Page 143 - DCOM204_AUDITING_THEORY
P. 143
Unit 8: Auditing in an EDP Environment
Modified internal control base: In CIS environment since most of the processes are automated, Notes
the probability of occurrence of error substantially increases. Moreover, the risk of fraud is
higher in CIS environment, as it is less-easily identifiable. Thus, there is a shift in internal
control base in CIS environment as compared to traditional manual system. Following are two
main categories of internal control required in CIS environment:
Table 8.3 : EDP Structure
A. General EDP Controls: B. EDP Application Controls:
Overall controls over EDP environment. Specific controls over specific applications
1. Organizational & Management Controls: 1. Control Over Inputs: These controls are
These controls are designed to establish an drawn to assure that:
organization wide frame-work for CIS a. Transactions are properly authorized
activities. It includes: before being processed by the
a. Designing appropriate control policies computer.
& procedure; b. There are adequate checks installed in
b. Properly segregating duties among the input form to assure the
various individuals. correctness of data entered by the
2. System Software Controls: These controls users.
are meant to provide assurance that system c. Incorrect transactions are rejected,
software is acquired or developed in an corrected and if necessary,
authorized manner. It includes: resubmitted on a timely basis.
a. Authorization, approval, testing, 2. Control Over Processing & data files:
implementation and documentation of These controls ensure that:
new system software and system a. Transactions are properly processed
software modification; by the computer.
b. Restriction of access to system software b. Transactions are not lost, added
and documentation to authorized duplicated or improperly changed.
personnel. c. Processing errors are identified and
3. Application System Development & corrected on a timely basis.
Maintenance Controls: These control are 3. Control Over Output: They assure that:
designed to provide assurance that systems a. Results of processing are complete,
are developed and maintained in an accurate and through ride media.
authorized and efficient manner and also to
b. Outputs so generated, satisfy the
establish control over:
requirement of the user.
a. testing, conversion, implementation c. Access to output is restricted to
and documentation of new revised authorized personnel
system;
b. changes made to application system;
c. access to system documentation;
d. Acquisition of application system from
third parties.
4. Computer Operation Controls: These help
in controlling the operations of the
computer system. They assure that:
a. The systems are used for authorized
purposes only.
b. Access to computer operation is
restricted to authorized personnel.
c. Only authorized programs are to be
used.
d. Processing errors are detected and
corrected on timely basis.
5. Data Entry & Program Controls: These
assures that:
a. Access to data and program is restricted
to authorized personnel.
b. An authorization structure is
established over transaction being
entered into the system
LOVELY PROFESSIONAL UNIVERSITY 137
