Professional Documents
Culture Documents
eGrove
Industry Guides (AAGs), Risk Alerts, and American Institute of Certified Public
Checklists Accountants (AICPA) Historical Collection
1981
Recommended Citation
American Institute of Certified Public Accountants. Auditing Minicomputer Task Force, "Audit and control
considerations in a minicomputer or small business computer environment; Computer services
guidelines" (1981). Industry Guides (AAGs), Risk Alerts, and Checklists. 712.
https://egrove.olemiss.edu/aicpa_indev/712
This Book is brought to you for free and open access by the American Institute of Certified Public Accountants
(AICPA) Historical Collection at eGrove. It has been accepted for inclusion in Industry Guides (AAGs), Risk Alerts,
and Checklists by an authorized administrator of eGrove. For more information, please contact
egrove@olemiss.edu.
COMPUTER SERVICES GUIDELINES
Prepared by
AICPA Staff
Alan Frotman, Manager
Approved by
AICPA Staff
Donald L. Adams, Vice President
Administrative Services
Alan Frotman, Manager
COMPUTER SERVICES GUIDELINES
AUDIT CONSIDERATIONS
Planning the Audit 11
Obtaining Knowledge of the Entity 12
Study and Evaluation of Internal Accounting Controls 12
Substantive Audit Techniques 13
Computer-Assisted Audit Techniques 13
Summary 15
APPENDIX
A Minicomputer System 16
Hardware Features of a Minicomputer System 17
Software Features of a Minicomputer System 18
Using a DFU as an Adult Tool 23
Preface
Minicomputers are used in many companies to the audit and control considerations in that en
automate processing of financial data. An in vironment.
creasing number of auditors are encountering It may be helpful for the reader to be
the widespread use of minicomputers to pro aware of certain other AICPA publications that
cess financial information. provide basic information on internal controls
A u d it a n d C o n tro l C o n s id e ra tio n s in a M in i and audit considerations in computer systems.
c o m p u t e r o r S m a ll B u s in e s s C o m p u te r E n v ir o n These AICPA publications include
m e n t is intended to be a basic document for
• T h e A u d it o r ’s S tu d y a n d E v a lu a tio n o f In te r
the minicomputer environment. The reader
n a l C o n tro l in E D P S y s te m s (1977)
should already have a basic knowledge of
data processing concepts. Although prepared • M a n a g e m e n t, C o n tro l a n d A u d it o f A d
primarily for the independent CPA, this guide v a n c e d E D P S y s te m s (1977)
line can also be useful to internal auditors, EDP • A u d it C o n s id e ra tio n s in E le c tro n ic F u n d s
auditors, data processing managers, and man T ra n s fe r S y s te m s (1978)
agers of businesses that use minicomputers. • C o m p u te r - A s s is te d A u d it T e c h n iq u e s (1979)
The purposes of this publication are to define a • C o n tro ls O v e r U s in g a n d C h a n g in g C o m
minicomputer environment, to provide the p u t e r P ro g ra m s (1979)
reader with an understanding of that environ
• A u d it A p p r o a c h e s fo r a C o m p u te r iz e d In v e n
ment, and to offer guidelines for addressing
to ry S y s te m (1980)
v
The Minicomputer
Environment
The purpose of this guideline is to assist the • Control-related characteristics of the mini
auditor in planning and conducting an audit in computer environment.
an environment where a minicomputer is used • Risks and controls to reduce these risks.
to process significant accounting data. The fol • Audit considerations and substantive audit
lowing specific matters will be addressed: techniques.
1
system adds a new dimension that is not ad age media containing input transactions are
dressed in this document. generally used by another computer to process
and to update application master files. The
Data Entry. Some minicomputers are exclu minicomputer environment in which data entry
sively used to convert source transactions into is the only function performed is not covered in
machine-readable form, thereby replacing key this guideline.
punch machines and punched cards. The stor
1AICPA, Statement on Auditing Standards 1, Codification of Auditing Standards and Procedures (New York: 1973), section
320, paragraph 33.
2AICPA, Statement on Auditing Standards 3, The Effects of EDP on the Auditor's Study and Evaluation of Internal Control
(New York: 1974), paragraph 3.
2
Control Considerations in a
Minicomputer Environment
The characteristics of the minicomputer envi extent to which the application is automated,
ronment described in the preceding section according to the type and significance of finan
may result in a weak overall control of that cial transactions being processed, and accord
environment. This section identifies and de ing to the application controls established
scribes several of the control characteristics within the system.
that may exist in the minicomputer environ Figure 1 summarizes the characteristics of
ment, the risks associated with these charac the minicomputer environment, lists the risks
teristics, and the controls required to reduce associated with each characteristic, and identi
these risks.3 fies some controls (see figure 1 at the end of
The impact of these characteristics and this section).
the associated risks will vary according to the
3For a more complete discussion of controls see The Auditor's Study and Evaluation of Internal Control in EDP Systems (New
York: AICPA, 1977).
3
changes, additions, and deletions to the em processing. For example, these control totals
ployee payroll master file could be authorized could be recorded manually in batch control
in writing on prenumbered forms and posted to logs. The control log totals could then be rec
the master file by an application program. A onciled with input and output totals by the
control over the posting might be to compare same individual who enters and processes the
the record count and totals on the file mainte transactions, but it might be more effective if
nance listing with predetermined totals made the logs were maintained by another individual
from the source documents to ensure that only who is independent of the data entry and proc
authorized changes have been made and that essing functions.
all source documents have been accounted The lack of segregation of functions be
for. tween EDP and users has a pervasive effect on
Transaction counts and other batch-type the structure of internal accounting controls in
controls may be employed in minicomputer an organization. Many of the potential risks as
systems. Control totals may be established sociated with the other characteristics of the
over the number of transactions and other sig minicomputer environment are related to the
nificant numeric information to be entered for lack of segregation of functions.
