ELECTRONIC DATA PROCESSING

Data processing is done with the use of an electronic device or computer. Data are
converted into magnetic and electronic impulses in or on electronic device. The data are
then processed by transporting them within the system on wire circuits, microcircuits,
magnetic tapes, magnetic cores, etc. at an extremely high speed and with a minimum of
human interaction.

In the manual data processing systems, the major share of the workout is done by
people while in automated data processing systems, the major share of data-processing
workload is carried by machines.

Many organizations find that the best solution to their processing requirements is to use
a combination of methods: perhaps, using manual methods for such volume or
nonrecurring jobs while using computers for large volume for repetitive tasks. A
computer is used most efficiently in processing operations with one or more of the
following:

1. Large volume of data or input

2. Demand for greater speed or accuracy inn processing
3. Repetition of projects or tasks
4. Complex calculations involving large numbers of interacting variables

The degree of mechanization required by an information system increases in direct

proportion to the volume of items that the system must handle. Equally important to
consider is the relationship of the economic benefits to the cost of providing the
information with any system.

Advantages of using EDP

1. Extremely fast
Thousands of calculations can be performed each second and masse of data can
be processed and rearranged for various requirements in a fraction of time.

2. Extremely accurate
Computers can offer an accuracy for each unit of work produced unmatched by
any other means. This is, of course, on the assumption that the data entered to
the system and the programs which process the data are correct.

1
 3. Greater processing control
Data is introduced only once and handled completely automatically. Oss of
control arising from transfer of data form machine to machine is eliminated.

4. Large data volume handled with small external storage requirement

Information can be recorded with accuracy and permanence on magnetic tapes
or discs, which generally from the major medium of mass data storage in an
electronic system.

5. Reduced cost
Because of the speed, timelines, and accuracy that the computers can provide the
required reports, cost of processing business transactions can be reduced
substantially.

Disavantages of using EDP

1. Relatively high cost of equipment

Initial and annual maintenance cost of EDP systems are relatively higher than
those other equipment. Lately however, there havew been a broadening in the
available combinations of systems ranging from small to very large that allow
even small businesses to go EDP.

2. High cost of systems design and programming

Programming may require several years of man`s effort because of the difficulty
of analyxing a problem, planning for solution, encoding these solutions and
assuring their accuracy and correctness. All these efforts will require scrutiny of
operations to be processed, they require substantial investment for a company.

3. Chanelling of work
In normal mechanization, the work load is spread out over a number of
machines or in anormal system, over a number of persons. In the absence of one
person the work can be transferred to another person or machine. In EDP,
usually all the company`s varied operations are chanelled through one piece of
equipment and if breakdown occurs – a major catastrophe may also be
encountered in terms of delayed processing, rescheduling of machines, etc..

2
 4. Conversion of electronic system
Problems related to conversion from manual to EDP system are physical, that is,
site preparation, air consitioning, sufficient space supply, and actual equipment
installation. In conversion of source documentsto media suitable for electronic
programs, it is usual to run parallel operations to insure accuracy of the output.
This will involve substantial additional cost of the company.

COMPONENTS OF THE COMPUTERIZED SYSTEM

The main components of the computer system are:

1. Hardware

2. Software

3. Peopleware

4. Procedures

5. Data

I. HARDWARE

- This refers to the configuration of physical equipment comprising the input,

processing, and output phases of an EDP system. This includes:

1. Central Processing Unit(CPU, main frame)

- The central processing unit or principal hardware component of a computer
system represents the “brain” of the computer which performs the execution of
the program instructions, processes data, and transfers data between the main
storage and input/output devices.

- Control Unit
- Part of a digital computer or processor which determines the
execution and interpretation of instructions in proper sequence, including
the decoding of each instruction and the application of the proper signals

3
 to the arithmetic unit and other register in accordance with the decoded
information.

- Arithmetic Logic Unit

- Portion of the hardware of a computer in which arithmetic and
logical operations are performed. Arithmetic operations refer to the basic
mathematical operations of addition, subtraction, multiplication and
division. Logical operations refer to the comparison of two items to
determine of one item is less than, greater than or equal to the other.

