Internal Control in the CIS Environment

Controls- are means of preventing, detecting and/or correcting conditions that poses a threat to an organization.

Internal Control System- is composed of all measures adopted and effected by an entity in order to safeguard its resources from wastage, theft and any circumstances that may cause inefficiencies to the operation of the business.

A well designed system of internal control promotes accuracy in data and record keeping, measures substantial compliance with policies and evaluate operations in terms of its effectiveness and efficiency.

Computer /Internal Controls are classified as either: a. General Controls b. Application Controls

General CIS Control- establishes a framework of overall controls over the CIS activities and provides a reasonable level of assurance that the overall objectives of internal control are achieved.

Five Categories of General CIS Control

1. Organization and Management controls (or Organization and Operation Controls) 2. Application systems development and maintenance controls (or Systems development and documentation controls) 3. Systems software controls (or hardware and systems software controls) 4. Access controls 5. Data entry and program controls (or data and procedural controls)

1. Organization and Management controls (or Organization and Operation Controls) Objective: ensures that all incompatible duties are being separated in order to maintain an independent processing system. Key functions that must be separated at a minimum. 1. Systems analyst 8. Data security 2. Applications programmer 9. DBA 3. Systems programmer 10. Network technician 4. Operator 5. Data librarian 6. Quality assurance 7. Control group

2. Application systems development and maintenance controls (or Systems development and documentation controls)

Objective: ensures that applications are well documented, reviewed, tested and approved prior to its eventual use. In cases where changes to the system are imminent, there must be proper approval and testing first before effecting the implementation of the proposed changes.

3. Computer operation controls (or hardware and systems software controls) Objective: ensures that all control features are utilized to the maximum possible extent in accordance to the overall framework of the CIS activities. 1. Parity check-

Computer Installations are the facilities where the computer hardware and personnel are located.

Categories: 1. In-house or captive computer the organization owns or leases the equipment and hires the necessary trained personnel to program, operate, and control the various applications processed with the equipment. 2. Service bureau computer the computer is used by an independent agency which rents computer time and provides programming, key-punching, and other services.

3. Time-sharing a system where in the organization acquires a keyboard device capable of transmitting and receiving data and, by agreement, the right to use a central computer facility. This facility will furnish service to several users at the same time.

4. Facilities management under this system, the organization needing computer services may lease or purchase the necessary hardware and installs it on its own premises. Then by negotiation, an outside contractor with the necessary staff of programmers and operators agrees to manage the facility.

Impact of Computers on Accounting Systems 1. Documents are not maintained in readable form.

For example, instead of preparing a sales order by hand, a clerk enters the transaction directly into the system.
2. Processing of transactions is more consistent A computerized data processing system that has been properly tested before being placed into use and that has appropriate safeguards generally runs consistently so long as hardware failures do not occur.

Impact of Computers on Accounting Systems 3. Duties are consolidated.

4. Reports can be generated easily.

Computerized systems provide for, or allow users to generate, necessary reports about the status of transactions or accounts in a minimal amount of time.

Major Types of Computer Fraud 1. Salami Technique

Computer programs are modified to inappropriately round off calculations to the benefit of the fraud perpetrator. The amount available for rounding are then placed in an account controlled by the perpetrator.
2. Trojan Horse It is an unauthorized program placed within an authorize one. It can be used to destroy important data and then destroy itself.

Major Types of Computer Fraud 3. Virus Programs

These are programs with unauthorized information or instructions. 4. Trapdoors

These are unauthorized entry points into programs or database..