4
ment individual is assigned primary responsi The availability of these library directories de
bility for the system, including dealing with the pends on the particular computer system and
hardware and software vendor, maintaining the its systems software. If library directories are
system, and training the operators. not available, management may periodically
compare the program in use with an authorized
Risks. Unrestricted access to program or data version to verify that the correct program is
files may result in unauthorized access to infor being used.
mation and in the perpetration and conceal Some minicomputers use interpretive lan
ment of errors or irregularities. guage programs that are stored in source
code and converted to machine-executable in
Controls. Controls over access to programs structions each time the instruction is exe
can vary considerably in a minicomputer envi cuted. Control over program changes may be
ronment. The form in which programs are a problem in such installations because
maintained (object code or source code) can changes can be made without leaving any evi
limit their exposure to unauthorized changes. dence of the change. Some manufacturers pro
Some programming languages (for example, vide the user with ability to lock the program
COBOL and RPG) require the use of a com files, making them inaccessible for unauthor
piler to convert the source code (programming ized modification.
language) into object code (machine-executa System software may provide an access
ble statements). When application programs control to program and data files similar to that
are not available to the user in source code of a librarian function by requiring the insertion
form, unauthorized changes are difficult to of a code or password into the system before
make, and this control may make certain an individual can gain access to files and data.
changes virtually impossible. Programs can be However, this control will be effective only if the
modified more easily if source code is avail code is restricted to individuals whose duties
able; in such cases, the compiler could be require access to program files and data.
maintained off-line in a secured area. The audi Systems software controls may permit em
tor should be aware, however, that copies of ployees with different levels of responsibility to
compilers can be obtained from outside have different access and inquiry capabilities.
sources and copied onto the system to perform For example, a “ read only” facility permits in
unauthorized programming activity. quiry of the master files and the execution of
Some minicomputers provide system- programs but prohibits modification. Through
generated library directories containing the this control, management could limit the payroll
date on which the object programs were cata clerk to processing only payroll functions and
logued to the system. Management may com could assign another individual, such as the
pare these directories with manually main personnel manager, to updating the employee
tained records to determine that only master files for processing other payroll
authorized program changes have been made. changes.
5
Utility Programs
Many minicomputer systems have utility pro used to fraudulently modify significant financial
grams that allow nontechnical personnel to data. Since they are designed for general use,
build, change, and access data files. These utility programs may not contain all the controls
utility programs are frequently used for routine that are desirable for a particular function.
functions, such as data capture and file main
tenance. Controls. Using passwords to limit access to
data files may prevent an unauthorized individ
Risks. Utility programs provide opportunities ual from updating or changing the contents of
for unauthorized access and changes to data a file. Also, the company may use application
files. For example, they can be used to add programs rather than utility programs to update
unauthorized employees to a payroll master file transaction or master files.
without leaving an audit trail, or they can be
Diskettes
Diskettes—also known as floppy disks—are a The use of diskettes as the storage me
direct access magnetic storage medium with dium for master files creates the risk of data
limited storage capacity used in some mini manipulation through data entry devices as
computers to maintain both master files and well as through computer programs. Informa
transaction files. They are not normally used on tion on diskettes may be modified by data en
large-scale computers for this purpose. try devices without producing a record of the
change.
Risks. If the system software does not include
the capability to perform effective internal label Controls. These risks may be decreased by
checking on diskettes, the identification of the restricting access to diskettes to authorized in
correct version of the file is largely the respon dividuals only. A control feature on some mini
sibility of the operator who, in some cases, computers allows the user to store data on
may also be the user. As a result, there are no diskettes in a format that is not readable by
controls to prevent the processing of wrong data entry devices. Manual logs may also be
files, to detect errors in file changes, or to maintained to control the library of diskette
highlight operator errors. files.
Terminals
In a minicomputer environment, terminals are grams creates the risk of improper use or ma
generally used for transaction data entry, in nipulation of those files or programs. Also, the
quiry, and other interactive functions. Because individual who is responsible for entering trans
transaction entry usually accounts for the larg actions into the system may also be the indi
est volume of activity, it usually accounts for vidual who is authorized to approve them.
the greatest number of potential errors. In a
minicomputer environment, transactions are Controls. The control of data entered through
frequently entered through on-line terminals a terminal may be established by using soft
and edited as part of the entry process. ware that will allow only certain terminals to be
used for specific transactions and by using a
Risks. Some minicomputer environments may combination of physical access controls, such
lack adequate provisions for ensuring that as key locks and locked rooms. In addition, the
transactions are properly authorized. This may entry of identification or passwords may be re
result in erroneous or fraudulent data. The un quired for an operator to execute specific func
restricted use of terminals can result in weak tions. For example, the terminal located in the
access controls over programs and data files, payroll department could be restricted to pay
and unauthorized access to data files and pro roll transactions only.
6
Controls over on-line entry procedures tion of program and data files. E n c ry p tio n is
may be designed into the system to provide a the process of converting data into uninterpret
means to reduce data entry errors. For exam able representation that can be read only by
ple, in an inventory application, the system use of the algorithm. If this technique is used,
could check to determine that a sales transac the access to the algorithm should be re
tion contains a valid part number, that the stricted to authorized personnel only. In many
sales quantity does not exceed the quantity on systems, passwords are encrypted to prevent
hand, and that the unit of measure is appropri users from accessing the password file and
ate. reading the contents.
Another control technique involves encryp
Software Packages
Companies using minicomputers frequently do Controls. Management may use a third party
not develop application software internally but to review and evaluate proposed software
acquire the software from outside sources. packages before they are implemented.
