Chapter 7 Flashcards
Nature of Computers
- fast
- do not think the way humans do
- do not get tired but succumbs to technical problems
- follows the dictum: “do it right the first time, do it right all the time.”
Three broad classes of application controls
- Input Controls
- Processing Controls
- Output Controls
Designed to ensure that the transactions that bring data into the system are valid, accurate, and complete
Input controls
Data input procedures can be:
- Source document triggered (batch)
- Direct input (real-time)
Classes of input controls:
- Source document controls
- Data coding controls
- Batch controls
- Validation controls
- Input error correction
- Generalized data input systems
Five CAATTs approaches used for testing application logic:
- Test data method
- Base care system evaluation
- Tracing
- Integrated test facility
- Parallel simulation
Source document input requires human involvement and is prone to clerical errors.
True
Direct input employs real-time editing techniques to identify and correct errors immediately.
True
Controls in systems that are using physical source documents.
Source document controls
Control procedures over source documents:
- Use pre-numbered source documents
- Use source documents in sequence
- Periodically audit source documents
Checks on the integrity of data codes used in processing.
Data Coding Controls
Three types of processing errors:
- Transcription errors
- Single transposition errors
- Multiple transposition errors
Three classes of transcription errors:
- Addition errors
- Truncation errors
- Substitution errors
Occurs when an extra digit or character is added to the code.
Addition errors
Occurs when a digit or character is removed from the end of a code.
Truncation errors
The replacement of one digit in a code with another.
Substitution errors
Occurs when two adjacent digits are reversed.
Single transposition errors
Occurs when non-adjacent digits are transposed.
Multiple transposition errors
Data coding controls:
Check digits
A control digit added to the code when it is originally assigned that allows the integrity of the code to be established during subsequent processing. (suffix, prefix, embedded)
Check digits
Check-digit techniques:
- Sum of digits
- Modulus 11
The steps in modulus 11:
- Assign weights
- Sum the products
- Divide by the modulus
- Subtract the remainder from the modulus to obtain the check digit.
- Add the check digit to the original code to yield the new code.
An effective method of managing high volumes of transaction data through a system, especially paper-fed information system.
Batch controls
Batch controls provide assurance that:
- All records in the batch are processed.
- No records are processed more than once.
- An audit trail of transactions is created from input through processing to the output stage of the system.
Two documents used to accomplish batch control objectives:
- Batch transmittal sheet
- Batch control log
The batch transmittal sheet captures relevant information such as:
- A unique batch number
- A batch date
- A transaction code
- The number of records in the batch
- The total dollar value of a financial field (batch control total)
- The total of a unique non-financial field (hash total)
Refers to a simple control technique that uses non-financial data to keep track of the records in a batch.
Hash total
Are intended to detect errors in transaction data before the data are processed.
Validation controls
Three levels of input validation controls
- Field interrogation
- Record interrogation
- File interrogation
Types of files in a computer-based systems:
- Master file
- Transaction file
- Reference file
- Archive file
Audit trails in computer-based systems are less observable than in a traditional manual system.
True
Generally contains account data.
Master file
A temporary file of transaction records used to change or update data in a master file. Examples are sales orders, inventory receipts, and cash receipts.
Transaction file
Stores data that are used as standards for processing transactions.
Reference file
Contains records of past transactions that are retained for future reference.
Archive file
Examples of transaction files
- Sales orders
- Inventory receipts
- Cash receipts
Examples of reference file
- price list used for preparing customer invoices
- list of authorized suppliers
- employee rosters
- customer credit files for approving credit sales
Hierarchy of data
- Field (name, year level)
- Record (for every student)
- File (all bsa students)
- Database (all HNU students)
Involves programmed procedures that examine the characteristics of the data in the field.
Field interrogation
Common types of field interrogation:
- Missing data checks
- Numeric-alphabet data checks
- Zero value checks
- Limit checks
- Range checks
- Validity checks
- Check digit
Used to examine the contents of a field for the presence of blank spaces.
Missing data checks
Determine whether the correct form of data is in a field.
Numeric-alphabet data checks
Are used to verify that certain fields are filled with zeros.
Zero-value checks
Determine if the value in the field exceeds an authorized limit.
Limit checks
Assign upper and lower limits to acceptable data values.
Range checks
Compare actual values in a field against known acceptable values.
Validity checks
Identify keystroke errors in key fields by testing the internal validity of the code.
Check digit
Procedures which validate the entire record by examining the interrelationship of its field values.
Record interrogation
Determine if a value in one field, which has already passed a limit check and arrange check, is reasonable when considered along with other data fields in the record.
Reasonableness checks
Are tests to see if the sign of a field is correct for the type of record being processed.
Sign checks
Are used to determine if a record is out of order.
Sequence checks
To ensure that the correct file is being processed by the system.
