Presentation is loading. Please wait.

Presentation is loading. Please wait.

Accounting Information Systems: Essential Concepts and Applications Fourth Edition by Wilkinson, Cerullo, Raval, and Wong-On-Wing Chapter 8: General Controls.

Similar presentations

Presentation on theme: "Accounting Information Systems: Essential Concepts and Applications Fourth Edition by Wilkinson, Cerullo, Raval, and Wong-On-Wing Chapter 8: General Controls."— Presentation transcript:

1 Accounting Information Systems: Essential Concepts and Applications Fourth Edition by Wilkinson, Cerullo, Raval, and Wong-On-Wing Chapter 8: General Controls and Application Controls Slides Authored by Somnath Bhattacharya, Ph.D. Florida Atlantic University

2 Introduction to Controls zControls may relate to manual AISs, to computer-based AISs, or both zControls may be grouped into General controls, Application controls, and Security measures zControls may also be grouped in terms of risk aversion: Corrective, Preventive, and Detective Controls zThese categories are intertwined and an appropriate balance is needed for an effective internal control structure

3 Control Classifications By Setting yGeneral yApplication xInput xProcessing xOutput By Risk Aversion z Corrective z Preventive z Detective } Figure 8-1

4 General Controls General Controls pertain to all activities involving a firms AIS and resources (assets). They can be grouped as follows: yOrganizational or Personnel Controls yDocumentation Controls yAsset Accountability Controls yManagement Practice Controls yInformation Center Operations Controls yAuthorization Controls yAccess Controls

5 Organizational or Personnel Controls - I zOrganizational independence, which separates incompatible functions, is a central control objective when designing a system zDiligence of independent reviewers, including BOD, managers, and auditors (both internal and external) zIn a manual system, authorization, record- keeping, and custodial functions must be kept separate. e.g., purchases, sales, cash handling, etc

6 Organizational or Personnel Controls - II zIn computer-based AISs the major segregation is between the systems development tasks, which create systems, and the data processing tasks, which operate systems zWithin data processing, one may find segregation between separate control (receiving & logging), data preparation (converting to machine readable form), computer operations, and data library - batch processing zOther personnel controls include the two-week vacation rule

7 Convert to machine readable media Data Preparation Section Receive and Log and Distribute Control Section Process Outputs To users (exception and summary report) Computer Operations Data Inputs Outputs Errors to be corrected User Departments Flow of Batched Data in Computer-Based Processing Data Library Section Files Figure 8-4

8 Batch Files Online Files Online Files (or data library for removable disks and backups Process Computer Operations Data Inputs Displayed Outputs Printed or Plotted Outputs User Departments Segregation of Functions in a Direct/Immediate Processing System Figure 8-6

9 Documentation Controls zDocumentation consists of procedures manuals and other means of describing the AIS and its operations, such as program flowcharts and organizational charts zIn large firms, a data librarian is responsible for the control, storage, retention and distribution of documentation zStoring a copy of documentation in a fireproof vault, and having proper checkout procedures are other examples of documentation controls. zUse of CASEs

10 System Standards Documentation zSystems development policy statements zProgram testing policy statements zComputer operations policy statements zSecurity and disaster policy statements

11 System Application Documentation zComputer system flowcharts zDFDs zNarratives zInput/output descriptions, including filled-in source documents zFormats of journals, ledgers, reports, and other outputs zDetails concerning audit trails zCharts of accounts zFile descriptions, including record layouts and data dictionaries zError messages and formats zError correction procedures zControl procedures

12 Program Documentation zProgram flowcharts, decision tables, data structure diagrams zSource program listings zInputs, formats, and sample filled-in forms zPrintouts of reports, listings, and other outputs zOperating instructions zTest data and testing procedures zProgram change procedures zError listings

13 Data Documentation zDescriptions of data elements zRelationships of specific data elements to other data elements

14 Operating Documentation zPerformance instructions for executing computer programs zRequired input/output files for specific programs zSetup procedures for certain programs zList of programmed halts, including related messages, and required operator actions for specific programs zRecovery and restart procedures for specific programs zEstimated run times of specific programs zDistribution of reports generated by specific programs

15 User Documentation zProcedures for entering data on source documents zChecks of input data for accuracy and completeness zFormats and uses of reports zPossible error messages and correction procedures

16 Examples of Asset Accountability Controls zSubsidiary ledgers provide a cross-check on the accuracy of a control account zReconciliations compare values that have been computed independently zAcknowledgment procedures transfer accountability of goods to a certain person zLogs and Registers help account for the status and use of assets zReviews & Reassessments are used to re- evaluate measured asset values

17 Management Practice Controls zSince management is responsible and thus over the internal control structure, they pose risks to a firm zGeneral controls include: yHuman resource Policies and Practices yCommitment to Competence yPlanning Practices yAudit Practices yManagement & Operational Controls zIn a computerized AIS, management should instigate a policy for: yControls over Changes to Systems yNew System Development Procedures

18 Examples of Computer Facility/Information Center Controls zProper Supervision over computer operators zPreventive Diagnostic Programs to monitor hardware and software functions zA Disaster Recovery Plan in the event of a man-made or natural catastrophe zHardware controls such as Duplicate Circuitry, Fault Tolerance and Scheduled Preventive Maintenance zSoftware checks such as a Label Check and a Read-Write Check

19 Application Controls zApplication controls pertain directly to the transaction processing systems zThe objectives of application controls are to ensure that all transactions are legitimately authorized and accurately recorded, classified, processed, and reported zApplication controls are subdivided into input, processing and output controls

20 Authorization Controls - I zAuthorizations enforce managements policies with respect to transactions flowing into the general ledger system zThey have the objectives of assuring that: yTransactions are valid and proper yOutputs are not incorrect due to invalid inputs yAssets are better protected zAuthorizations may be classified as general or specific