- Storage or Memory
- Device in which data can be stored and from which they can be
obtained at a later time. Primary storage is closely connected to the CPU in
the central processor. It consists of electronic components that store letters,
numbers, and special characters used in processing. The purpose of
primary storage is to hold the operating system, part or all of a program
being executed, and data used by program.

a. Internal primary storage includes register memory for very brief

storage of small amounts of data and instructions immediately
before use, cache memory for storage of frequently used data and
programs, and Random Access Memory (RAM), which is used to
store large quantities of data. Data may be read from or written on
RAM. A power interruption causes erasure of RAM.

b. Read-only memory is permanent storage used to hold the basic low-

level programs and data. ROM can be read from but not written to;
ROM chips are obtained from the manufacturer with programs
already stored in them. A power interruption does not erase data
written on ROM or on magnetic secondary storage devices.
However, a power interruption may corrupt the data.

1. Programmable ROM(PROM) can be programmed once.

2. Erasable programmable ROM(EPROM) can be erased using a

special process and then reprogrammed.

2. Peripheral Equipment

- this encompasses the auxiliary machines that may be placed under the control
of the CPU. Classified as on-line or off-line, it consists of input, storage and

4
output devices.

a. Input devices/ Data entry devices

- these are devices that provide a means of transferring data into
CPU storage.
- Examples (data entry terminal, magnetic diskette drive, magnetic
ink character reader, optical scanner, console, remote terminals, point-of-
sale stations, Bar code readers, etc)

b. Output devices
- these are devices that produce readable data for users or
imputable data for further processing.
- Examples (Cathode ray tube, printers, plotters, magnetic tape,
microfilm, microfiche, multimedia output device, etc)

c. Storage Devices
- these are devices that store data that can be subsequently used by
the CPU. Classified as sequential or random access, and secondary storage
devices, data are made available to the CPU by a peripheral processor.
- Examples (Magnetic drum, magnetic disk, magnetic cards/strips,
floppy disks,CD-ROM, image processing)

d. Other peripheral equipment

1. Controllers
- hardware unit designed to operate specific input or output
units
- these devices eliminate the need for the CPU to operate
such devices.
- Examples (Terminals and printers)

2. Channels
- hardware units located within or outside the CPU that are
designed to handle the transfer of data into or out of primary
storage (memory). Thus, the CPU need not handle the
transfer of data.

3. Console
- it is used for communication between an operator or
engineer and the computer.

5
 - it permits the computer to exchange instructions with the
operator, logs jobs, and provides a printout of activity that
can be reviewed by auditors and the control group.

4. Node
- hardware device in a network that can act as a message
buffer (hold part of the message until the rest is received),
switch messages, and serve as an error control.
- a node can be a computer, controller or multiplexor.

5. Emulator
- hardware device that permits one system to imitate another,
that is, to use the same data and programs and obtain the
same results as the other system.

6. Performance Monitor
- hardware or software that observes and records system
activities
- Examples (electrical activity or data about program
execution)

II. SOFTWARE

- These are softwares that supervise the operations of the CPU, control the
input/output functions of the computer system, translate the programming
languages and provide various other support activities.

a. Systems Software
- softwares that supervise the operations of the CPU, control the input/output
functions of the computer system, translate programming languages and provide
various other support services. They include:

1. Operating Systems
- controls and schedules hardware use. It is a set of software program that
helps a computer run itself, and the application programs designed for it.
- to communicate with the user, the operating system of a personal
computer may include a graphical user interface (GUI) which employs
graphic icons to represent activities, programs and files.
- Examples (DOS, Windows, Macintosh, UNIX, AmigaOS, etc)

6
 - several different operating systems permit a single configuration of
hardware to function in the following modes:

i. Multiprogramming
- the operating system processes a program until an input/output
operation is required.

ii. Multiprocessing
- multiple CPUs process data while sharing peripheral units,
allowing two or more programs to be executed simultaneously.

iii. Virtual storage

- the system brings to primary storage from secondary storage the
“page” of the program that the user is working on.

iv. Batch Mode (single thread)

- programs are processed from beginning to end without
interruption in processing.

v. Time sharing
- differs from multiprogramming in that the CPU spends a fixed
amount of time on each program.

vi. Multitasking
- multiprogramming on a single-user operating system, for
example, in a microcomputer.

