Scribd Logo
Upload

Welcome to Scribd!

  • Audcis Genapp Controls

    Uploaded by

    samantha
    3 views2 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    3 views2 pages

    Audcis Genapp Controls

    Uploaded by

    samantha

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    STANDARDS INTERNAL CONTROLS

    PHILIPPINE STANDARDS ON AUDITING (PSA) GENERAL CONTROLS


    PSA 400 Risk Assessments and Internal Control
    PSA 401 Auditing in a CIS Environment Systems Development and Maintenance Controls
    PSA 402 Audit Considerations - provide reasonable assurance that systems
    PSA 405 External Confirmations are developed or acquired, implemented
    and maintained in an authorized and
    INTERNATIONAL STANDARDS ON AUDITING (ISA) efficient manner.
    ISA 401 CIS Environment
    a. Project initiation, requirements definition,
    PHILIPPINE AUDITING PRACTICE STATEMENTS (PAPS) systems design, testing, data conversion, go-live
    PAPS 1001 Stand-Alone Personal Computers decision, migration to production environment,
    PAPS 1002 On-Line Computer Systems documentation of new or revised systems, and
    PAPS 1003 Database Systems user training
    PAPS 1009 Computer-Aided Audit Tools (CAATs) b. Acquisition and implementation of off-the-shelf
    PAPS 1013 Electronic Commerce (E-Commerce) packages
    c. Request for changes to the existing systems
    d. Acquisition, implementation, and maintenance
    of system software

    INTERNAL CONTROLS INTERNAL CONTROLS

    GENERAL CONTROLS GENERAL CONTROLS


    - not application-specific but, rather, apply to
    all systems Delivery and Support Controls
    - IT governance, IT infrastructure, security and - control the delivery of CIS services
    access to operating systems and databases,
    application acquisition and development, a. Establishment of service level agreements against
    and program changes which CIS services are measured
    b. Performance and capacity management controls
    Organization and Management Controls c. Disaster recovery/contingency planning, training,
    - define the strategic direction and establish and file backup
    an organizational framework d. Computer operations controls
    e. Systems security
    a. Strategic information technology plan f. Physical and environment controls
    b. CIS policies and procedures
    c. Segregation of incompatible functions Monitoring Controls
    d. Monitoring of CIS activities performed by third - ensure that CIS controls are working
    party consultants effectively as planned

    a. Monitoring of key CIS performance indicators


    b. Internal external CIS audits
    INTERNAL CONTROLS

    APPLICATION CONTROLS
    - Associated with specific applications:
    payroll, purchases, and cash disbursements
    systems.

    Input Controls
    - programmed procedures (routines) that
    perform tests on transaction data to ensure
    that they are free from errors

    a. Limit Check (Reasonableness Check) - identify


    field values that exceed an authorized limit.
    b. Validity Check - compares actual field values
    against known acceptable values.
    c. Format Check - Characteristics of the contents
    (letter/digit), length, and sign of individual data
    fields are checked by the system.
    d. Field Check- limits the field with required input.
    e. Check Digit - check digit (extra reference number)
    follows an identification code and bears a
    mathematical relationship to the other digits. INTERNAL CONTROLS

    APPLICATION CONTROLS

    Processing Controls
    - establish the completeness and accuracy of
    data during updating.

    a. Run Control Totals (Sum Checks) - Reconcile the


    INTERNAL CONTROLS
    input control totals with the totals of items that
    have updated the file.
    APPLICATION CONTROLS
    b. Computer Matching (Data Matching) - matches
    the input data with information held on master or
    Output Controls
    suspense files, with unmatched items noted for
    - combination of programmed routines and
    investigation.
    other procedures to ensure that system
    c. Batch Controls - manage the flow of high volumes
    output is not lost, misdirected, or corrupted
    of transactions through batch processing
    and that privacy is not violated.
    systems. Objective: reconcile system output with
    - ensure that the results of computer
    the input originally entered into the system.
    processing are accurate, complete, and
    1. All records in the batch are processed.
    properly distributed.
    2. No records are processed more than
    once.
    a. Reviews of the computer processing logs to
    3. An audit trail of transactions is created
    determine that all of the correct computer jobs
    were executed properly for processing
    b. Audits of output reports to make sure that
    totals, formats, and critical details are correct
    and reconcilable with input
    c. Formal procedures and documentation
    specifying authorized recipients of output
    reports, checks, or other critical documents

    You might also like