On the other hand, there may be control
Risks. If management lacks EDP knowledge, advantages in using application software ac
the acquired systems may not be properly re quired from outside sources. In some cases,
viewed and tested to ensure that they meet software vendors do not provide source pro
management and user objectives and that they gram versions, which makes it difficult to mod
have adequate application controls. ify the programs.
Documentation
Available system, program, operation, and user during data entry, processing, and system
documentation may be limited or nonexistent. maintenance.
Summary
The characteristics described in this section transactions. The combination of manual and
have accompanying risks that the auditor EDP application controls for specific applica
should consider in the study and evaluation of tions may be sufficient to achieve control ob
internal accounting controls in organizations jectives and to offset risks associated with
using minicomputers. Many of these risks result weaknesses in general controls. Effective con
from the lack of segregation of functions and trols, appropriately tested, may enable the aud
the inadequate access controls established itor to reduce substantive testing procedures.
within the system. When controls are not in place to reduce the
In the minicomputer environment, as else risks discussed, the auditor would be limited to
where, the auditor reviews the system of inter performing substantive procedures to gain rea
nal accounting controls established by an or sonable assurance that material errors and ir
ganization over the processing of financial regularities are not present.
7
FIGURE 1
CONTROL CONSIDERATIONS IN A MINICOMPUTER ENVIRONMENT
Risks
Perpetration and concealment of errors or irregularities.
Unauthorized changes to master files.
Inaccurate and incomplete processing of data.
Processing errors.
Incomplete or erroneous data.
Uncorrected errors.
Lost, added, or altered data.
Controls
Maintenance of transaction logs and batch controls by user department.
Independent review of processing logs, transaction logs, and batch control information.
Management supervision.
Passwords to control access to files and libraries.
Required vacations and rotation of duties.
Reconciliation of record counts or hash totals.
Use of application programs to make changes in master files.
Independent reconciliation of transaction totals recorded in batch control logs with input and output totals.
Comparison of system manufacturer’s utility program with authorized application version.
Risks
Improper use or manipulation of data files.
Unauthorized use or modification of computer programs.
Improper use of computer resources.
Controls
Menus and procedures to control processing access.
Management review of usage reports (history logs).
Periodic comparison of usage reports with processing schedule.
Physical control over data entry devices.
Controls
Use of a compiler to convert the source code into object code.
Comparison of library directories with manual records.
Comparison of program in use with an authorized version.
Use of interpretive language programs.
Passwords to control access to libraries and files.
Software controls to limit system access capabilities according to employee function.
Test libraries.
Management review of usage reports (history logs).
Systems of transaction logs, batch controls, processing logs, and run-to-run controls.
8
R isks
Failure of systems to meet management objectives or operate according to management specifications.
Lack of adequate application controls.
Inadequate testing and review of systems.
Controls
Operations documentation.
Program documentation.
Systems documentation.
Use of third party to review new and modified programs and systems.
Utility Programs
(Utility programs are used extensively to enter and to change data.)
Risks
Unauthorized access and changes to data.
Undetected errors in file manipulation.
Lack of adequate application controls.
Processing of unauthorized transactions and omitting of authorized transactions.
Perpetration and concealment of errors or irregularities.
Controls
Use of passwords to control access to data files.
Use of application programs to update files.
Independent control over transaction and master file changes, such as item count, control total, and hash totals.
Limited access to utilities.
Removal of utilities from system when practical to do so.
Diskettes
(Diskettes are used extensively for file storage.)
Risks
Processing of the wrong file.
Inability to detect errors in file changes.
Inability to highlight operator errors.
Controls
Control over access to diskettes.
Storage of data in format not readable by key entry devices.
Use of manual logs to control diskette library.
Terminals
(Terminals are used for transaction data entry, inquiry, and other interactive functions.)
Risks
Unauthorized input.
Erroneous or fraudulent data.
Errors caused by improper use or manipulation of data files or computer programs.
Erroneous or incomplete data.
Controls
Use of software that will allow only certain terminals to be used for specific functions.
Use of physical controls to limit access to data files.
Use of passwords to control access to data files.
Encryption of data and programs.
On-line computer edit procedures.
Record counts, batch controls, run-to-run controls, verification.
Error handling control procedure and error logs.
Use of menus and procedures.
Software Packages
(Purchased software packages are used extensively rather than internally developed application software.)
9
R isks
Failure of systems to meet management and user objectives.
Lack of adequate application controls.
Inadequate testing of systems.
Controls
Use of third party to review and evaluate proposed software packages.
Documentation
(Available system program, operation, and user documentation may be limited or nonexistent.)
Risks
Undetected errors during processing and system maintenance.
Controls
User-based controls.
10
Audit Considerations
The preceding section described the internal procedures to be applied in an examination of
accounting controls in a minicomputer environ the financial statements. Planning and conduct
ment. This section describes audit and plan ing the audit in this environment may require
ning considerations contained in SAS 1, C o d if i special skills, and the auditor may find the fol
c a tio n o f A u d it in g S ta n d a rd s a n d P ro c e d u re s , lowing knowledge helpful:
SAS 3, T h e E ffe c ts o f E D P o n th e A u d it o r ’s
• A general understanding of computer sys
S tu d y a n d E v a lu a tio n o f In te rn a l C o n tro l, and
tems including equipment components and
SAS 22, P la n n in g a n d S u p e rv is io n . It also de
scribes substantive audit techniques and pro their capabilities.
vides guidance in selecting computer-assisted • A general understanding of computer oper
audit techniques appropriate to particular cir ating systems and software.
cumstances. • Familiarity with file processing techniques
The use of a minicomputer to process ac and data structures.
counting applications generally affects the • Knowledge of program and systems docu
planning of an audit. SAS 3 states, “When EDP mentation.
is used in significant accounting applications, • Working knowledge of EDP accounting con
the auditor should consider the EDP activity in trols to identify and evaluate the controls in
his study and evaluation of accounting control. the organization’s installation.