2. Database management systems (DBMS)

- perform multipurpose data handling functions.
- allows programmers and designers to work independently of the
physical and logical structure of the database.
- comprehensive software package for the purpose of creating, accessing,
and maintaining a database. Three primary methods of structuring a
database include:

i. Hierarchical
- the data elements at one level “own” the data elements at the next
lower level

ii. Networked
- each data elemet can have several owners and can own several
other elements

7
 iii. Relational
- a database with the logical structure of a spreadsheet.

3. Utility programs
- perform basic EDP operations such as sorting, merging and other file
maintenance.

4. Interpreting program
- translates instructions written in the programming language into
machine language.

5. Compiler program
- reads ad converts the whole program first and execute it after the entire
source code has been translated.

6. Source programs
- programs written in all non-machine languages or source languages.
They can be converted into object programs before they can be used
directly by a processor.

7. Object program
- a program of machine readable and executable instructions to be
followed by the CPU. Only an object program can actually be used to run
a computer.

8. Assembler program
- programs that convert source programs written in assembler language
( a mnemonic language) into object programs.

9. Telecommunications monitor program

- provides edit capabilities and file maintenance to users, monitors on-line
terminals and handles input to application programs.

10. Access control software

- protects files, programs, data dictionaries, processing etc., from
unauthorized access; restricts use of certain devices and may provide an
audit trail for access attempts.

b. Application (user) programs

- these are programs that are written to perform specialized functions or data
processing requirements in any applied discipline such as business science,

8
 medicine, education and law enforcement.
- Application programs may be developed internally or purchased from vendors

1. Vendor-produced software
- is in either source code or object code but vendors prefer to sell the latter.

2. Application software production

- a vital aspect of system development, and control over its maintenance.

III. PERSONNEL

- Without people, nothing seems to function, certainly not with computer

systems.

a. Information Systems EDP Manager

- has overall responsibility for supervising and controlling all activities
performed in the data processing department such as designing, developing and
maintaining the business systems and running the data processing equipment.

b. Systems Development Personnel

1. Systems Analyst

i. Receives potential applications of data processing and works with

users in defining requirements for information.

ii. Evaluates the existing application system and designs new or

improved data processing procedures.

iii. Designs the various computerized and manual control.

iv. Monitors the program maintenance function and maintains

systems documentation.

2. Systems Programmer

i. Writes and maintains programs that manage the resources of the

computer system.

ii. Provides the link between the needs of application systems and the
requirements.

iii. Supplies technical guidance concerning the operating system to all

other members of the data processing staff.

9
 3. Application Programmer

i. Determines the logic of the computer programs required by the

overall system designed by the systems analysts.

ii. Codes the computer procedures for programmed controls.

iii. Debugs the resulting program and prepares documentation.

4. Database administrator

i. Responsible for maintaining the database and restricting access to

the database to authorized personnel.

ii. Controls all aspects of the design and development of database and
is responsible for the preparation of the data dictionary.

iii. Provides continuing liaison between the EDP design team and the
users in regard to logical file structures and data content.

c. Operations Personnel

1. Computer Operator

i. Responsible for the daily operations of both the hardware and the
software.

ii. Mounts magnetic tape on the tape drives, supervise operations on

the operator’s console, accept any required input and distributes
any generated output.

iii. Provides physical security over data and program files that are in
an operational mode.

2. Data Entry Operator

i. Converts manual input to machine-readable form by entering it in a

keyboard into a device that will either record the data on machine-
readable media (cards, disks or tape) or enter it directly into the
computer for processing.

