ACCT3600 Lec 7 IT Controls and GAS Flashcards
What are the 2x2 Matrix of IT controls?
Provide a definition, when are they suitable, and examples.
- GENERAL CONTROLS: affects everything, supports the effective functioning of app controls by helping ensure the continued proper operation of info systems (e.g. password for MyUni)
- APPLICATION CONTROLS: apply to the processing of individual apps like payroll, AR, and inventory systems. (e.g. Phone’s specific app settings).
A. AUTOMATED CONTROLS: suitable for high volume, recurring transactions, where errors can be predicted.
B. MANUAL CONTROLS: suitable where judgement is required, transactions are large / unusual / non-recurring, and errors are difficult to predict.
What are the 3 types of General IT Controls?
- SEGREGATION OF DUTIES: don’t want accountants who enter data to also know the IT system code.
- CONTROL OVER PROGRAM: to ensure that it is known which programs are running on the system and exactly what they do. (e.g. appropriate authorization, documentation, and approval when changes to programs. Computer security through passwords, locked doors, antivirus, firewall, auto-terminal shutdown.)
- CONTROL OVER DATA: to ensure that only allowed changes can be made to data, data not lost / can’t be stolen, consistent and free from error. (e.g. restrict access to authorized users, physical locks, passwords, backup controls, audit trails).
What is an AUDIT TRAIL
a system that chronologically traces the detailed transactions relating to any item in an accounting record.
“with no satisfactory audit trail, not all overpayments had been identified”
What are the 7 types of Manual IT Controls?
- Segregation of duties
- Authorization
- Training
- Supervision
- Documented Procedures
- Reviewing and Reporting
- Physical Security`
What are the 4 areas of IT Application Controls?
- Input
- File
- Processing
- Output
Why are INPUT CONTROLS designed?
- To correct or prevent errors before they enter the system.
- Poor inputs are a major source of error (e.g. missing info, info entered multiple times, incorrect data).
What are the 5 types of AUTOMATED INPUT CONTROLS?
- FIELD CHECKS: (a) input form only accepted if all required fields filled. (b) only accepted if data in correct format.
- VALID CODE TEST: (a) input compared to table of valid codes stored online (e.g. list of debtors). (b) dropdown list.
- LIMIT / RANGE CHECK: If figure falls outside specified range, computer may require user confirmation, authorization from supervisor, completely reject input.
- SELF-CHECKING DIGIT: formula applied to digits to determine if number is valid without access to a list of all valid numbers.
- AUTOFILL / PREPOPULATE: minimizes repetitive data input, reduces chances of error.
What are FILE CONTROLS?
Ensures that proper versions of files are used in processing.
Internal and external labels
What are PROCESSING CONTROLS?
Detecting errors in data that may occur during processing.
e.g. checking numerical sequence of records, run-to-run control totals (i.e. beginning balance AR + sales invoices (processing run 1) – cheques received (processing run 2) should = closing balance AR).
What are OUTPUT CONTROLS?
Ensure complete and accurate output distributed only to authorised persons.
e.g. restricted authorisation, page number, automatic dating, end-of-report indicators , review of exception reports.
Why does testing in differ between computerised and manual systems?
- Nature of errors differs
- There are specific general and application controls that only occur in IT systems that require specific types of test of controls.
How does the nature of errors differ between computerised and manual systems?
Computerised: (a) few errors as controls usually stronger, (b) errors come in groups caused by specific control weaknesses, (c) errors less common in routine transactions.
