Week 5 - System Work Flashcards
Walkthrough tests
Cradle to grave
Walkthroughs arw audits of accounting systems that gauge reliability
Cradle to grave - start to finish
Controls are designed to
Prevent
Detect or
Correct
Prevention
Locks, access controls, training
Detection
Incorrect debtor number
Correction
Back ups
Internal controls
Financial reporting
Effectiveness and efficiency of operations
Compliance with laws and regs
5 components of Internal controls (IC)
Control environment Risk assessment process Information system Control activities Monitoring
Control environment
Enforcement to integrity and ethical values Commitment to competence = right skils Active governors/NEDs Management approach to risks/style HR policies and practices
Risk assessment process
All about reducing risks to acceptable level Health of employees Privacy of personal info Losses from computer abuse - hacking Management of change
Info system
Relevant and timely info
Financial and non-financial
Communication
Control activities
Authorisation
General and application controls
Segregation of duties
Monitoring
Assess current perfromance of controls
Relevance over time
Who is responsible?
Accounting control systems
Major classes of transactions
How transactions are initiated
Significant accounting records
The accounting and financial reporting process
2 broad control classifications
General controls over the environment in which the company operates
Application controls - ensure an individual application runs smoothly and accurately
General controls
Systems development/maintenance controls
Organisational controls
Security
Quality assurance
Systems development
If systems develop/maintenance controls are strong, it is easier to control individual applications
The info should be maintained, allowing transactions to be traced forward&backward through the system
Organisational control
Organisation charts
Segregation of duties
Authorisation and approval
Supervision controls
Segregation of duties
Authorisation of transactions
Execution of transactions
Custody of assets
Recording of transactions and assets
Security - physical
Fire damage/water damage
Power failure
Pollution
Intrusion by unathorised personnel
Security - info/data
Restriction of access to data
Information/audit trails
File and program libraries
Holding data and program in secure places outside of the computer complex
Use if three generations of backups or file dumping systems
Quality assurance
Independent of other functions
Existence provides some reassurance
E.g. internal audit department
More and more towards software
Application controls
Data collected is genuine, accurate and complete
Data accepted is processed so it remains ^
Data stored temp/permanently is ^
Ouput data/info is ^
Data controls incl:
Data capture/input contros Processing controls Output controls Database controls E-commerce controls
Data capture controls - boundary
Cryptographic control Plastic cards Personal identificatiin numbers - pins Digital signatures - encrypted Firewalls
Cryptographic controls
The study of secure communications techniques that allow only the sender and intended recipient of a message to view its contents
Data capture controls - audit trails
First records of the info/audit trail are st the boundary where identify and authenticity of the user is first recorded
Data capture controls - audit trail
Records include
Data to which access is requested Actions users wish to take Terminal at which access is sought Records of access decision No. Of sign-on attempts and Time of start/finish
Input controls
Design of source documentation Design of product Use if check-digits Sequence checking Limit/reasonableness tests One-for-one checking for criticsl data items Batch control
Processing controls
Run-to-run controls to ensure continuity Labels - internal&external Madter file data must be genuine Programs tested regularly Continual sequence and accuracy checks Back ups
Output controls
Outputs distributed to the correct users - confidential information
Needs to be genuine, accurate and complete - depends on access and processing controls
Exception reporting
Review for errors
Database
Collection of data thst is shared&used by a number of diff applications for diff purposes
Issues:
loss of control over data by data preparaton personnel
After-the-event authorisation
Power of database administrator
Audit trial is particularly important
Auditor approach systems & controls
6 stages
1 Receipt of order
2 Authorisation of order
3 Despatch of gds and entry in stock records
4 Invoicing of goods despatched and entry in sales record
5 entry in debtors ledger/bank revords
6 entry in genersl or nominal records
Adv of flowcharts
Enable understanding of systems by auditors and client staff
Force the auditor to understand how the company controls operations
Pinpoint unnecessary procedures/docs
Disadv of flowcharts
Time-consuming & difficult to alter
Narrative descriptions may be more appropriate
Considerable use of symbols - hard to understand
