Controls design Controls are “the plan of organization and all the methods and measures to safeguard its assets, check the accuracy and reliability of.

Slides:



Advertisements
Similar presentations
Object Oriented Analysis And Design-IT0207 iiI Semester
Advertisements

Module 3: Business Information Systems
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
System/Software Testing Error detection and removal determine level of reliability well-planned procedure - Test Cases done by independent quality assurance.
Software Quality Assurance Plan
Overview of IS Controls, Auditing, and Security Fall 2005.
Describing Process Specifications and Structured Decisions Systems Analysis and Design, 7e Kendall & Kendall 9 © 2008 Pearson Prentice Hall.
Auditing Concepts.
Auditing Computer Systems
The Islamic University of Gaza
Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall Process Specifications and Structured Decisions Systems Analysis and Design, 8e Kendall.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.
PowerPoint Presentation for Dennis, Wixom & Tegarden Systems Analysis and Design Copyright 2001 © John Wiley & Sons, Inc. All rights reserved. Slide 1.
PowerPoint Presentation for Dennis, Wixom & Tegarden Systems Analysis and Design Copyright 2001 © John Wiley & Sons, Inc. All rights reserved. Slide 1.
Illinois Institute of Technology
Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.
Implementation. We we came from… Planning Analysis Design Implementation Identify Problem/Value. Feasibility Analysis. Project Management. Understand.
Auditing Auditing & Automated Systems Chapter 22 Auditing & Automated Systems Chapter 22.
PowerPoint Presentation by Charlie Cook Copyright © 2004 South-Western. All rights reserved. Chapter 9 Controlling Information Systems: Process Controls.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley The Impact of Information Technology on the Audit.
BY RAJESWARI S SOFTWARE TESTING. INTRODUCTION Software testing is the process of testing the software product. Effective software testing will contribute.
Management Information Systems
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin.
Input Design Objectives
Control and Accounting Information Systems
System/Software Testing
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Computer Based Information Systems Control UAA – ACCT 316 – Fall 2003 Accounting Information Systems Dr. Fred Barbee.
Categories of Testing.
1 BTEC HNC Systems Support Castle College 2007/8 Systems Analysis Lecture 9 Introduction to Design.
Overview of Transaction Processing and Enterprise Resource Planning Systems Chapter 2.
Chapter 5 Internal Control over Financial Reporting
Implications of Information Technology for the Audit Process
1 12 Systems Analysis and Design in a Changing World, 2 nd Edition, Satzinger, Jackson, & Burd Chapter 12 Designing Systems Interfaces, Controls, and Security.
Evaluation of Internal Control System
Describing Process Specifications and Structured Decisions Systems Analysis and Design, 7e Kendall & Kendall 9 © 2008 Pearson Prentice Hall.
Moving into Implementation SYSTEMS ANALYSIS AND DESIGN, 6 TH EDITION DENNIS, WIXOM, AND ROTH © 2015 JOHN WILEY & SONS. ALL RIGHTS RESERVED.Roberta M. Roth.
Understanding the IT environment of the entity. Session objectives Defining contours of financial accounting in an IT environment and its characteristics.
Slide 1 Construction (Testing) Chapter 15 Alan Dennis, Barbara Wixom, and David Tegarden John Wiley & Sons, Inc. Slides by Fred Niederman Edited by Solomon.
S4: Understanding the IT environment of the entity.
- Ahmad Al-Ghoul Data design. 2 learning Objectives Explain data design concepts and data structures Explain data design concepts and data structures.
PowerPoint Presentation for Dennis & Haley Wixom, Systems Analysis and Design, 2 nd Edition Copyright 2003 © John Wiley & Sons, Inc. All rights reserved.
PowerPoint Presentation for Dennis, Wixom, & Roth Systems Analysis and Design, 3rd Edition Copyright 2006 © John Wiley & Sons, Inc. All rights reserved.
Chapter 9 Controlling Information Systems: Application Controls.
Sylnovie Merchant, Ph.D. MIS 161 Spring 2005 MIS 161 Systems Development Life Cycle II Lecture 5: Testing User Documentation.
Construction, Testing, Documentation, and Installation Chapters 15 and 16 Info 361: Systems Analysis and Design.
The Software Development Process
IT Risks and Controls Revised on Content Internal Control  What is internal control?  Objectives of internal controls  Types of internal controls.
Lesson 3.  Use of computers in recording, classifying, manipulating, and summarizing data.  Also called Automatic data processing, data processing,
Software Engineering1  Verification: The software should conform to its specification  Validation: The software should do what the user really requires.
Software Engineering Saeed Akhtar The University of Lahore.
Software Testing and Quality Assurance 1. What is the objectives of Software Testing?
The Impact of Information Technology on the Audit Process
Testing Overview Software Reliability Techniques Testing Concepts CEN 4010 Class 24 – 11/17.
Chapter 8-1 Chapter 8 Accounting Information Systems Information Technology Auditing Dr. Hisham madi.
Copyright © 2011 Pearson Education Process Specifications and Structured Decisions Systems Analysis and Design, 8e Kendall & Kendall Global Edition 9.
Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.
Tool Support for Testing Classify different types of test tools according to their purpose Explain the benefits of using test tools.
Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.
Software Testing. Software Quality Assurance Overarching term Time consuming (40% to 90% of dev effort) Includes –Verification: Building the product right,
Auditing Concepts.
Software Testing.
Chapter 11 Designing Inputs, Outputs, and Controls.
The Impact of Information Technology on the Audit Process
The Impact of Information Technology on the Audit Process
Lecture 09:Software Testing
Test Case Test case Describes an input Description and an expected output Description. Test case ID Section 1: Before execution Section 2: After execution.
System analysis and design
Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.
Presentation transcript:

Controls design Controls are “the plan of organization and all the methods and measures to safeguard its assets, check the accuracy and reliability of its accounting data, promote operational efficiency, and encourage adherence to prescribed managerial policies” (AICPA) They can be preventive, detective or corrective They can be manual or automated

Traditional Control mechanisms separation of duties controlling access to assets audit trail capture and storage of events in multiple locations and time periods (duplication) system of authorizations Too many controls will reduce efficiency; too few controls will reduce effectiveness

Effect of computers on controls No clear separation of duties –many different activities are placed in the same location, done at the same time, by the same unit (program). –multiple users use the program –decline in accountability (analyst?, programmer?, quality assurance?, user?) Access to assets threatened –information systems concentrate the organizational assets –several people have access; high potential for abuse –greater exposure of data assets due to communication networks

Tighter integration as opposed to duplication –Databases –workflow automation (ERP) systems

IT control principles 1. focus should be on prevention than detection because detection is expensive in a complex IT environment; also, the loss due to an error is significant –emphasis should be placed on the design stage –testing prior to production should be rigorous 2. use IT and its capabilities to tailor control procedures to the business process manual control procedures are likely to be ineffective in a complex IT driven system

IT Control principles 3. an electronic audit trail is more effective than a paper-based audit trail. 4. It is better to “build-in” controls rather than “build-on” top of existing process structure.

IT Controls Input Process Output Communication Database Interface Controls

INPUT CONTROLS Factors to consider in the evaluation of input controls –Extent of human intervention –Time lapse between the occurrence of event and the input activity Data Capture Controls Source Document and Data Entry Screen Designs Source Document Design –Pre-numbering documents –Preprinting documents

Use of Codes Codes should be compact, meaningful, flexible, and stable Serial (sequence) Codes –Captures history without the need for a time stamp –Example: check numbering Block Sequence Codes –Serial coding within blocks (categories) of data –Example: , , … Association Codes –Derived by concatenating codes of different attributes of the entity –Example: UGBSEE for Undergraduate BS in EE major Check Digits

Batch Controls Detect errors in physical transmission, and data entry stages Some of the controls include Record Count Batch Total of a data item Hash total of a data item Batch Size –Large: Problems with correction if there is an error –Small: Too many batches, Too many calculations of batch total, more processing in general

Data Validation Controls Field Checks –Null, Type, Size, Format, Range, Legal Values, Check Digit, Referential Integrity Record Checks –Consistency among data items in a record, Duplicates, Missing Records Audit Trail –Data gathering stage –Data entry stage –Who, when, device, file/record updated

Output Controls Controls to make sure that the required output is produced and distributed to the appropriate destinations in a timely manner Output Production and Distribution Key Stages Storage of supplies such as preprinted forms Execution of report programs Queuing/Spooling Printing Output collection and distribution Output storage and retention Output disposal

Process controls walk-throughs, code inspection testing Simulation

Chapter 15: Construction We will focus on test design rather than the actual construction and documentation of the system.

Designing Tests The purpose is not to demonstrate that the system is free of errors; The purpose is to detect as many errors as possible

Testing Philosophy It is dangerous to test early modules without an overall testing plan It may be difficult to reproduce sequence of events causing an error Testing must be done systematically and results documented carefully –Regression Errors

Stages of Testing Unit testing –Tests each module to assure that it performs its function Integration testing –Tests the interaction of modules to assure that they work together System testing –Tests to assure that the software works well as part of the overall system Acceptance testing –Tests to assure that the system serves organizational needs

Error Discover Rates

Test Planning Driver and Stub Technique Driver –The main testing program –It calls the module to be tested, passes the test data, collects and stores results Stub –The module being tested

Unit Testing Black Box Testing –Focuses on whether the unit meets requirements stated in specification White-Box Testing –Looks inside the module to test its major elements

Integration Testing User interface testing –Tests each interface function Use-case testing –Ensures that each use case works correctly Interaction testing –Tests each process in a step-by-step fashion System interface testing –Ensures data transfer between systems

System Testing Requirements Testing –Ensures that integration did not cause new errors Usability Testing –Tests how easy and error-free the system is in use Security Testing –Assures that security functions are handled properly Performance Testing –Assures that the system works under high volumes of activity Documentation Testing –Analysts check that documentation and examples work properly

Acceptance Testing Alpha Testing –Repeats tests by users to assure they accept the system Beta Testing –Uses real data, not test data

Generating Test Data Historical Transaction Data Data derived from Data Dictionary Data derived from program logic and structure

Data from Program Logic and Structure Focus is on program graph Statement Coverage Branch Coverage Path Coverage Example

(1)Read wage (2)If wage < then (3)Fedtax = wage*0.15 Else (4)IfWage < then (5)Fedtax = (15000*0.15) + (wage-15000)*0.28 Else (6)Fedtax = (15000*0.15) + (35000*0.28) + (wage-50000)*0.31 End if (7)If wage < then (8)Statetax = wage*0.04 Else (9)Ifwage < then (10)Statetax = (10000*0.04) + (wage-10000)*0.05 Else (11)If wage < then (12)Statetax = (10000*0.04) + (30000*0.05) + (wage-40000)*0.06 Else (13)Statetax = (10000*0.04) + (30000*0.05)+ (35000*0.06)+ (wage-40000)*0.07 EndIf End if (14)Totaltax = Fedtax + StateTax (15)NetSalary = Wage-Totaltax (16)Print Wage, FedTax, StateTax, NetSalary

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.