Control Activities I - PowerPoint PPT Presentation

About This Presentation
Title:

Control Activities I

Description:

... the AIS and its operations, such as program flowcharts and organizational charts ... Keeping blank forms under lock and key. Online computer systems offer ... – PowerPoint PPT presentation

Number of Views:63
Avg rating:3.0/5.0
Slides: 41
Provided by: RIO97
Category:

less

Transcript and Presenter's Notes

Title: Control Activities I


1
?????????????????????????????????????
2
Control Activities - I
  • Control Activities as related to Financial
    Reporting may be classified according to their
    intended uses in a system
  • Preventive Controls block adverse events, such as
    errors or losses, from occurring
  • Detective Controls discover the occurrence of
    adverse events such as operational inefficiency
  • Corrective controls are designed to remedy
    problems discovered through detective controls
  • Security Measures are intended to provide
    adequate safeguards over access to and use of
    assets and data records

3
Control Activities - II
  • Control Activities relating to Information
    Processing may also be classified according to
    where they will be applied within the system
  • General controls are those controls that pertain
    to all activities involving a firms AIS and
    assets
  • Application controls relate to specific
    accounting tasks or transactions
  • The overall trend seems to be going from specific
    application controls to more global general
    controls

4
Control Activities - III
  • Performance Reviews
  • Comparing Budgets to Actual Values
  • Relating Different Sets of Data-Operating or
    Financial-to one another, together with Analyses
    of the relationships and Investigative and
    Corrective Actions
  • Reviewing Functional Performance such as a banks
    consumer loan managers review of reports by
    branch, region, and loan type for loan approvals
    and collections

5
  • General Controls and Application Controls

6
Introduction to Controls
  • Controls may relate to manual AISs, to
    computer-based AISs, or both
  • Controls may be grouped into General controls,
    Application controls, and Security measures
  • Controls may also be grouped in terms of risk
    aversion Corrective, Preventive, and Detective
    Controls
  • These categories are intertwined and an
    appropriate balance is needed for an effective
    internal control structure

7
Control Classifications
  • By Setting
  • General
  • Application
  • Input
  • Processing
  • Output
  • By Risk Aversion
  • Corrective
  • Preventive
  • Detective


8
General Controls
  • General Controls pertain to all activities
    involving a firms AIS and resources (assets).
    They can be grouped as follows
  • Organizational or Personnel Controls
  • Documentation Controls
  • Asset Accountability Controls
  • Management Practice Controls
  • Information Center Operations Controls
  • Authorization Controls
  • Access Controls

9
Organizational or Personnel Controls - I
  • Organizational independence, which separates
    incompatible functions, is a central control
    objective when designing a system
  • Diligence of independent reviewers, including
    BOD, managers, and auditors (both internal and
    external)
  • In a manual system, authorization,
    record-keeping, and custodial functions must be
    kept separate. e.g., purchases, sales, cash
    handling, etc

10
Organizational or Personnel Controls - II
  • In computer-based AISs the major segregation is
    between the systems development tasks, which
    create systems, and the data processing tasks,
    which operate systems
  • Within data processing, one may find segregation
    between separate control (receiving logging),
    data preparation (converting to machine readable
    form), computer operations, and data library -
    batch processing
  • Other personnel controls include the two-week
    vacation rule

11
Flow of Batched Data in Computer-Based Processing
12
Segregation of Functions in a Direct/Immediate
Processing System
13
Documentation Controls
  • Documentation consists of procedures manuals and
    other means of describing the AIS and its
    operations, such as program flowcharts and
    organizational charts
  • In large firms, a data librarian is responsible
    for the control, storage, retention and
    distribution of documentation
  • Storing a copy of documentation in a fireproof
    vault, and having proper checkout procedures are
    other examples of documentation controls.
  • Use of CASEs

14
Systems Standard Documentation
  • Systems development policy statements
  • Program testing policy statements
  • Computer operations policy statements
  • Security and disaster policy statements

15
System Application Documentation
  • Computer system flowcharts
  • DFDs
  • Narratives
  • Input/output descriptions, including filled-in
    source documents
  • Formats of journals, ledgers, reports, and other
    outputs
  • Details concerning audit trails
  • Charts of accounts
  • File descriptions, including record layouts and
    data dictionaries
  • Error messages and formats
  • Error correction procedures
  • Control procedures

