Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.


Effect of Computer in Internal Control

No description

Aaron Joy Putian

on 3 September 2015

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Effect of Computer in Internal Control

Internal Control
1. Segregation of duties
2. Delegation of authority and responsibility
3. Competent and trustworthy personnel
4. Adequate documents and records
5. Physical control over assets and records
6. Adequate maintenance supervision
7. Independent checks on performance
8. Comparing recorded accountability with assets

Major Components of Internal Control System
General CIS controls
Internal Control in a Database Environment (PAPS 1003)
Guidelines that would be helpful on
Information System Audit
Philippine Auditing Practice Standards (PAPS)
Effect of Computer in Internal Control
CIS environment in which personal computers are used is less structured than a centrally-controlled CIS environment
Internal Control on Personal computer environment (PAPS 1001)
Internal Control in an On-line computer System (PAPS 1002)
General CIS controls on on-line procession
maintaining the integrity of control procedures in the quickly changing e-commerce environment

ensuring access to relevant records for the entity's need and for audit purposes
Internal Control in E-commerce Envoronment (PAPS 1013)
financial statement assertions are valid

computer fraud harder to accomplish and easier to detect
Achieve objectives of Information system audit
Asset safeguarding
Data integrity
System effectiveness
System efficiency
Segregation of duties
Delegation of authority
and responsibility
Competent and Trustworthy personnel
Adequate documents and records
Physical control over assets and records
Adequate maintenance supervision
Independent checks on performance
Comparing recorded accountability with assets
1. Internal Control on Personal computer environment (PAPS 1001)

2. Internal Control in an On-line computer System (PAPS 1002)

3. Internal Control in a Database Environment (PAPS 1003)

4. Internal Control in E-commerce Envoronment (PAPS 1013)
Effects of Computer in Auditing
Changes to evidence collection
Change to evidence evaluation
computer systems have affected how auditors carry out their 2 Functions

1.Evidence Collection
2. Evidence Evaluation
external parties are able to access entity's information system using public network

1. Effective use of firewalls and virus protection software
2. Effective use of encryption
3. Controls over the development and implementation of systems used to support E-commerce activities
4.Whether security controls in place continue to be effective as technologies improved
5. Whether control environment support the control procedures implemented
Management authorization for operating personal computers
prescribing and enforcing policies for their control and use
Management policy statement may include
1. Management responsibilities
2. Instructions on PC use
3. Training requirements
4. Authorization for access to programs and data
5. policies to prevent unauthorized copying of programs and data
6. security, back-up and storage requirements
7. application development and documentation standards
8. standards of report format and report distribution controls
9. personal usage policies
10. data integrity standards
11. responsibility for programs, data and error correction
12. appropriate segregation of duties

Physical security - equipment
restrict access to personal computers when not in use
1. Locking the microcomputer in a protective cabinet or shell

2. Using alarm system
Physical security - removable and non-removable media
Removable storage media
placing responsibility for such media under personnel whose responsibilities include duties of software custodians or librarians

Non-removable storage media
locking devices
Program and data security
risk that programs may be altered without authorization
1. Segregating data into files organized under separate file directories
2. using hidden files and secret file names
3. employing passwords
4. using cryptography
5. using antivirus software programs
more complex
there are some control that is not present on manual system
continuing education
auditors must be able to trace the consequences of an error in the transaction input for all users
providing definite
a. lines of authority and responsibility
b. segregation of functions
c. clear definition of duties for each employees in the department
prevent inappropriate access of personnel to equipment, programs, and data files
computer system
documents might not be used to support the initiation, execution and recording of some transactions

systems are designed to maintain record of all events and record can be easily accessed

auditors must understand the operational principles of DBMs in use and effects on accounting records and audit trails of alternative file structures
Computer system personnel plays a vital role in operation, the personnel should be competent enough and trustworthy to execute correctly operations in CIS environment.
a clear line of authority and responsibility is essential.
ensure that only authorized personnel have access to the firm's assets
in computer system, all necessary records are maintained in the computer.
only authorized personnel should have access to the computer
must be password protected and must have back-up of the files
supervision must be more elaborate in IT environment
1. It is difficult for management to assess the competence of prospective employees