This is true whether the use of EDP in account • Familiarity with the process of developing
ing applications is limited or extensive. . . .” and modifying programs.
The auditor’s considerations of internal ac
counting controls may be an important part of • A general understanding of the risks inherent
the examination. The existence of a minicom in using computers to process significant
puter also may have an impact upon the plan financial information.
ning of the nature, timing, and extent of audit
11
Obtaining Knowledge of the Entity
The auditor should understand the nature of financial applications, including the organiza
the business and the accounting system being tion of the EDP function within the entity and
audited, as well as the features of the minicom the nature of the accounting applications being
puter environment.4 The auditor should under processed.
stand the use of the minicomputer in significant
4AICPA, Statement on Auditing Standards 22, Planning and Supervision (New York: 1978).
12
invalid transactions to determine the existence independent activities exist to control these
of edit controls. The auditor should then con processes.
sider the need to determine if these edit con In many minicomputer environments, the
trols were functioning throughout the period un specific processing steps performed by the
der examination. system may be transparent to the user-opera
The flow of transactions through the ac tor. When application software has been ac
counting system includes the procedures for quired from outside sources, it may be neces
authorizing and originating data, controlling in sary for the auditor to obtain additional
put to the system, editing and capturing data information from the supplier to obtain an ade
within the system, and assuring that rejected quate understanding of computer processing
transactions are corrected and re-entered steps. An understanding of the computer proc
promptly. When the auditor finds that a single essing steps and the information retained by
individual has responsibility for all these func the system helps the auditor to design appro
tions, it may be necessary to determine what priate audit procedures.
13
for a minicomputer system, the auditor should ified parameters. Using this type of software, it
consider using it. If it is not available, the audi may be possible to develop the source pro
tor may be able to process minicomputer-gen gram for the minicomputer application at an
erated files on large-scale computers for which other computer installation and then, with some
generalized audit software is available. In eval further changes, to compile and execute the
uating such an approach, the auditor should generated program on the minicomputer. This
consider the following conditions: approach requires more EDP expertise than is
typically needed to use a generalized audit
• Compatibility of the minicomputer's data file software package in its native environment.
media with those of the large-scale com The use of generalized audit software to
puter. process minicomputer data files may be cost-
• Compatibility of the minicomputer’s data rep justified in certain circumstances. If general
resentation with that of the large-scale com ized audit software contains needed special
puter. audit routines not available from other sources,
• Confidentiality of client data. it may be more cost-effective to use the gener
• Cost of using a large-scale computer. alized audit software on another computer than
to perform the task manually or through other
Most minicomputer systems use disks and computer-assisted audit techniques.
diskettes for storing data. Disk files used by
minicomputers are generally not compatible Utility Programs. Utility programs are usually
with the disk units installed on large-scale com available on minicomputers and can be used
puters. Minicomputers may also use fixed for certain audit tasks. The more widely used
disks, which cannot be removed from the sys minicomputers may provide utility programs
tem and taken elsewhere for processing. The with extended capabilities to access data files,
most compatible media between minicompu to perform mathematical and logical opera
ters and large-scale computers are diskettes tions, and to generate output files. While these
and magnetic tape. Facilities may be available utilities do not provide all of the functions that
to convert minicomputer files into media that can be performed by a programming lan
are compatible with large-scale computers. guage, they are less complex and easier to
Data representation compatibility is an use.
other consideration associated with processing The inquiry-language utility programs avail
minicomputer data on a large-scale computer. able on some minicomputers may be used to
D a ta re p r e s e n ta tio n is the data code used to perform audit procedures. Applications include
represent information on computer-sensible accessing a client data file, printing a sample
media. The two most frequently used data rep of records for review and testing, and develop
resentation conventions available on minicom ing control totals. For example, the auditor may
puters, ASCII and EBCDIC, can be read by use a utility program to accumulate totals from
most large-scale computers. The tasks for the an accounts payable file and to print details for
auditor are to identify the minicomputer data audit testing. The auditor may also use a utility
representation convention and to determine its program to print the details of invoices that
compatibility with the computer on which the contain the date of goods received on or near
data are to be processed. the end of the year to assist in reviewing inven
If it is necessary to remove the organiza tory and payable cut-offs.
tion’s information for processing at an outside The use of utility programs in the audit
installation, the confidentiality of the organiza should be carefully coordinated with the client
tion’s information becomes a consideration in to minimize the risk that the auditor might intro
deciding whether to use generalized audit soft duce errors into the data file under review. The
ware. To ensure the confidentiality of the infor control concerns regarding utilities described
mation, the auditor might obtain a confidential in the preceding section also apply to the audi
ity agreement with the outside organization, be tor’s use of them. In this regard, the auditor
present to control the processing, and ensure should consider the application of typical audit
that data generated during processing are de control considerations as described in the
leted upon completion. AICPA audit and accounting guide, C o m p u te r -
The auditor may use certain types of gen A s s is te d A u d it T e c h n iq u e s .
eralized audit software packages known as
source program generator packages that are Specialized Audit Programs. Specialized au
compatible only with large-scale computers to dit programs are written to perform specific
generate programs that can be processed on audit tasks, and they may provide a cost-effec
a minicomputer. Such packages generate cus tive approach for applying certain audit proce
tomized source programs based on user-spec dures in a minicomputer environment. Special
14
ized audit programs require more technical criteria, the auditor can review and verify the
knowledge and documentation effort than gen selection program logic, observe the process
eralized audit software packages. The consid ing of the program, and determine that the
erations for using specialized audit software in master file corresponds to the population being
a minicomputer environment are the same as tested. Another approach would be to deter
in any computer environment. mine the validity of the selection criteria ap
A potentially cost-effective method of ob plied by comparing the confirmation requests
taining specialized audit software is the use of with a listing of the total population that had
existing client programs. Modifying existing been footed and agreed with an account bal
programs can be more cost-effective than in ance.
