Professional Documents
Culture Documents
Big Picture in Focus: ULOb. Explain the risk exposure and internal
structure know the general controls and application controls and the
management of the security of information.
Metalanguage
The terms used for this specific unit learning outcome are already discussed and explained
in the essential knowledge section as part of the discussion. Hence, having separate
presentation will mean redundancy.
Essential Knowledge
To perform the aforesaid big picture (unit learning outcomes), you need to fully understand
the following essential knowledge laid down in the succeeding pages. Please note that you
are not limited to exclusively refer to these resources. Thus, you are expected to utilize other
books, research articles and other resources that are available in the university’s library e.g.
ebrary, search.proquest.com etc., and even online tutorial websites.
CONTROLS
Refer to measures or techniques that prevent, detect, and/or correct conditions that may
lead to loss or damage to the business firm. Some of the reasons why computers can cause
control problems are:
1. Effects or errors may be magnified.
2. Inadequate separation of duties because of decreased manual involvement.
3. Audit trails may be undermined.
4. Human judgment is bypassed.
5. Changes to data and programs may be made by individuals lacking knowledge.
6. More individuals may have access to accounting data.
GENERAL CONTROLS
General controls are measures that ensure that a company’s control environment is stable
and well managed. These controls provide reasonable assurance that development of, and
changes to computer programs are authorized, tested and approved prior uses.
1
Department of Accounting Education
Mabini Street, Tagum City
Davao del Norte
Telefax: (084) 655-9591, Local 116
1. System analysis - The system analyst analyzes the present user environment and
requirements and may (1) recommend specific changes (2) recommend the purchase
of a new system, or (3) design a new information system.
5. Data preparation - Data may be prepared by user departments and input by key to
magnetic disk or magnetic tape.
6. Operations - The operator is responsible for the daily computer operations of both
hardware and software.
7. Data library - The librarian is responsible for custody of the removable media and
for the maintenance of program and system documentation.
8. Data control- The control group act as liaison between users and the processing
center. b) Companies may use separate computer accounts that are assigned to
users on either a group or individual bases. This will also involve the use of
PASSWORDS and CALL-BACK PROCEDURES to restrict access from remote
terminals.
2
Department of Accounting Education
Mabini Street, Tagum City
Davao del Norte
Telefax: (084) 655-9591, Local 116
3. Hardware Controls
a) These involve built-in controls in the computers by the manufacturer which will detect
machine malfunction.
b) Among the most common types of built-in controls are:
1. Parity check
2. Duplicate reading. Two read units to allow read after write and dual read
capabilities.
3. Echo check. Involves transmitting data received back to the source unit for
comparison with original communication. In essence, a feedback loop.
3
Department of Accounting Education
Mabini Street, Tagum City
Davao del Norte
Telefax: (084) 655-9591, Local 116
4. Access to computer and data files controls or controls over access to equipment
and data files
5. Other data and procedural controls including security and disaster controls (Fault-
tolerant systems, backup, and contingency planning)
a) Physical Security
1. Fireproof storage
2. Backup for the vital documents, files and programs
c) Insurance - should also be obtained to compensate the company for losses when they
occur.
APPLICATION CONTROLS
1) Input Controls
a) Attempt to ensure the validity, accuracy and completeness of the data entered into the
system.
Four Categories:
4
Department of Accounting Education
Mabini Street, Tagum City
Davao del Norte
Telefax: (084) 655-9591, Local 116
c. Hash total. A meaningless control total in itself other than for control
e.g. , summation invoice numbers in a batch of sales invoices, used to
determine if data have been lost
f. Self - checking digit. An extra digit is added to a number. The new digit
is computed from the other digits in the number. The program can then
check the input by recomputing and comparing the check digit (used for
account numbers).
5
Department of Accounting Education
Mabini Street, Tagum City
Davao del Norte
Telefax: (084) 655-9591, Local 116
2. Processing Controls
Included in the processing controls are:
a) File labels designed to avert accidental erasure of live data and to ensure that
proper files are used.
• External labels can be read visually and are attached to the exterior of
containers holding the files.
• Internal (header) labels are located as the first record at the beginning of a
file and are machine readable.
c) Sequence tests are generally used to determine that files to be merged are
arranged in the same order, and to detect any numbers missing from batches of
sequentially numbered items.
e) Cross - footing tests are used to check the interrelationships of various totals.
For example, in accounting the ledgers should balance.
f) Exception listings are used when data are rejected for processing.
6
Department of Accounting Education
Mabini Street, Tagum City
Davao del Norte
Telefax: (084) 655-9591, Local 116
h) A record should be logged for each processing run showing the files used , time
consumed , machine halts , operator actions , and other relevant data.
i) Console messages should be written into the source program to alert the
operator to conditions that need attention.
3. Output Controls
These govern the accuracy and reasonableness of the output of data processing and prevent
unauthorized use of output.