2. Management's concern over the trustworthiness of data processing personnel in high-risk areas

3. Managements inability to adequately observe employees in an IT environment
supervisory controls must be designed into the computer system to compensate lack of direct supervision
help detect any errors or irregularities
if the program code in a computer system is authorized, accurate, and complete, the system will always follow the designated procedures
*auditors must now evaluate the controls established for program development, modification, operation and maintenance
1. Performance of individuals
2. Integrity of the transaction processing system
3. Correctness of data contained in accounting records
determine whether:
a. Incompleteness or inaccuracies in the data exist

b. shortages or excess in the assets occurred
software is used to prepare records
Software and Data integrity
may ensure that processed information is free of errors and that software is not susceptible of unauthorized manipulation
Hardware, Software and data back-up
it is particularly important to establish back-up procedures for users to perform on a regular basis
usually, purchased softwares have back-up copy or back-up features.
General CIS Controls - segregation of duties
in a personal computer environment, it is common for users to be able to perform two or more of the following functions in the accounting system:
1. Initiating and authorizing documents
2. Entering data into the system
3. Operating the computer
4. Changing programs and files
5, Using or distributing output
6. modifying the operating systems


allow errors go undetected
permit perpetration and concealment of fraud
CIS Application Controls
system of transaction logs and batch balancing
direct supervision
reconciliation of record counts or hash totals
Access controls
Controls over user IDs and passwords
System development and maintenance
Programming Controls
Transaction logs
Use of anti-virus program
CIS application controls
pre-processing authorization
edit, reasonableness, and other validation tests
cut-off procedures
file controls
master file controls
rejected data
*prevent data alteration and lost of data
*Difficult in computer system since some resources are shared among multiple users
*Designating a single user as the owner of the data (assumes ultimate responsibility for data integrity)
Independent verification procedures, management can assess
"Internal controls must be implemented to ensure accuracy of program code"
*it is appropriate to keep current copies of Diskettes,CDs or back-up tapes and hard disks in a fireproof container, on-site, off-site or both.
Data Integrity - Format and range checks and cross check of results
Software - review of purchased software
a. Appropriate error checking and error trapping facilities
Effects of On-line computer system on the accounting system and related internal controls
Reduce risk of fraud or error in On-line systems

1. On-line data entry performed at or near the point where transactions originate (LESS RISK OF UNRECORDED TRANSACTIONS)
2. Invalid transactions are corrected and re-entered immediately
3. Data entry is performed on-line by individuals who understand the nature of the transactions involved (LESS PRONE TO ERRORS)
4. Transactions are processed immediately on-line (LESS RISK THAT THEY WILL BE PROCESSED AT WRONG ACCOUNTING PERIOD)

Risk of fraud or error may be increased through:

1. Workstations located throughout the entity (Unauthorized access opportunity)
a. modification of previously recorded transactions or balances
b. modification of computer programs
c. access to data and programs from remote locations

2. If on-line processing is interrupted for any reason (Chance of lost of data)

On-line computer systems
may not be source documents for every input transactions
results of processing may be highly summarized
may not be designated to provide printed reports
Standard approach for development and maintenance of application program
Data ownership
Access to database
Segregation of Duties
Effect of Databases on the Accounting system and related internal controls
Database systems
reduce risk of fraud or error where database are used
factors, combined with adequate controls, contribute to this improved reliability of data

a. Improved consistency of data is achieved
b. Integrity of data will be improved
c. other functions available with the DBMS can facilitate control and audit procedures.
Transaction Integrity
1. validate input

2. prevent duplication or omission of transactions

3. ensure terms of trade have been agreed before an order is processed

4. Distinguish between customer browsing and orders placed

5. Prevent incomplete processing by ensuring all steps are completed and recorded

6. Ensure proper distribution of transaction details across multiple systems in a network

7. Ensure records are properly retained, backed-up and secured.

Process Alignment
way various IT systems are integrated with one another and thus operate, in effect, as one system
it is important that transactions generated from an entity's web site are
processed properly by the entity's internal systems

the way e-commerce transactions are captured and transferred to the entity's accounting system may affect such matters as:

1. Completeness and accuracy of transaction processing and information storage

2. Timing of the recognition of sales revenues, purchases and other transactions
Full transcript