dependently developing special audit pro
grams. This approach requires the auditor to Other Computer-Assisted Audit Techniques.
verify that the modified program functions as The AICPA audit and accounting guide, C o m
intended and to exercise control over process describes
p u te r - A s s is t e d A u d it T e c h n iq u e s ,
ing before the auditor can rely on the output. other techniques, such as test data, program
This approach can be particularly appro logic review, and timesharing, that can be ap
priate for accounts receivable. An accounts re plicable in a minicomputer environment. The
ceivable system installed on a minicomputer primary factors in evaluating the desirability of
may include the capability of selecting and such techniques are their cost-effectiveness,
generating accounts receivable confirmation the auditor’s proficiency in EDP, and the ef
requests. The system may have the capability fects of weaknesses in internal accounting con
of selecting accounts according to various cri trols. If there are weaknesses in general con
teria, such as by every nth item, by specified trols, such as controls over changes to
account numbers, or by correspondence of a production programs, then certain techniques,
specified number to one digit of the account such as using test data, reviewing program
number. To determine that the confirmation re logic, and employing audit modules, may not
quests correspond to the specified selection yield reliable audit information.
Summary
The use of a minicomputer may affect the na ductivity by using the computer to perform
ture and timing of the audit and may require audit tests.
skills in addition to those necessary in auditing The appendix describes a small business
financial statements from manual systems. computer and identifies the features relevant to
Auditors assigned should be knowledgeable control and audit procedures. Examples of us
about the features and capabilities of minicom ing such features to accomplish audit proce
puters. Participation by knowledgeable individ dures are also presented.
uals in audit planning can improve audit pro
15
Appendix
There are numerous minicomputers and small the auditor should obtain an understanding of
business computers used to process financial the features available on the specific minicom
applications. Although many minicomputer sys puter.
tems have similar features and capabilities, the Some of the material presented was com
IBM System/34 is used to illustrate the con piled from information provided by the IBM
cepts presented in this guideline. This appen Corporation. Because changes in hardware
dix describes the System/34 environment, lists and systems software are continually being
its hardware and software features exclusive of made, the specifications contained herein
application programs, and provides examples might not represent current specifications, and
of the use of a software utility to perform audit no effort has been made to verify the accuracy
tasks. (The aspects of the System/34 relevant or completeness of the information provided by
to internal controls are shaded in gray.) When IBM.
auditing in other minicomputer environments,
A Minicomputer System
The System/34 is a general purpose, small receivable, inventory control, sales analysis,
business system with the capability of using payroll, general ledger, and accounts payable.
several programming languages. The system is To show the capability of the system, the data
used in a variety of industries. For example, in provided below was selected from the records
a small distributing enterprise, the small busi of several "average” System/34 users in hard-
ness system can be used to process applica goods.
tions that perform order entry, billing, accounts
Range
Average Low High
Number of accounts receivable 3,500 1,000 20,000
Inventory item master records 15,000 1,000 40,000
Inventory item balance records (one record per 18,000 1,000 80,000
item per warehouse)
Special or contract prices 3,400 2,000 12,000
Invoices per day 200 80 900
Open orders (including backorders) 800 400 4,000
Vendors 300 150 500
General ledger accounts 300 200 400
Employees 25 10 60
There may be two members of the data and management may often rely on this indi
processing staff in the System/34 environment, vidual to make the daily decisions related to
a programmer/operator and a data entry oper data processing activities.
ator. The major function of the programmer/ Personnel in the user department may not
operator may be to operate the system and to understand EDP concepts either. As a result,
perform maintenance on standard application they rely on the vendor or the in-house pro
packages. The data entry function may also be grammer/operator for assistance in doing their
performed by users through work stations lo jobs. The programmer/operator may not have
cated in their areas. The individual with primary an understanding of accounting and user
responsibility for the system typically may not needs, and this lack of communication may
have had previous EDP experience or training, result in productivity and control problems.
16
Hardware Features of a Minicomputer System
The basic System/34 configuration consists of
The Work Station Controller contains
a processing unit (CPU), memory, Work Station
logic that can be used to detect certain in
Controller, disk storage, and printer. The proc
put errors based upon criteria established in
essing unit, memory, disk storage, and diskette
the application programs. Editing that can
drive are contained in a single enclosure
be performed by the Work Station Controller
known as the system unit. Exhibit F (on page
includes tests for completeness of data, self-
34) is an illustration of a minicomputer configu
checking digit calculation, and alpha
ration.
numeric validation. Other program editing
may be performed by the CPU based upon
Processing Unit. The processing unit provides the design of the application program. When
the logic function and control for memory, an error is detected, further input through
which ranges from 32K to 256K bytes. The the CRT terminal may be inhibited until the
data is represented internally as extended bi condition is corrected.1
nary coded decimal interchange code
(EBCDIC).
