
Post-implementation review
System specification and user needs
Traditional method
Written systems specification by means of discussions
between the data processing department and users.
Prototype systems
Design a prototype;
Allow the user department to try it out;
Refine the design through a series of prototypes
System design and programming standards
Ensure system interacts properly with existing systems and system software
Ensure that appropriate control-related programmed procedures are built in
Ensure there is supervision over system design;
Ensure the system complies with predetermined standards;
It should always be done on a program library and not live data
Testing of new system
Program testing
System testing
Live testing
Parallel running
Pilot running
Purchased package.
Specification and selection of packages
Implementation and testing of packages
Testing
Independent testing
Review of experiences of other users
Implementation
involvement of
User departments;
Data processing;
Management;
Quality assurance
Advantages
Less implementation time (immediate implementation);
Lower cost and cost is predetermined;
Tested thoroughly – thus very reliable.
Disadvantages
Dependent on vendors for maintenance;
Too general /inflexible to cater for needs;
Change maintenance difficult/impossible;
Written overseas (Vat and Tax differs).
System maintenance Controls (Change Controls)
Complete;
acieved by
Pre-numbered change request forms
Do regular sequence checks; or
Enter change forms in a register
o Outstanding requests reviewed by senior official
valid;
Requests should be approved by correct level of authority depending on importance
User requirements
Reviewed by data processing department
Documented
Properly tested;
All information is backed-up and recovery procedures are in place
Organisational and Management Controls
Segregation of duties
Functional
Operational
Normal SOD
Independent person must correct errors
Controls against computer viruses
Software protection
Data file protection
Staff
Supervision and review
Access Controls to Data and Programs
Programmed access controls
Terminals
Identification of users
Authorisation of users
Monitor of access & processing
Communication lines & networks
Password control
Programme libraries
Utlilities
Physical access controls
Terminals
Computer hardware
Manual logs
Program libraries
Distributable processing
Logs reviewed
Screening & training of staff
Emergency access controls
Computer Operating Controls
Operating procedures:
Recovery procedure
System Software Controls
Business Continuity Controls
General controls
Physical environment
Emergency plan and disaster recovery procedures
Back up
Other Controls
Personnel Controls
Output controls
Validity of output
Distribution should be controlled
Distribution list
Distribution schedule
Distribution register
Output logs
Accuracy of output
Reconciliations
Review of outputs
Completeness of output
Reports
Reconciliations
Sequence checks
Review of reports
Application controls
Input controls
Validity of input
Access controls
Programmed controls
Physical controls
Segregation of duties
Authorisation
User of the program
Computer
Overrides of system generated information
Changes in data
Accuracy of input
Matching by the computer
Review by users or senior staff
Edit Checks
Staff training
Control over documents
Control over screens
Processing controls
Validity of processing:
Access controls
Librarian function
Files labels and version numbers
Overrides
Manual intervention
Matching by the computer
Manual logs
Supervision and review
Accuracy of processing
Operator manuals and instructions
Controls over hardware
Edit checks
Review & follow up of exception reports
Physical checking for accuracy by users
Recons & balancing
Weakness example
No feasability
perform a feasibility study and do a cost analysis to see my cost versus my benefit
definition
Internal control