3. Librarian

i. Maintains custody and control over magnetic tapes, computer

documentation, and other computer related software.

10
 4. Control Clerk

i. Acts as liaison between users and the processing centers.

ii. Monitors manual input that is transmitted from the functional areas
(e.g. payroll and shipping)

iii. Monitors computer output, performs control balancing and

distributes reports coming from the system.

iv. Maintains error logs and ensures compliance with control totals.

IV. PROCEDURES

- These refer to the process for obtaining and preparing data, operating the
computer, distributing the input from computer processing and
controlling processing steps.

V. DATA

- Raw facts t be gathered, processed to generate information which in turn s

presented to the user as basis for decision making.

EDP SYSTEMS COMMONLY FOUND IN THE BUSINESS

ENVIRONMENT
1. Batch Processing

This is one of the widely used type of data processing which is also known as
serial/sequential, tacked/queued of offline processing wherein records are collected
intro groups (batches) before processing. The fundamental of this type of processing is
that the different jobs of different users are processed in the order received. Once the
stacking of jobs is complete they are provided/sent for processing while maintaining the
same order. This processing of a large volume of data helps in reducing the processing
cost thus making it data processing economical.

Examples include payroll and billing system, employee’s detail concerning the
number of hours worked, rate of pay, and other details are collected for a period of
time. These details are then used to process the payment for the duration worked.

11
 This type of system is best for large organizations.

Advantages:

 Repeated jobs are done fast without user interaction.

 Best for large organizations but small organization can also benefit from it.

 This system can work offline.

 The idle time is very less.

 This system can manage large repeated work easily.

Disadvantages:

 It is difficult to debug batch systems.

 Batch systems are costly.

2. Online Processing

This processing method is a part of automatic processing method. This method is

known as direct or random access processing. Under this method the job received by
the system is processed at same time of receiving. This can be considered and often
mixed with real-time processing. This system features random and rapid input of
transaction and user defied/ demanded direct access to data bases/content when
needed.

Advantages:

 This system has quick response time.

 It is easy to use. Tasks get processed automatically by the web and database
servers.

 Online banks, nowadays, use online processing systems for money

transactions.

Disadvantages:

 It is difficult to handle. (Ex. Million requests to banks at a time in an online

transaction)

12
  In online purchases, if servers hang out for a few seconds, there can be
interruptions.

 Electricity problem

 This system needs a lot of staff to maintain inventory.

3. Real time processing

This method is used for carrying out ‘real-time’ processing. This is required where
the results are displayed immediately or in lowest time possible. The data fed to the
software is used almost instantaneously for processing purpose. The nature of
processing of this type of data processing requires use of internet connection and data is
stored/used online. No lag is expected/acceptable in this type and receiving and
processing of transaction is carried out simultaneously. This method is costly than batch
processing as the hardware and software capabilities are better. Example includes
banking system, tickets booking for flights, trains, movie tickets, rental agencies etc.

Advantages:

 It shortens the cash cycle of a firm which gives a competitive advantage in

the marketplace.

 It reduces the amount of paper documents in systems.

Disadvantages:

 It usually uses two or more processors to share the workloads which makes
it costly.

 It requires large communication equipment.

4. Distributed Data Processing

This is a computer-networking method in which multiple computers across different

locations share computer-processing capability. This is commonly utilized by remote
workstations connected to one big central workstations or server. Machines run on a
fixed software located at a particular place and makes use of exactly same information
and sets of instruction.

Examples are banks, computerized retail stores (e.g. supermarkets)

13
 Advantages:

 Increased user satisfaction

 Improved operational efficiency

 Lower cost

Disadvantages:

 Loss of control

 Inefficient use of resources

 Destruction of audit audit trail

 Inadequate segregation of duties

 Increased potential for programming errors and system failures

 Lack of standards

Impact of Computers on Accounting System

Information technology advancements have greatly helped the accounting systems
of business entities. Because of today’s computerized accounting information systems,
business performance seems to improve. Many transaction processes were simplified
thus creating efficient operations. The affordability of computer technology for small
business entities creates great opportunities for these entities to improve their business.