CRT terminals, called display or work sta
Whenever the system unit is turned on, tions, are the primary means through which
the system performs a test of the hardware users enter data, make inquiries, and issue
by a program known as the initial program system and control commands.
load (IPL), which includes a sequence of
steps that loads the system programs and Display stations may be equipped with
prepares the system for the execution of a keylock or a magnetic stripe badge reader
jobs. When an application program is exe to control access to the system. Because
cuted, the system continually verifies that the these are optional control features, the audi
hardware and systems software are function tor should not assume they are installed.2
ing. If an error is detected, the processing Three levels of capabilities may be as
unit will alert the user and either issue a signed to a display station during system
request for action or terminate processing. configuration:
The error is then recorded on the diagnostic • System console
log (a reserved area on the disk), which
stores information used for subsequent hard • Command
ware maintenance. The power supply of the • Transaction entry
system unit can prematurely sense a reduc Only one system console display station
tion of voltage and retract the read/write is active at any given time. Other local dis
heads automatically to prevent damage to play stations can be identified as alternates,
data on the disk. but only one becomes active if the system
console malfunctions or is turned off. The
Work Station Controller. The Work Station system console can perform any function (if
Controller is commonly known as the input/ the appropriate ID and password are in
output controller in this system. Up to 16 local serted), and its uses should be restricted.
devices (display stations or printers) are sup A command display station can access
ported by the Work Station Controller in the menus (the list of functions available to the
system unit, and these devices may be located operator) and initiate programs and proce
up to 1500 meters (5000 cable feet) from the dures based on the user ID and password.
system unit. Up to 64 additional devices can However, a command display station cannot
communicate with the system by means of perform system functions, such as library
telecommunications. The polling (interrogation) manipulations or system configuration
of local devices is performed by the Work Sta changes.
tion Controller without CPU interference. Polling A transaction entry display station can
of remotely attached devices is accomplished be used only to enter transaction data. It has
through the binary synchronous communica no command capability or program and pro
tions adaptor and systems support programs. cedure initiation capability. At sign-on time,
1See “ Lack of Segregation of Functions Between the EDP Department and Users” and “Terminals" in this guideline.
2See “ Location of the Computer” in this guideline.
17
user to implement backup procedures, such as
a transaction entry display station is not copying programs or data files on diskettes
available for transaction entry until another and storing them in a secure location, in order
display station with command capability or to prevent loss of programs and data.
instructions in an application program au
thorizes the transaction entry station to enter Diskette Drive. A diskette drive is a standard
data.3 feature of the system unit used both as an
Designation of a work station as a trans alternate means of data input and as a means
action entry display station, along with other for writing information on diskette for off-line
security features, can limit entry of specific storage.
transactions to designated terminals. For ex
ample, a transaction entry display station in
an isolated location, such as a warehouse, Backup of files is performed by diskette
could be restricted to the entry of only ware since the disk is nonremovable. Adequate
house-related transactions. backup procedures should exist to allow re
covery in the event that the data stored on
the disk becomes unusable. Recovery nor
Disk Storage. The system unit contains a fixed mally becomes necessary as a conse
direct access storage device with a capacity quence of errors or loss of data files or pro
from 8.6 to 257.4 million bytes. Since the disk grams.4
is not removable, it will be necessary for the
18
Print spooling is supported by the system S y s te m H is to ry A re a . A history area that
support program in either single or multiple contains all executed OCL statements and
mode. Spooling is the process of recording messages is available on disk. This information
output on disk that is, in turn, printed inde may be retrieved, displayed, printed, or copied
pendently of application program processing. onto diskette for later access. Individual dis
The system operator can start, stop, restart, play station operators can only display or print
cancel, hold, release, display, and change the entries created from their display stations. En
priority of jobs in the print spool. tries in the history area are stamped to indicate
the time of the entries and are labeled by the
Resource security to control access to job identification generated by the system sup
spool files is not available. An operator can port program to assist in determining the se
not directly change the contents of a spool quence of activity in the system.
file. For the jobs they control, operators can
only copy the spool file onto a data file. The system history area contains a re
However, any changes made to this data file cord of all attempts to use an invalid pass
cannot be transferred back onto the spool word and of all system halts and the opera
file; therefore, compensating controls should tor responses to these halts. This information
be developed to prevent unauthorized ac can be used by management to monitor and
cess to information on spool files. control the use of the system.6 History logs
may be examined to reconstruct the com
O p e r a tio n C o n tro l L a n g u a g e . The opera plete sequence of events during a given pe
tion control language (OCL) provides the major riod. This procedure could be useful in de
communication between the user and the sys termining whether the user is complying with
tem. The OCL statements provide the system prescribed operating procedures.
support programs with all the information re When the disk file space reserved for
quired to execute jobs, such as the names and the history area is full, it will begin to write
locations of files to be processed and the pro over itself (wraparound), which will result in
grams to be executed. a loss of history information. The user can
OCL procedures, which are stored in li prevent wraparound by specifying a halt at
braries on disk, are groups of OCL statements system configuration time, which will allow
defined by the user and executed by com the printing of the contents of the history log.
mands entered through the keyboard. The sys Through the system console, the user can
tem support program provides the user with a delete the contents in the history area with
set of pre-existing procedures that allows the out leaving a record of the deletion. There
operator to allocate files, rename files, copy fore, procedures should be developed to
files, build display formats, build job menus, prevent unauthorized deletion.
condense a program library, and perform li M u ltip le U s e r L ib r a r y S u p p o rt. Library
brary maintenance. Certain commands can be structures within the system provide for mul
entered from the system console, some can be tiple user libraries. This feature can be used
entered only from display stations (including to establish program test libraries to provide
the system console when it is being used as a control over the integrity of programs in the
display station), and others can be entered production library.7
from either the system console or a display
station.
S e c u rity . Three types of access controls
are available:
OCL commands permit users to request
a broad range of functions from the system. • Operator ID and password
Controls should exist to prevent unauthorized • Menu
changes in system programs and data, and • Resource
access controls should be maintained at the
library and file level. OCL procedures can pro These security features are optional and
vide a control over the sequence and nature are established during system configuration.
of application program processing.5 Once the system has been configured to pro
vide security support, the supports cannot be
5See “ Lack of Segregation of Functions Between the EDP Department and Users” and “Terminals” in this guideline.
