You are on page 1of 6


Transaction Processing Control

Transaction processing controls are procedures designed to ensure that elements of an
organization’s internal control process are implemented in the specific applications systems
contained within each of an organization’s transaction cycles. Transaction processing
controls consist of general controls and application controls. General controls affect all
transaction processing. Application controls are specific to individual applications. General
controls concern the overall environment of transaction processing.

a. General controls comprise the following:
 The plan of data processing organization
 General operating procedures
 Equipment control features
 Equipment and data-access controls

A plan of organization for data processing includes provision for segregation of duties
within data processing and the organizational segregation of data processing from other
operations. General operating procedures include written manuals and other
documentation that specify procedures to be followed. Equipment control features are
those that are installed in computers to identify incorrect data handling or erroneous
operation of the equipment. Equipment and data-access controls involve procedures
related to physical access to the computer system and data. There should be adequate
procedures to protect equipment and data files from damage or theft.

b. Application Control
The application Application controls are specific to individual applications. Application
controls are categorized into input, processing, and output controls. These categories
correspond to the basic steps in the data processing cycle.
1. Input controls are designed to prevent or detect errors in the input stage of data
processing. When computers are used for processing, the input stage involves the
conversion of data into a machine-readable format.

 Preventative controls act to prevent errors and fraud before they happen. These goals are at times contradictory. Behavior caused by a conflict of interest is the abolition of internal control tasks (such as document counting) with it’s aim to increasing productivity.  Detective controls act to uncover errors and fraud after they have occurred. power relationships. 2.  Corrective controls act to correct errors. and other behavior patterns within the organization. D. Preventative. Output Control are designed to check that input and processing resulted in valid output and that output are distributed properly. one of the main goals is productivity. The system must be designed such that each employee is convinced that controls are meant to prevent difficulties or crises in the otherwise could affect him or her very personally. Detective. 3. Goals and Behaviors Pattern Information systems have several purposes. reporting of irregularities. The reliance on a formal plan of organization and related methods and measure to attain these goals entails important assumptions concerning collusion. or corrective in nature. Reliability of information and the safeguarding of assets are also important goals. An internal control process is a process of checking someone else's work. The principle function of internal control is to influence the behavior of everyone involved in a business system. The objectives of internal control must be seen as relevant to the individuals who will comprise the control system. detective. Communicating the Objectives of Internal Control Internal control is human. Organizational . and Corrective Controls Transaction processing controls may also be classified as being primarily preventative. The goals of an internal control system are achieved through the actions of the people in the system. Processing Control are designed to provide assurances that processing has occurred according to intended specification and that no transactions have been lost or incorrectly inserted into processing systems.

however. approval. This internal control duties documentation should be evaluated to determine the reliability of the system operation. Their use often must be supplemented with other forms of analysis. Analytic flowcharts can also be used in internal control analysis. Internal control processes routinely collect information concerning fulfillment of duties. Analytical Techniques Internal control questionnaire is one of the commonly used analytical techniques for analyzing internal controls. and other organizations that are routinely involved with internal control reviews. questionnaires are necessarily standardized and therefore are not equally applicable in all circumstances. This documentation of internal control duties must be examined to evaluate the reliability of the system’s operation. such as write-ups. More common is the omission of an internal control duty (such as counting documents) in order to increase production. approval. transfer of authority. New employees or perhaps even experienced employees may not understand their duties. especially if the analysis involves the application of a computer system. and verification. The internal control process routinely gathers information on the execution of tasks. Flowcharting itself is not a form of structured analysis but rather a technique to organize data . Analytic flowcharts might be used in internal control analysis. These questionnaires often become standard forms in public accounting firms. transfer of authority. internal audit departments. or other charting techniques. independence and segregation of duties are consistent with good internal control only if the probability of collusion between two or more duly segregated employees is low. E. Analysis Of Internal Control Process Internal control process analysis requires an understanding of the process at the time the process is designed as well as when the process has been executed. flowcharts. particularly if the analysis involves a computer system application. and verification. There are several reasons why internal control duties may not be administered. Questionnaires do serve as documentation that a review was undertaken. Application control matrices are useful as analytical forms relevant to internal information systems internal control reviews.

generating increased opportunity for management override of internal control. and in many cases it is run by managers with no accounting education or financial expertise. Internal Control and Compliance in Small Business and Small Public Companies The small business has no independent IT or internal audit department. F. “Internal Control over Financial Reporting—Guidance for Smaller Public Companies. for analysis.” suggests various ways small . The COSO report. Finally. there may be little or no separation between the owners and managers. An application controls matrix provides a structured form of analysis that is particularly relevant to internal control reviews of information systems.

Also. 5 as “An audit of internal control over financial reporting that is integrated with an audit of financial . The suggestions in this report apply to private small businesses as well:  Leadership Involvement. receiving. reviewing reports. and IT needs. effecting better oversight. sales. Businesses without an IT department or IT expertise can rely on outside application service providers (ASPs) for the accounting. billing. a business might use the Web-based Microsoft Dynamics for their accounting system. where many functions often get collapsed into single individuals. software. and so on.  Effective Boards of Directors. inventory. This can be accomplished by management’s focusing more on observing employees. The result is that the leader can actively oversee and be involved in all operations and the financial reporting process. Smaller businesses are often relatively simple.  Compensating for Limitations in Information Technology. Both small and large companies can gain cost efficiencies by using the following approaches:  Apply a Top-Down Risk Assessment (TDRA) Approach to Internal Control Assessment. Large companies can easily have separate departments for purchasing. investigating unusual transactions.public companies can compensate for their small size. This individual is typically familiar with all aspects of the business. Another challenge facing small business is how to develop their internal control processes within limited budgets. general accounting. Many small businesses are run by a single leader. and so on. TDRA is defined by PCAOB Auditing Standard No.  Limited Segregation of Duties and Increased Focus on Monitoring. the informal nature of small businesses often facilitates better communications between members of the board and management. For example. Managers can compensate for the relative lack of segregation of duties by placing increased emphasis on monitoring. This means that the members of the Board of Directors can develop substantial expertise in all areas of the business. Such is typically not possible in the small business.

Considerable gains in efficiencies can be produced by giving the most attention to financial reporting objectives that are material to the financial statements. statements.” The goal of TDRA is to determine the scope and required evidence necessary to adequately test and assess internal controls.  Focus on Changes. Financial items that have changed the most from one period to the next get special attention. . a 50% increase in accounts receivables over one quarter would likely deserve investigation. For example.  Manage Reporting Objectives.  Right-Size Documentation.