Information technology advancements made effective and efficient information

flow that enhances managerial decision-making. This in turn, may increase the
prospects of the firm’s survival. Information technology applied in accounting is not
perfect. Sometimes we must consider the fact that they are just piece of technology.

With regards to the accounting information system of a business, these systems

greatly help in the accounting processes. However, we must consider the possibility
that the system might be ineffective sometimes, same with some accounting software.
Business entities much choose compatible systems and software for them to be effective.

Advantages of using Computers on Accounting Systems

14
 Speed : Accounting data is processed faster by using a computerized accounting
system than it is achieved through manual efforts. This is because computers
require far less time than human beings in performing a task.

 Accuracy : The possibility of error is eliminated in a computerized accounting

system because the primary accounting data is entered once for all the
subsequent usage and processes in preparing the accounting reports. Normally,
accounting errors in a manual accounting system occur because of repeated
posting of same set of original data by several times while preparing different
types of accounting reports.

 Reliability : The computer system is well-adapted to performing repetitive

operations. They are immune to tiredness, boredom or fatigue. As a result,
computers are highly reliable compared to human beings. Since computerized
accounting system relies heavily on computers, they are relatively more reliable
than manual accounting systems.

 Up-to-date Information : The accounting records, in a computerized accounting

system are updated automatically as and when accounting data is entered and
stored. Therefore, latest information pertaining to accounts get reflected when
accounting reports are produced and printed. For example, when accounting
data pertaining to a transaction regarding cash purchase of goods is entered and
stored , the cash account, purchase account and also the financial statements
(trading and profit/loss accounts) reflect the impact immediately.

 Real time user interface : Most of the automated accounting systems are inter-
linked through network of computers. This facilitates the availability of
information to various users at the same time on the real time basis (that is
spontaneously).

 Automated document production : Most of the computerized accounting systems

have standardized, user defined format of accounting reports that are generated
automatically. The accounting reports such as cash book, trial balance, statement
of accounts are obtained by just a click of a mouse in a computerized accounting
environment.

 Scalability : In a computerized accounting system, the requirement of additional

manpower is confined to data entry operators for storing additional vouchers.
The additional costs of processing additional transactions is almost negligible. As
a result, the computerized accounting systems are highly scalable.

15
  Legibility : The data displayed on computer monitor is legible. This is because
the characters (alphabets, numerals, etc.) are typewritten using standard fonts.
This helps in avoiding errors caused by untidy written figures in a manual
accounting system.

 Efficiency : The computer-based accounting systems ensure better use of

resources and time. This brings about efficiency in generating decisions, useful
information and reports.

 Quality Reports : The in-built checks and untouchable features of data, handling
facilitate hygienic and true accounting reports that are highly objective and can
be relied upon.

 MIS Reports : The computerized accounting system facilitates the real time
production of management information reports, which will help management to
monitor and control the business effectively. Debtors’ analysis would indicate the
possibilities of defaults (or bad debts) and also concentration of debt and its
impact on the balance sheet. For example, the company has a policy of restricting
the credit sales by a fixed amount to a given party, the information is available on
the computer system immediately when every voucher is entered through the
data entry form. However, it takes time when it comes to a manual accounting
system period. Besides, the results may not be accurate.

 Storage and Retrieval : The computerized accounting system allows the users to
store data in manner that does not require a large amount of physical space. This
is because the accounting data is stored in a hard-disk, CD-ROM, floppies that
occupy a fraction of physical space compared to books of accounts in the form of
ledger, journal and other accounting registers. Besides, the system permits fast
and accurate retrieval of data and information.

 Motivation and employees interest : The computer system requires a specialized

training of staff, which makes them feel more valued. This motivates them to
develop interest in the job. However, it may also cause resistance when we
switched over from a manual system to a computer system.