16
Program Documentation
  • Program flowcharts, decision tables, data
    structure diagrams
  • Source program listings
  • Inputs, formats, and sample filled-in forms
  • Printouts of reports, listings, and other outputs
  • Operating instructions
  • Test data and testing procedures
  • Program change procedures
  • Error listings

17
Data Documentation
  • Descriptions of data elements
  • Relationships of specific data elements to other
    data elements

18
Operating Documentation
  • Performance instructions for executing computer
    programs
  • Required input/output files for specific programs
  • Setup procedures for certain programs
  • List of programmed halts, including related
    messages, and required operator actions for
    specific programs
  • Recovery and restart procedures for specific
    programs
  • Estimated run times of specific programs
  • Distribution of reports generated by specific
    programs

19
User Documentation
  • Procedures for entering data on source documents
  • Checks of input data for accuracy and
    completeness
  • Formats and uses of reports
  • Possible error messages and correction procedures

20
Examples of Asset Accountability Controls
  • Subsidiary ledgers provide a cross-check on the
    accuracy of a control account
  • Reconciliations compare values that have been
    computed independently
  • Acknowledgment procedures transfer accountability
    of goods to a certain person
  • Logs and Registers help account for the status
    and use of assets
  • Reviews Reassessments are used to re-evaluate
    measured asset values

21
Management Practice Controls
  • Since management is responsible and thus over
    the internal control structure, they pose risks
    to a firm
  • General controls include
  • Human resource Policies and Practices
  • Commitment to Competence
  • Planning Practices
  • Audit Practices
  • Management Operational Controls
  • In a computerized AIS, management should
    instigate a policy for
  • Controls over Changes to Systems
  • New System Development Procedures

22
Examples of Computer Facility/Information Center
Controls
  • Proper Supervision over computer operators
  • Preventive Diagnostic Programs to monitor
    hardware and software functions
  • A Disaster Recovery Plan in the event of a
    man-made or natural catastrophe
  • Hardware controls such as Duplicate
    Circuitry, Fault Tolerance and
    Scheduled Preventive
    Maintenance
  • Software checks such as a Label Check
    and a Read-Write
    Check

23
Application Controls
  • Application controls pertain directly to the
    transaction processing systems
  • The objectives of application controls are to
    ensure that all transactions are legitimately
    authorized and accurately recorded, classified,
    processed, and reported
  • Application controls are subdivided into input,
    processing and output controls

24
Authorization Controls - I
  • Authorizations enforce managements policies with
    respect to transactions flowing into the general
    ledger system
  • They have the objectives of assuring that
  • Transactions are valid and proper
  • Outputs are not incorrect due to invalid inputs
  • Assets are better protected
  • Authorizations may be classified as general or
    specific

25
Authorization Controls - II
  • A General authorization establishes the standard
    conditions for transaction approval and execution
  • A Specific authorization establishes specific
    criteria for particular sums, events,
    occurrences, etc
  • In manual and computerized batch processing
    systems, authorization is manifest through
    signatures, initials, stamps, and transaction
    documents
  • In on-line computerized systems, authorization is
    usually verified by the system. e.g., validation
    of inventory pricing by code numbers in a general
    ledger package

26
Input Controls
  • Input Controls attempt to ensure the validity,
    accuracy, and completeness of the data entered
    into an AIS.
  • Input controls may be subdivided into
  • Data Observation and Recording
  • Data Transcription (Batching and Converting)
  • Edit tests of Transaction Data
  • Transmission of Transaction Data

27
Controls for Data Observation and Recording
  • The use of pre-numbered documents
  • Keeping blank forms under lock and key
  • Online computer systems offer the following
    features
  • Menu screens
  • Preformatted screens
  • Using scanners that read bar codes or other
    preprinted documents to reduce input errors
  • Using feedback mechanisms such as a confirmation
    slip to approve a transaction
  • Using echo routines

28
Data Transcription - I
  • Data Transcription refers to the preparation of
    data for computerized processing and includes
  • Carefully structured source documents and input
    screens
  • Batch control totals that help prevent the loss
    of transactions and the erroneous posting of
    transaction data
  • The use of Batch control logs in the batch
    control section
  • Amount control total totals the values in an
    amount or quantity field
  • Hash total totals the values in an identification
    field
  • Record count totals the number of source
    documents (transactions) in a batch

29
Data Transcription - II(Conversion of
Transaction Data)
  • Key Verification which consists of re-keying data
    and comparing the results of the two-keying
    operations
  • Visual Verification which consists of comparing
    data from original source documents against
    converted data.