Important measures includes:
a) Error log. When an error is discovered , it is entered into a log which must
be updated when the error is corrected , to insure that it is processer once and
only once.
b) Follow - up control totals. Control clerk reconciles totals printed out by the
computer with total computed independently.
d) Audit trail storage. One output from the program should be from
intermediate points to the processing to allow tracing of final output to original
source documents.
h) Provision should be made to see that all output reports are delivered on time
and to authorized destinations.
i) Users should be periodically queried for the continued needs for the output.
7
Department of Accounting Education
Mabini Street, Tagum City
Davao del Norte
Telefax: (084) 655-9591, Local 116
COMPUTER FRAUD
Type of Fraud Explanation Protection/Prevention
1. Input 1. Input documents are 1.a. Data input formats
manipulation improperly altered or revised properly documented and
without authorization (e.g., authorized.
payroll time cards can be
altered to pay overtime ) 1.b.Programs designed to
accept only certain inputs
from designated users ,
locations terminals and / or
times of the day
2. Program 2. Program alteration 2.a.Programmers should
alteration requires programming skills only make changes to
and knowledge of the copies of production
program. The program sources programs and
coding is revised for data files, never to the
fraudulent purposes , e.g. , actual production files.
ignore certain transactions
such as overdrafts against 2.b.Computer operators
the programmers account ; should not have direct
draw checks and have them access to production
sent to a falsely constructed programs or data files.
account ; grant excessive
discounts to certain 2.c. Internal audit or some
specified trade accounts , other independent group
etc. should have copies of the
official programs , or
access to the master
programs , so as to
periodically process actual
data and compare the
output with output obtained
from normal operations.
Any output changes would
be indicative of
unauthorized program
changes.
2.d.Periodic comparisons
of on - line programs to off
8
Department of Accounting Education
Mabini Street, Tagum City
Davao del Norte
Telefax: (084) 655-9591, Local 116
3.d.Computer operators
should not have access to
applications
documentation , except
where needed to perform
their duties , to minimize
their ability to modify
programs and data files
4. Data Theft 4. Data theft can be 4.a.Electronic sensitization
accomplished by data of all library materials for
interception or smuggling detection if unauthorized
out computer data files or removal from the library is
hard copies of reports/files. attempted
With the considerable
amount of information being 4.b.Tapping transmitted
transmitted by long distance data minimized by
lines, the data is vulnerable encrypting sensitive data
to being tapped or transmissions.
intercepted. Magnetic tapes,
minireels, or microcomputer
disks can be smuggled out in
briefcases, employees '
pockets, etc.
9
Department of Accounting Education
Mabini Street, Tagum City
Davao del Norte
Telefax: (084) 655-9591, Local 116
Self-Help: You can also refer to the sources below to help you
further understand the lesson:
Note:
The content of this manual is based on the textbook for MAS 3 titled “Management
Consultancy: Concepts and Application” by Cabrera, Ma. Elenita B.
Let’s Check
Activity 1. True or False. Write “TRUE” if the statement is true otherwise write “FALSE” if
the statements is incorrect.
10
Department of Accounting Education
Mabini Street, Tagum City
Davao del Norte
Telefax: (084) 655-9591, Local 116
Activity 2. Multiple Choice Questions. Encircle the letter that corresponds to your answer.
1. An employee in the receiving department keyed in a shipment from a remote terminal and
inadvertently omitted the purchase order number. The best systems control to detect this
error would be.
a. batch total c. sequence check
b. completeness test d. reasonableness check
2. Some of the more important controls that relate to automated accounting information
systems are validity checks, limit checks, field checks, and sign test. These are classified
as
a. control total validation routines
b. hash totaling
c. data access validation routines
d. input validation routines
3. The use of a header label in conjunction with magnetic tape is most likely to prevent errors
by the
a. Computer operator
b. Keypunch operator
c. Computer programmer
d. Maintenance technician
4. For control purposes, which of the following should be organizationally segregated from
computer operations function?
a. Data conversion
b. Surveillance of CRT messages
c. Systems development
d. Minor maintenance according to a schedule
5. Which one of the following terms best describes a decision support system (DSS)?
a. Management reporting system
b. Formalized system
c. Interactive system
d. Accounting information system
Let’s Analyze
Activity 1. In this activity, you are required once again to elaborate your answer to each of
the questions below.
11
Department of Accounting Education
Mabini Street, Tagum City
Davao del Norte
Telefax: (084) 655-9591, Local 116
3. Enumerate and explain in your own words the components of General controls.
________________________________________________________
________________________________________________________
________________________________________________________
In a Nutshell
In this part you are going to jot down what you have learned in this unit. The said
statement of yours could be in a form of concluding statements, arguments, or perspective
you have drawn from this lesson.
1. ________________________________________________________.
2. ________________________________________________________.
3. ________________________________________________________.
4. ________________________________________________________.
5. ________________________________________________________.
Q&A List
In this section you are going to list what boggles you in this unit. You may indicate your
questions but noting you have to indicate the answers after your question is being raised and
clarified. You can write your questions below.
Questions/Issues Answers
1.
2.
12
Department of Accounting Education
Mabini Street, Tagum City
Davao del Norte
Telefax: (084) 655-9591, Local 116
3.
4.
5.
Keyword Index
• General Control
• Application Control
• Computer Fraud
13