Limitations of Using Computers on Accounting System

The main limitations emerge out of the environment in which the computerised
accounting system is made to operate. These limitations are as given below ;

16
 Cost of Training : The sophisticated computerised accounting packages generally
require specialised staff personnel. As a result, a huge training costs are incurred
to understand the use of hardware and software on a continuous basis because
newer types of hardware and software are acquired to ensure efficient and
effective use of computerised accounting systems.

 Staff Opposition : Whenever the accounting system is computerised, there is a

significant degree of resistance from the existing accounting staff, partly because
of the fear that they shall be made redundant and largely because of the
perception that they shall be less important to the organisation.

 Disruption : The accounting processes suffer a significant loss of work time when
an organisation switches over to the computerised accounting system. This is
due to changes in the working environment that requires accounting staff to
adapt to new systems and procedures.

 System Failure : The danger of the system crashing due to hardware failures and
the subsequent loss of work is a serious limitation of computerised accounting
system. However, providing for back-up arrangements can obviate this
limitation. Software damage and failure may occur due to attacks by viruses.
This is of particular relevance to accounting systems that extensively use Internet
facility for their online operations. No full proof solutions are available as of now
to tackle the menace of attacks on software by viruses.

 Inability to Check Unanticipated Errors : Since the computers lack capability to

judge, they cannot detect unanticipated errors as human beings commit. This is
because the software to detect and check errors is a set of programmes for known
and anticipated errors.

 Breaches of Security : Computer related crimes are difficult to detect as any

alteration of data may go unnoticed. The alteration of records in a manual
accounting system is easily detected by first sight. Fraud and embezzlement are
usually committed on a computerised accounting system by alteration of data or
programmes. Hacking of passwords or user rights may change the accounting
records. This is achieved by tapping telecommunications lines, wire-tapping or
decoding of programmes. Also, the people responsible for tampering of data
cannot be located which in a manual system is relatively easier to detect.

 Ill-effects on Health : The extensive use of computers systems may lead to

development of various health problems: bad backs, eyestrain, muscular pains,

17
 etc. This affects adversely the working efficiency of accounting staff on one hand
and increased medical expenditure on such staff on the other.

FOLLOWING ARE CERTAIN INTERNAL CONTROL

CHARACTERISTICS THAT DISTINGUISH CLS FROM
MANUAL SYSTEM.
1. Lack of audit trail in computer generated data.

Audit trail is a series of audit evidences provided through chain of documents

and -cross-referencing connecting balances per trial balance with orrgina!
transactions. If the chain of evidence relating to a particular account balance is
broken somewhere it is said that audit trail is missing.
Examples of missing audit trail
a) The computer may generate totals and balances without printing the details.
b) In certain cases no assurance can be provided visually as regards completeness of
the printed reports.
c) Employee punch time clock with magnetic identification card, and the system
automatically records hours worked. The time cards (which are available in
manual system) are not prepared.
d) In a manual system, in order to correct a journal entry, a rectifying entry is
passed (sometimes error may be made in passing correcting entry and it can be
followed through). In CIS environment it is possible to manipulate the files
directly thus leaving no trace of initial entry and reasons for amending an entry.
In small organization, even a duplicate set of books can be printed in a few
hours. Where access is open to many users, weak controls over error correction
may create havoc.
e) In a manual system, folio numbers facilitate tracing flow of entries. In a computer
system folio numbers do not appear any where.f) Purchase orders are
automatically generated and sales orders accepted by the software.

2. Uniform processing of transactions.

The computer does not have the capability. of processing the data in a manner
other than programmed Generally, therefore, more reliance can be placed on
processing the data than in case of manual processing.

18
 3. Lack of segregation of functions
One of the techniques for achieving good internal control is that no one
department should be responsible for handling all phases of transaction and
where possible, following functions should be segregated.
a) Approval of transaction
b) Recording
c) Custody of related assets.