6See “ Lack of Segregation of Functions Between the EDP Department and Users,” “ Location of the Computer,” and “ Lack of
Segregation of Functions Within the EDP Department” in this guideline.
7See “ Lack of Segregation of Functions Within the EDP Department" and “ Utility Programs” in this guideline.
19
changed so long as the password and re
source files exist. The master security officer is console; however, a display station opera
the only authorized individual who can execute tor cannot run the security utility pro
the utility programs that save, restore, or delete grams.
the security files. Password security is an effective control
only if display stations are signed off when
O pe ra to r ID a n d p a s s w o rd —Each oper unattended.
ator who signs on to a display station is M enu —Transactions that are available
prompted for an identifier (ID), and option for execution are identified in a menu dis
ally a password, which is verified by the play.
system support program before the operator A security officer assigns menu restric
is allowed further access to the system. tion based on user ID. When a specific user
An operator is allowed to make an un signs on, the authorized menu will automati
limited number of attempts to sign on the cally appear. The operator may be restricted
system. The attempts are recorded on the to executing only those functions established
system history area, which can provide man in the menu. Menu security is effective only
agement with the information necessary to when password controls are maintained.
R esource —Resource security can be
monitor unauthorized access attempts.
Passwords are stored in the password used to prevent access to files and libraries
security file that contains a profile for each if password security is active. The resource
person who is authorized to use the system. security file contains a record for each pro
Each profile contains a user ID and the 4- tected file and library, the user IDs of the
character password assigned to the user. authorized users of the file or library, and an
The password is not displayed on the access code that identifies the user cate
screen when entered but is encrypted in the gory. Security violations are logged to the
password security disk file. The password system console and recorded in the system
security file contains codes that identify the history area. Resource security is an effec
classifications of users. The list below de tive control only if work stations are signed
scribes the classification and function for off when unattended.
each person authorized to use the system. The level of authority a user has over a
file or library can be limited to any of the
• M aster se cu rity o ffice r (MSO). Assigned following access codes.
during the initial definition of password se
curity. The MSO can define password and • Owner. Can grant file access to others;
magnetic stripe badge security; add, de
rename the file or library; read, display,
lete, or edit profiles of security officers,
and change information in the file or
system operators, and display station op
library; or delete the file or library. The
erators; change its own password and
owner of a file or library can be any oper
badge ID; and act as a system operator
ator who is authorized to sign on to the
or display station operator.
system.
• S ecurity officer. Assigned by the master
• C hange. Can read, display, delete, or
security officer. A security officer can add,
change the contents of the file or library.
delete, or edit profiles of system operators
and display station operators; change its • Read. Can read or display the information
own password and badge ID; and act as in the file or library but cannot change its
a system operator or display station oper contents.
ator, • Execute. (Applies to libraries only.) Can
• System operator. Assigned by the master only execute library contents.
security officer or by a security officer. A Listed below are some questions that
system operator can operate any display relate to the effectiveness of system software
station, including the display station des access controls.
ignated as the system console; however,
a system operator cannot run the security • Has security been established during sys
utility programs. tem configuration?
• D isp la y station operator. Assigned by the • Is a master security officer and an alter
master security officer or by a security nate (in case of sickness or accident) as
officer. A display station operator can op signed? Who are the security officers?
erate any display station except the dis • Are IDs and passwords changed fre
play station designated as the system quently?
20
diskette file permanent so that a warning is
• Are authorized users maintaining the se given if an attempt is made to delete the file.
crecy of their IDs and passwords?
• Are programmers restricted from access Utilities. Utilities are computer programs writ
to all data files? ten and provided by the hardware manufac
• Are system operators and display station turer that enable the user of the system to
operators restricted from changing the perform a variety of functions. The following
contents of all libraries? utilities are provided on the System/34: data file
• Is the menu restriction applied properly, or utility, sort utility, source entry utility, screen
do display station operators have com design aid, work station utility, and patch pro
mand capability? cedure.
• Who has access to the system support D a ta F ile U tility . A data file utility (DFU) is a
program and utilities? utility program that provides the user with the
• Are work stations left unattended while ability to create, maintain, display, query, and
signed on? (Users should be required to print data files.9 The four distinct functions of a
use the off command when leaving a work DFU are the
station.) • Enter function. Used to create indexed or
• Are the system support program diskettes direct access files.
and their backup copies in a secure • Update function. Used to maintain and add
place? Who has access to them? to existing indexed or direct files and to
• Are the backup diskettes containing the maintain existing records in sequential files.
password and resource security files in a • Inquiry function. Used to locate and display
safe place? Who has access to them? a specific record in indexed, sequential, or
• Are terminated employees immediately de direct files.
leted from the security system? • List function. Used to print sorted or
unsorted reports.
In te r a c tiv e C o m m u n ic a tio n F e a tu re . Inter A DFU can select detail records from re
active communication feature is an optional lated master files. It can also select records
component of the system support program that based on a field value of E Q (equal to), N E
allows users on remote System/34s to interact (not equal to), G T (greater than), L T (less than),
with the application programs and the data G E (greater than or equal to), or L E (less than
bases of other intelligent devices. In addition, or equal to) a predefined value. Up to ten ac
application programs in another system can cumulator fields, five control breaks (group to
activate programs on the remote System/34s. tals), and twenty-four result fields are available.
