Professional Documents
Culture Documents
Question 1
Snapshot:
1. General control
- Related to the overall information processing environment
- It relates to the overall environment within which computer base accounting systems
are developed, maintained and operated to all the applications
- General controls are sometimes referred to as supervisory, management or information
technology controls
- Example: server, hard disc, accounting system
2. Application control
- It applies to the processing of individua accounting application
- Example: Purchasing module > help to ensure the completeness and accuracy of
purchasing transaction processing, authorization and validity
Snapshot:
1. Control environment
- Foundation/ framework > discipline and structure of the company
- IT affects all the factors that affect the control environment
- Example: Implementation of accounting system> ERP system or normal accounting
system or manual system> character of management team
2. Control procedures
- Information processing > IT affects the control procedures that ensure management’s
directives are carried out
- Example: ERP system > management’s emphasized on the strong internal control
3. Business risk
- IT affects the business risks that influence the achievement of entity objectives > risk
management
- Example: Install fire alarms and smoke detectors to minimize the fire risk
- Example: Proper authorization via accounting systems (ERP) > reduce human risk
5. Monitoring activities
- It affects all the monitoring activities > to ensure its effectiveness and efficiency in
operation
- Example: Using accounting system to monitor the purchasing process flow ( PR to PO to
GRN to matching SI and PR/PO/GRN to GL recording to Payment), i.e no payment can be
made before key in PR, PO, GRN and SI
d) Describe THREE (3) security and access controls on IT that may be implemented by an
organization.
Snapshot:
1. Restricting access
- Restricting access to computers to authorized users only such as locked doors,
authorized cards, windows log in
- Example: Authorized personnel only can be access into the computer room with
authorised access card
2. Logging or trails
- Logging or trail to record and monitor access to computer files and programmes
- Example: Log on based on company and functions
3. Password
- Password to restrict access to programme and data files
- Example: password set by individual users
Question 2
a) Identify and explain four matters that the audit partner of your firm should consider before
deciding whether to accept the appointment as the company’s auditors.
Snapshot:
Refer to Tutorial 8, Q1
1. Qualification to act as auditor > Independent > companies Act 2016
2. Ethical matters > 5 ethical principles & ethical threats
3. Technical competence > knowledge of the industry
4. Resources available > audit staff and audit techniques
5. Risk assessments > auditor business risk
6. Replacement of previous auditor > serious disagreements
7. Procedures for obtaining information > third party inquiry > integrity of management
b) Explain why it is important for a strong internal to be exercised over the development of the
new computer accounting system.
Snapshot :
c) Outline FIVE (5) examples of controls to prevent unauthorized changes to data files that you
would expect to find in the new accounting system of YY.
Snapshot:
a. Under general controls
1. Data centre and network operations control
-Example : only authorised personnel can access to the data centre
3. Processing controls
-Refers to the process flow > i.e to increase business process reliability and efficiency
and ensure compliance with a broad range of regulations
- Example: Purchasing modules required the following process flow PR>PO>GRN>
Matching PI and GRN and PO > Payment
4. Output controls
-Output controls assist to manage the business transactions and reports required
within the company
- The application uses interfaces that were predefined in customizing for condition
to call up output control
- Example: Output control on the basis of sales document type (Sales Order,
Delivery
Order, Sales Invoice)
-Example: Output control on SOPL and SOFP and only can be read by Accountants.
5. Error controls
-Error control is the process of detecting and correcting the errors during data
capturing or transmission
- Example: Prompt out “ Server Error message” when the system detected an error
that resulted the user cannot proceed to next progress
d) Describe the effect that the existence of the new accounting system will have on the planning of
the financial statements audit of the company.
Snapshot:
1. Control risk increase > do more audit work to collect audit evidence
Data conversion from existing system to new systems, i.e. to ensure all the opening
balances (SOFP) were properly reconciled.
2. Extra time is required to test the new system and ensure that it support YY’s business
3. May need to adopt audit through the computer
4. Assign of more experienced audit staff with required IT knowledge, expertise and
experience to the engagement team
5. Increased supervision and review of the audit work performed
Question 3
[Refer to case study of tutorial]
a) Explain what you understand by the term “audit trail”. Illustrate your answer.
Snapshot:
- Audit trails means a chain of evidence provided by documentation or other cross
referencing that connects account balances and other summary results with original
transaction data.
- Example : Electronic audit trail gives a step by step documented history of a transaction.
It enables an auditor to trace the financial data from general ledger to the source
document
b) Explain why there is often a loss of visible audit trail in many computer-based accounting
systems.
Snapshot:
- In an advanced IT system, many computer based programs lack of visible audit trail
because it only exist in electronic form. There are fewer hardcopy form of documents.
Most of the data is stored in the electronic format which lack audit trail
c) Describe FIVE (5) factors that should be considered by you in determining the audit approach.
Snapshot:
1. Staffing requirements and use of expert
- Example : Audit through computer required IT experts
2. Consideration of materiality and risk
- Example: Audit through computer required when consist of large volume of business
transactions i.e high audit risk
- Example : Audit through computer required when there is no visible trail
Question 4
Identify FIVE (5) internal control procedures to facilitate the physical security of a computer-based
accounting system and related software.
Snapshot:
3. Authorization control
- Authorization controls that limit access only to authorized information user
identification controls
- Example : Using passwords and data communication controls such as encryption of data
to restrict access to authorized personnel only
Question 5
a) Explain why Top Secret should run both the existing and new system alongside each other prior
to live running of the new system.
Snapshot:
1. Parallel running of two computer system, i.e the old system and the new system prior to
solely using the new system is a common technique that is used to ensure that the new
system is operating satisfactorily and that all information produced is complete and
accurate prior to discontinuing the use of the old system
2. Clearly the directors would not want to transfer over to the new system unless they are
confident that all information is being accurately processed and that information can be
produced on a timely basis and ban be relied upon
3. During the period of parallel run, identical information would be produced from both
system and compared to ensure that both are identical. In the event that any differences
were found these should be investigated and corrected prior to discontinuing use of the
old system
b) Explain why as company auditor would wish to be involved at this stage of the development
process of the new computer-based accounting system.
Snapshot:
1. To facilitate the timely examination and testing of the controls within the new computer
based accounting system > to validate the reliability of the new computer based
accounting system
2. Need to review the output from both systems and compare the two to validate their
accuracy and reliability of the new computer based accounting system
3. Need to review the procedures( and test compliance with those procedures) operated
by the company’s staff to test the reliability of the new systems
4. In the event that auditor found any errors or encountered problems with the data or
procedures auditor will make relevant recommendations to management.