21 zA General authorization establishes the standard conditions for transaction approval and execution zA Specific authorization establishes specific criteria for particular sums, events, occurrences, etc zIn manual and computerized batch processing systems, authorization is manifest through signatures, initials, stamps, and transaction documents zIn on-line computerized systems, authorization is usually verified by the system. e.g., validation of inventory pricing by code numbers in a general ledger package Authorization Controls - II

22 Input Controls zInput Controls attempt to ensure the validity, accuracy, and completeness of the data entered into an AIS. zInput controls may be subdivided into: yData Observation and Recording yData Transcription (Batching and Converting) yEdit tests of Transaction Data yTransmission of Transaction Data

23 Controls for Data Observation and Recording zThe use of pre-numbered documents zKeeping blank forms under lock and key zOnline computer systems offer the following features: yMenu screens yPreformatted screens yUsing scanners that read bar codes or other preprinted documents to reduce input errors yUsing feedback mechanisms such as a confirmation slip to approve a transaction yUsing echo routines

24 Data Transcription - I zData Transcription refers to the preparation of data for computerized processing and includes: yCarefully structured source documents and input screens yBatch control totals that help prevent the loss of transactions and the erroneous posting of transaction data xThe use of Batch control logs in the batch control section xAmount control total totals the values in an amount or quantity field xHash total totals the values in an identification field xRecord count totals the number of source documents (transactions) in a batch

25 Data Transcription - II (Conversion of Transaction Data) zKey Verification which consists of re- keying data and comparing the results of the two-keying operations zVisual Verification which consists of comparing data from original source documents against converted data.

26 Examples of Batch Control Totals zFinancial Control Total - totals up dollar amounts (e.g., total of sales invoices) zNon-financial Control Total - computes non-dollar sums (e.g., number of hours worked by employees) zRecord Count - totals the number of source documents once when batching transactions and then again when performing the data processing zHash Total - a sum that is meaningless except for internal control purposes (e.g., sum of customer account numbers)

27 Definition and Purpose of Edit Tests zEdit Tests (programmed checks) are most often validation routines built into application software zThe purpose of edit tests is to examine selected fields of input data and to reject those transactions whose data fields do not meet the pre-established standards of data quality

28 Examples of Edit Tests (Programmed Checks) zValidity Check (e.g., M = male, F = female) zLimit Check (e.g., hours worked do not exceed 40 hours) zReasonableness Check (e.g., increase in salary is reasonable compared to base salary) zField Check (e.g., numbers do not appear in fields reserved for words) zSequence Check (e.g., successive input data are in some prescribed order) zRange Check (e.g., particular fields fall within specified ranges - pay rates for hourly employees in a firm should fall between $8 and $20) zRelationship Check (logically related data elements are compatible - employee rated as hourly gets paid at a rate within the range of $8 and $20)

29 Transmission of Transaction Data When data must be transmitted from the point of origin to the processing center and data communications facilities are used, the following checks should also be considered: yEcho Check - transmitting data back to the originating terminal for comparison with the transmitted data yRedundancy Data Check - transmitting additional data to aid in the verification process yCompleteness Check - verifying that all required data have been entered and transmitted.

30 Objectives of Processing Controls zProcessing Controls help assure that data are processed accurately and completely, that no unauthorized transactions are included, that the proper files and programs are included, and that all transactions can be easily traced zCategories of processing controls include Manual Cross-checks, Processing Logic Checks, Run-to-Run Controls, File and Program Checks, and Audit Trail Linkages

31 Examples of Processing Controls zManual Cross-Checks - include checking the work of another employee, reconciliations and acknowledgments zProcessing Logic Checks - many of the programmed edit checks, such as sequence checks and reasonableness checks (e.g., payroll records) used in the input stage, may also be employed during processing

32 Examples of Processing Controls zRun-to-Run Totals - batched data should be controlled during processing runs so that no records are omitted or incorrectly inserted into a transaction file zFile and Program Changes - to ensure that transactions are posted to the proper account, master files should be checked for correctness, and programs should be validated zAudit Trail Linkages - a clear audit trail is needed to enable individual transactions to be traced, to provide support in general ledger balances, to prepare financial reports and to correct transaction errors or lost data

33 Output Controls zOutputs should be complete and reliable and should be distributed to the proper recipients zTwo major types of output controls are: yvalidating processing results yregulating the distribution and use of printed output

34 Validating/Reviewing Processing Results zActivity (or proof account) listings document processing activity and reflect changes made to master files zBecause of the high volume of transactions, large companies may elect to review exception reports that highlight material changes in master files

35 Regulating/Controlling Distribution of Printed Output zReports should only be distributed to appropriate users by reference to an authorized distribution list zSensitive reports should be shredded after use instead of discarding

36 Application Controls Arranged by Two Classification Plans Input Processing Output Control Stage Control Purpose

37 Copyright © 2000 John Wiley & Sons, Inc. All rights reserved. Reproduction or translation of this work beyond that permitted in Section 117 of the 1976 United States Copyright Act without the express written permission of the copyright owner is unlawful. Request for further information should be addressed to the Permissions Department, John Wiley & Sons, Inc. The purchaser may make back-up copies for his/her own use only and not for distribution or resale. The publisher assumes no responsibility for errors, omissions, or damages, caused by the use of these programs or from the use of the information contained herein. Accounting Information Systems: Essential Concepts and Applications Fourth Edition by Wilkinson, Cerullo, Raval, and Wong-On-Wing

Download ppt "Accounting Information Systems: Essential Concepts and Applications Fourth Edition by Wilkinson, Cerullo, Raval, and Wong-On-Wing Chapter 8: General Controls."

Similar presentations

Ads by Google