This guideline does not address the distributed A DFU can be used by the auditor to
processing environment. achieve limited but very useful audit proce
B a c k u p . Backup procedures protect dures, such as footing a file, comparing the
against the loss of data files and programs. content of two files, or testing the accuracy of
data. The section of the appendix entitled
The two commands for backup are save and "Using DFU as an Audit Tool” shows how a
restore. The save command transfers disk DFU can be used as a computer-assisted audit
files to diskettes in a condensed format technique.
readable only by the System/34 restore com
mand. (There are other system commands
that will copy files onto diskettes in a stand The existence of a DFU may result in
ard interchange format.) If files are copied in weaknesses in internal control. A DFU is
the standard interchange format, they can easy to use since it does not require pro
be manipulated through the use of data en gramming skills and allows the user to add,
try devices.8 change, or delete records in a file without
leaving an audit trail. Here are some tech
niques for preventing the unauthorized use
Whenever the save command is invoked, a of a DFU.10
retention date is recorded on the diskette. The
• Create a separate library for the DFU and
insertion of all 9s in the date field makes the
8See “ Lack of Segregation of Functions Between the EDP Department and Users” in this guideline.
9See “ Lack of Segregation of Functions Between the EDP Department and Users” in this guideline.
10See “Utility Programs” in this guideline.
21
restrict access to the library through re over production programs and OCL pro
source security. cedure library and data files,
• Remove the enter and update modules • Remove source programs from the system
from the system. Changes to files should except when they are needed for modifi
occur through application programs only. cation.
• Use program test libraries for program de
velopment.
S o rt U tility . The sort program provides se
• Remove the SEU from the system except
lection and sorting capability based on record
when needed to perform authorized func
codes or field contents. The input needed to
process a sort program includes the OCL tions.
statements, sort fields, sequence (ascending or • Maintain object programs in libraries sepa
descending), and the input file name to be rate from source programs.
sorted. The output is the sorted file. The sort • Create a separate library for the SEU and
program has an option to print messages on restrict access to that library through re
the printer or on the display screen. These source security.
messages are issued during the generation
An SEU could be used by the auditor to
phase of the sort program and include
review source code logic and OCL proce
• The number of records in the input file. dures.14 A function of the SEU that could be
• The number of records in the sorted output helpful to the auditor is the scan feature,
file. which allows the user to scan programs or
procedures for a specific string of charac
ters, such as a field name. The system will
These totals may be used as run-to-run display all source statements containing the
controls over the processing of data.11 specified string of characters so the instruc
tions that affect key data fields can be iden
tified and reviewed.
11See “ Lack of Segregation of Functions Between the EDP Department and Users,” “ Lack of Segregation of Functions Within
the EDP Department," and “ Utility Programs” in this guideline.
12See “ Documentation” in this guideline.
13See “ Lack of Segregation of Functions Within the EDP Department” in this guideline.
14See "Documentation" in this guideline.
15See “ Documentation” in this guideline.
16See “ Lack of Segregation of Functions Between the EDP Department and Users” in this guideline.
22
must be assigned relative memory addresses
because its use leaves no evidence.17 How by a program known as the overlay linkage
ever, there are techniques for preventing the editor.
unauthorized use of a patch:
• Remove the patch program from the Because compilers and the linkage edi
system. tor can be used to make unauthorized modi
• Establish the patch procedure in a sepa fications to production programs, access to
rate library and restrict accesses compilers and linkage editors should be
through resource security. controlled.18 To control access
• Remove the compilers and linkage editor
from the system and store in a secure
location.
Compilers and Linkage Editor. Compilers are • Use password and resource security over
programs provided by the manufacturer which libraries.
are used to convert source language state • Restrict access to programs and system
ments into machine-executable form. Before documentation.
they can be executed, the compiled programs
17See “ Lack of Segregation of Functions Between the EDP Department and Users" and “ Lack of Segregation of Functions
Within the EDP Department" in this guideline.
18See “ Lack of Segregation of Functions Within the EDP Department" in this guideline.
23
costs on both files. Exhibit E (on page 33) display station, and the system would provide
shows the report that results. all the necessary screens for generating a DFU
Based upon the availability of information application. The display screens for audit pro
contained in the inventory master file, these cedure one are presented on pages 26-30.
audit procedures could be performed using the Input required from the user is highlighted in a
DFU. box. At the end of the screen displays, a sam
ple report is presented. For the purposes of
Creation of a DFU Application. The user must this document, a small sample of the total in
identify the DFU functions to be used. For ex ventory file is used, and sample reports are
ample, the user would key in “List” on the presented for audit procedures two and three.
24
EXHIBIT A
25
EXHIBIT B
Input the name of the file, the name of the RPG II source member where the input specs are
stored, and the library where they are stored. Specify if the file is to be sorted. Also, if this
application is to be saved for future use, provide the necessary information.
Select the type of report to be generated. Specify the title and spacing required on the report.
26
EXHIBIT B (c o n tin u e d )
The RPG II input source specs from the source program specified on the first screen are
shown. Select the record type to be processed.
Select the fields to be presented on the report in the order they are to be presented. Define
the heading name if different from the field name and specify if the field is to be accumu
lated.
27
EXHIBIT B (c o n tin u e d )
A plus under “Field” indicates a result field and will cause the next screen to be shown.
Describe the result field. In this example, the result is 9 digits in length with 2 decimal places.
The result is quantity on hand times average cost.
28
EXHIBIT B (c o n tin u e d )
Since “Sort” was selected on the first screen, define how the file is to be sorted. In this
example, the file is sorted by item number within class.
On the data field specification screen (see p. 28), the result field—“Total Cost”—is to be
accumulated. Specify here if interim totals are presented. In this example, present totals after
each class.
29
EXHIBIT B (c o n tin u e d )
Select specific records for processing. In this example, process all records in the file.
30
EXHIBIT C
31
EXHIBIT D
32
EXHIBIT E
33
EXHIBIT F
34
M0 47577