File interrogation
Verify that the file processed is the one the program is actually calling for.
Internal label checks
Are used to verify that the version of the file being processed is correct.
Version checks
Prevents a file from being deleted before it expires.
Expiration date check
What consists the label part of the Header Label on Magnetic Tape
- Tape serial number
- File name
- Expiration date
- Control totals
- Number of records
When errors are detected in a batch they must be corrected and the records resubmitted for reprocessing.
Input error correction
Three common error handling techniques:
- Correct immediately.
- Create an error file.
- Reject the entire batch.
Some forms of errors are associated with the entire batch and are not clearly attributable to individual records.
Reject the batch.
Upon detecting a keystroke error or an illogical relationship, the system should halt the data procedure until the user corrects the error.
Correct immediately.
At the end of the validation procedure, the records flagged as errors are removed from the batch and placed in a temporary error holding file until the errors can be investigated.
Create an error file.
Includes centralized procedures to manage the data input for all of the organization’s transaction processing systems.
Generalized Data Input Systems
It eliminates the need to recreate redundant routines for each new application.
GDIS
Advantages of the Generalized Data Input Systems
- Improves control by having one common system perform all data validation.
- Ensures that each AIS application applies a consistent standard for data validation.
- Improves systems development efficiency.
It is where the input data that are validated by the generalized validation module are stored.
Validated data file
Performs standard validation routines that are common to many different applications.
Generalized validation module
Plays the same role as a traditional error file.
Error file
Distributed to users to facilitate error correction.
Error reports
A permanent record of all validated transactions.
Transaction log
Three categories of processing controls:
- Run-to-run controls
- Operator intervention controls
- Audit trail controls
Uses batch figures to monitor the batch as it moves from one program procedure to another.
Run-to-run controls
Specific uses of run to run controls:
- Recalculate control totals.
- Check transaction codes.
- Sequence checks
This happens when operator manually enters controls into the system
Operator Intervention Controls
Examples of operator intervention controls:
- Entering control totals for a batch
- Providing parameter values
- Activating a program
Systems that limit operator intervention through operator intervention controls are thus less prone to processing errors.
True
To reduce error parameter values and programs start points be derived logically and look-up tables be provided by system.
True
Makes sure that every transaction becomes traceable from input to output.
Audit Trail Controls
Examples of techniques used to preserve audit trails in computer based accounting systems:
- Transaction logs
- Log of automatic transactions
- Listing of automatic transactions
- Unique transaction identifiers
- Error listing
Ensures that system output is not lost, misdirected, or corrupted, and that privacy is not violated.
Output controls
Output controls ensure that system output is:
- not misplaced or lost
- not misdirected
- not corrupted
- and privacy is not violated
Output controls:
- Output spooling
- Print programs
- Bursting
- Waste
- Data control
- Report distribution
- End user controls
Two general approaches in testing computer application controls:
- Black box (around the computer) approach
- White box (through the computer) approach
Common types of test of controls in the white box approach includes:
- Authenticity tests
- Accuracy tests
- Completeness tests
- Redundancy tests
- Access tests
- Audit trail tests
- Rounding error tests
Used to establish application integrity by processing specially prepared sets of input data through production applications that are under review.
The test data method
When the set of test data in use is comprehensive.
Base case system evaluation
Performs an electronic walk-through of the application’s internal logic.
Tracing
The three steps of the tracing procedure:
- The application under review must undergo a special compilation to activate the trace option.
- Specific transactions are types of transactions are created as test data.
- The test data transactions are traced through all processing stages of the program and a listing is produced of all program instructions that were executed during the test.
Three primary advantages of test data techniques:
- They employ through-the-computer testing, thus providing the auditor with explicit evidence concerning application functions.
- If properly planned test data runs can be employed with only minimal disruption to the organization’s operations.
- They require only minimal computer expertise on the part of auditors.
Disadvantages of test data techniques:
- Auditors must rely on computer services personnel to obtain a copy of the application for test purposes.
- They provide a static picture of application integrity at a single point in time.
- Their relatively high cost of implementation, which results in audit inefficiency.
An automated technique that enables the auditor to test an application’s logic and controls during its normal operation.
The integrated test facility
Advantages of integrated test facility:
- It supports ongoing monitoring of controls as required by SAS 78.
- Applications with ITF can be economically tested without disrupting the user’s operations and without the intervention of computer services personnel.
Disadvantage of integrated test facility
The potential for corrupting the data files of the organization with test data.
Steps to remedy the disadvantage of ITF:
- Adjusting entries may be processed to remove the effects of ITF from general ledger account balances.
- Data files can be scanned by special software that remove the ITF transactions.
Requires the auditor to write a program that simulates key features or processes of the application under review.
Parallel simulation
Five major components of GDIS:
Generalized validation module
Validated data file
Error file
Error reports
Transaction log