Such a division of responsibility provides a check on the accuracy of recorded

amounts. For example, the general ledger inventory control account maintained by the
accounting department will provide a check over the storekeeper. The storekeeper will
be alert in checking the accuracy of the receiving department records, as he will be
accountable for goods received form the receiving department.
Proper segregation of duties is easier in batch – type mainframe environment with a
large number of employees, than in on line system. The ideal segregation of duties is
not generally found in a computer system for the following reasons.
a) In case of on-line or real-time systems and in microcomputers the users
departments directly enter the data.
b) Computer operators may have a direct access to cash through preparation and
signing of cheques through computer.
c) Number of persons engaged in processing the data are considerablj lower than in
manual processing.
d) Only a few data processing personnel have complete knowledg about the
accounting system and internal controls.
e) Access of data is possible through the use of computer equipment remote
locations.
As a result of above, the individuals who have access to computer be in a position to
perform incompatible functions. Consequently, may make any alterations for their
advantage.
4. Potential for error:s and irregularities
Development, maintenance and execution of IT is more exposed to errors and
frauds due to the fact that computer programme which enable a to data and its
processing are generally stored at the same place where the data is stored,

19
 possibility for unauthorized access to accounting records and manipulation of
data is more likely in IT environment than is manual system. For example, in
some instances employees credited their personal accounts against outstanding
loans due form them. The error could not be detected on a timely basis.
Cases have also came to light where an employee who is debtor of the entity
credited his own account by transferring collections received from another
debtor. Likewise, a computer programme used to process accounts receivable
may be designated to raise a sales invoice as soon as a delivery note is entered on
computer. An employee made an unauthorized change in the programme and
caused substantial deliveries to special customers without raising an invoice.
In a manual system, the clerk who has written books can be identified by his
handwriting. Erasing figures are not permitted. In a computer system it may not
be easy to detect who has made the entries, because manual books do not exist
The information is only keyed to computer.
The amounts and entries can be easily altered.
Books of accounts in a manual system can be kept under lock and key. In a
computer system if passwords are not used, or not frequently changed , the
access to all books is easy.
In case of a software error, the resultant errors will continue unless corrected. If
the auditor tests a sample of population, he will only insist on correcting the
errors found and other errors may remain undetected. The same problem will be
repeated from year to year.
Another potential for irregularity is the alteration of a master file. If the access to
a master file is not restricted an employee can alter his salary on the master file.
The same amount of salary will be repeated every month on the payroll
summary. Collusion with a customer may cause his credit limit to be increased
on master file. The master file may also be changed for the discount rate allowed
to a customer.
Collusion with customer may also result in crediting his account with the
amount received from another customer. In manual system due to segregation of
duties commitment of this type of fraud is more difficult.
Erasing a complete record or a file to damage the company is far easier in a
computer system than in manual books.
5. lnililltion or execution of transactions

20
 In IT environment the approval of transactions is not evidenced in the same way
as in the manual procedure. For example a sale invoice on an on line system is
processed from shipping information received on the terminal through the
warehouse and on the basis of approved price list.
6. Potential for the use of computer assisted audit techniques
The computers may be used as audit tools either through audit software or test
data techniques. As a result audit procedures may be performed more effectively
and efficiently.
As in manual system, the auditor is required to carry out risk assessment in CIS
environment. However the CIS environment may affect the procedures for
assessment of inherent and control risk.
Two types of inherent and control risks in CIS environment are:
Deficiencies pervasive in CIS environment affecting multiple applications
(general CIS controls) Deficiencies related to specific areas (application controls)

FRAUD
Fraud is any and all means a person uses to gain an unfair advantage over another
person.

Elements

 A false statement (oral or in writing)

 About a material fact
 Knowledge that the statement was false when it was uttered (which implies an
intent to deceive)
 A victim relies on the statement thus, suffers injury or loss as a result

Computer Fraud
Computer fraud includes the following

 Unauthorized theft, use, access, modification, copying, and destruction of

software or data.
 Theft of money by altering computer records.
 Theft of computer time.
 Theft or destruction of computer hardware.
 Use or the conspiracy to use computer resources to commit a felony.

21
  Intent to illegally obtain information or tangible property through the use of
computers.

In using a computer, fraud perpetrators can steal:

 More of something
 In less time
 With less effort

They may also leave very little evidence, which can make these crimes more difficult to detect.

