Scribd Logo
Upload

Welcome to Scribd!

  • CHAPTER7

    Uploaded by

    neilonlinedeals
    13 views3 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    13 views3 pages

    CHAPTER7

    Uploaded by

    neilonlinedeals

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    CHAPTER 7

     Characteristic of CIS
    - Lacks of visible transaction traits
    In a manual system, it is normally possible to follow a transaction through the
    system by examining source documents, entity’s records, and financial reports.
    In a CIS environment, data can be entered directly into the computer system
    without supporting documents. The absence of these visible documents
    supporting the process of transactions makes the examination of evidence more
    difficult.

    - Consistency of Performance
    CIS performs functions exactly as programmed. If the computer is programmed
    to perform a specific data processing task, it will never get tired of performing
    the assigned task in exactly the same manner.

    - Ease of Access to Data and Computer Programs


    In a CIS environment, data and computer programs may be accessed and
    altered by unauthorized persons leaving no visible evidence.

    - Concentration of Duties
    The ability of the computer to process data efficiently, there are functions that
    are normally segregated in manual processing that are combined in a CIS
    environment.

    - System generated transactions


    Certain transactions may be initiated by the CIS itself without the need for an
    input document.

    - Vulnerability of data and program storage media


    In a manual system, the only way to lose the information is to lose or to destroy
    the physical records. In a CIS environment, the information on the computer can
    be easily changed leaving no trace of the original content.

     Internal Control in a CIS environment


    - General Controls
    Control policies and procedures that relate to the overall computer information
    system.

    1. Organizational Controls
    a. Segregation between the CIS department and their
    departments.
    b. Segregation of duties within the CIS departments

    CIS Directors – exercises control over the CIS operation


    System Analyst – designs new systems, evaluates and improves
    existing systems
    Programmer – test and debugs such programs, and prepare the
    computer operating instructions
    Computer Operator – operates the computer to process
    transactions
    Data Entry Operator – prepares and verifies input data for
    processing
    Control Group – reviews all input procedures, monitors
    computer processing, follows up data processing errors,
    reviews the reasonableness of output and distributes
    output to authorized personnel.

    2. Systems development and documentation controls


    To ensure those computer programs are functioning as
    designed, the program must be tested and modified if needed
    by the user and CIS department.

    3. Access Controls
    Every computer system should have adequate security controls
    to protect equipment, files and programs.

    4. Data recovery controls


    Provides for the maintenance of back-up files and off-site
    storage procedures.

    5. Monitoring Controls
    Designed to ensure that CIS controls are working effectively as
    planned.

    - Application Controls
    1. Controls over input
    Field desk – ensures that the input data agree with the required field
    format.
    Validity Check – information entered are compared with valid
    information in the master file to determine the authenticity of the
    input.
    Self-checking digit – detect common transposition errors in data
    submitted for processing.
    Limit Check – to ensure that data submitted for processing do not
    exceed a pre-determined limit.
    Control totals – computed based on the data submitted for processing.

    2. Controls over processing – provide reasonable assurance that input data are
    processed accurately.

    3. Controls over output – distributed only to authorized personnel.

    - Test of Control in a CIS environment


    Evaluating the client’s internal control policies and procedures to determine if
    they are functioning as intended. Testing the reliability of general controls may
    include observing clients personnel in performing their duties, inspecting
    program, documentation and observing the security measures in force.

     Auditing Around the Computer


    Using this approach, the auditor ignores the client’s data processing procedures,
    focussing solely on the input documents and the CIS output. It can be used only if there
    are visible input documents and detailed output that will enable the auditor to trace
    individual transactions back and forth.

     Computer Assisted Audit Techniques (CAATs)


    Computer programs and data which the auditor uses as part of the audit procedures to
    process data of audit significance contained in an entity’s information systems.

    You might also like