30
Examples of Batch Control Totals
  • Financial Control Total - totals up dollar
    amounts (e.g., total of sales invoices)
  • Non-financial Control Total - computes non-dollar
    sums (e.g., number of hours worked by employees)
  • Record Count - totals the number of source
    documents once when batching transactions and
    then again when performing the data processing
  • Hash Total - a sum that is meaningless except for
    internal control purposes (e.g., sum of customer
    account numbers)

31
Definition and Purpose of Edit Tests
  • Edit Tests (programmed checks) are most often
    validation routines built into application
    software
  • The purpose of edit tests is to examine selected
    fields of input data and to reject those
    transactions whose data fields do not meet the
    pre-established standards of data quality

32
Examples of Edit Tests (Programmed Checks)
  • Validity Check (e.g., M male, F female)
  • Limit Check (e.g., hours worked do not exceed 40
    hours)
  • Reasonableness Check (e.g., increase in salary is
    reasonable compared to base salary)
  • Field Check (e.g., numbers do not appear in
    fields reserved for words)
  • Sequence Check (e.g., successive input data are
    in some prescribed order)
  • Range Check (e.g., particular fields fall within
    specified ranges - pay rates for hourly employees
    in a firm should fall between 8 and 20)
  • Relationship Check (logically related data
    elements are compatible - employee rated as
    hourly gets paid at a rate within the range of
    8 and 20)

33
Transmission of Transaction Data
  • When data must be transmitted from the point
    of origin to the processing center and data
    communications facilities are used, the following
    checks should also be considered
  • Echo Check - transmitting data back to the
    originating terminal for comparison with the
    transmitted data
  • Redundancy Data Check - transmitting additional
    data to aid in the verification process
  • Completeness Check - verifying that all required
    data have been entered and transmitted.

34
Objectives of Processing Controls
  • Processing Controls help assure that data are
    processed accurately and completely, that no
    unauthorized transactions are included, that the
    proper files and programs are included, and that
    all transactions can be easily traced
  • Categories of processing controls include
    Manual Cross-checks, ProcessingLogic Checks,
    Run-to-Run Controls,File and Program Checks, and
    AuditTrail Linkages

35
Examples of Processing Controls
  • Manual Cross-Checks - include checking the work
    of another employee, reconciliations and
    acknowledgments
  • Processing Logic Checks - many of the programmed
    edit checks, such as sequence checks and
    reasonableness checks (e.g., payroll records)
    used in the input stage, may also be employed
    during processing

36
Examples of Processing Controls
  • Run-to-Run Totals - batched data should be
    controlled during processing runs so that no
    records are omitted or incorrectly inserted into
    a transaction file
  • File and Program Changes - to ensure that
    transactions are posted to the proper account,
    master files should be checked for correctness,
    and programs should be validated
  • Audit Trail Linkages - a clear audit trail is
    needed to enable individual transactions to be
    traced, to provide support in general ledger
    balances, to prepare financial reports and to
    correct transaction errors or lost data

37
Output Controls
  • Outputs should be complete and reliable and
    should be distributed to the proper recipients
  • Two major types of output controls are
  • validating processing results
  • regulating the distribution and use of printed
    output

38
Validating/Reviewing Processing Results
  • Activity (or proof account) listings document
    processing activity and reflect changes made to
    master files
  • Because of the high volume of transactions, large
    companies may elect to review exception reports
    that highlight material changes in master files

39
Regulating/Controlling Distribution of Printed
Output
  • Reports should only be distributed to appropriate
    users by reference to an authorized distribution
    list
  • Sensitive reports should be shredded after use
    instead of discarding

40
Application Controls Arranged by Two
Classification Plans
Write a Comment
User Comments (0)
About PowerShow.com