Computer systems are particularly vulnerable to computer crimes for several reasons:

 Company databases can be huge and access privileges can be difficult to create
and enforce.
 Consequently, individuals can steal, destroy, or alter massive amounts of data in
very little time.
 Organizations often want employees, customers, suppliers, and others to have
access to their system from inside the organization and without. This access also
creates vulnerability.

Modern systems are accessed by PCs, which are inherently more vulnerable to security risks and
difficult to control

 It is hard to control physical access to each PC.

 PCs are portable, and if they are stolen, the data nd access capabilities go with
them.
 PCs tend to be located in user departments, where one person may perform
multiple functions that should be segregated.
 PC users tend to be more oblivious to security concerns.

Computer Fraud Classification

Frauds can be categorized according to the data processing model:

Input

The simplest and most common way to commit a fraud is to alter computer
input.
 Requires little computer skills.

22
  Perpetrator only need to understand how the system operates
Examples
a) Disbursement Fraud
b) Inventory Fraud
c) Payroll Fraud
d) Cash Receipt Fraud
e) Fictitious Refund Fraud

Processor

Involves computer fraud committed through unauthorized system use.

 Includes theft of computer time and services.
 Incidents could involve employees:
o Surfing the Internet;
o Using the company computer to conduct personal business; or
o Using the company computer to conduct a competing business.

Computer instructions

Involves tampering with the software that processes company data.

May include:

 Modifying the software

 Making illegal copies
 Using it in an unauthorized manner
 Also might include developing a software program or module to carry out
an unauthorized activity.

Computer instruction fraud used to be one of the least common types of frauds
because it required specialized knowledge about computer programming beyond the
scope of most users. Today these frauds are more frequent, courtesy of web pages that
instruct users on how to create viruses and other schemes.

Stored data

Involves:
 Altering or damaging a company company’s data files; or
 Copying, using, or searching the data files without authorization.

23
 In many cases, disgruntled employees have scrambled, altered, or destroyed data
files.

Theft of data often occurs so that perpetrators can sell the data.

Most identity thefts occur when insiders in financial institutions, credit agencies,
etc., steal and sell financial information about individuals from their employer
employer’s database.

Output

Involves stealing or misusing system output.

Output is usually displayed on a screen or printed on paper. Unless properly
safeguarded, screen output can easily be read from a remote location using
inexpensive electronic gear. This output is also subject to prying eyes and
unauthorized copying.

Fraud perpetrators can use computers and peripheral devices to create

counterfeit outputs, such as checks.

Computer Fraud and Abuse Techniques

1. Data Diddling
Changing data before, during, or after it is entered into the system.
Can involve adding, deleting, or altering key system data.
2. Data Leakage
Unauthorized copying of company data.
3. Denial of Service Attacks
An attacker overloads and shuts down an Internet Service Provider’s
email system by sending email bombs at a rate of thousands per second
system second——often from randomly generated email addresses.
4. Eavesdropping
Perpetrators surreptitiously observe private communications or
transmission of data.
Equipment to commit these “electronic wiretaps” is readily available at
electronics stores.
5. Email Threats

24
 A threatening message is sent to a victim to induce the victim to do
something o that would make it possible to be defrauded.
6. Hacking
Unauthorized access to and use of computer systems—usually by means
of a personal computer and a telecommunications network.
something o that would make it possible to be defrauded.

7. Phreakers
Hacking that attacks phone systems and uses phone lines to transmit
viruses and to access, steal, and destroy data.
8. Hijacking
Involves gaining control of someone else computer to carry out illicit
activities without the user’s knowledge.
9. Identity Theft
Assuming someone’s identity, typically for economic gain, by illegally
obtaining and using confidential information such as the person using
social security number, bank account number, or credit card number.

10. Internet Misinformation

Using the Internet to spread false or misleading information about
companies.
11. Internet Terrorism

Hackers use the Internet to disrupt electronic commerce and destroy

company and individual communications.

25