Documente Academic
Documente Profesional
Documente Cultură
COMPUTERISED
INFORMATION
SYSTEM (CIS)
ENVIRONMENT
CLO 1
Justify properly the
techniques employed in the
various stages of the audit
process and evaluate
findings
Page 3
GENERAL CONTROLS
The objective of general control is to provide a
control environment, which means an environment
that ensures the accuracy and reliability of
accounting data and records.
General controls include controls over the
following:
Organization
Control over systems development and maintenance
Operational control
Hardware and software controls
Page 9
ORGANIZATION
This mean first, the separation of IT department
from the accounting
department and other user departments.
This is also means the IT manager is responsible
only on the top
management of the company who has no
authority over computer
processing.
Second, there must be proper segregation of
duties within the IT
department itself.
Page 10
ORGANIZATION
The duties of the different personnel within the IT
department, are as
follows:
POSITION
FUNCTIONS
IT MANAGER
SYSTEM
ANALYST
PROGRAMMER
Page 11
ORGANIZATION
POSITION
COMPUTER
OPERATOR
FUNCTIONS
Operates the computer hardware using
computer programs.
Page 13
OPERATIONS CONTROL
This means control over access to computer
operations and systems. This includes control
over detection of errors and also control to
ensure that no unauthorized data is put into the
system. Operations control also include controls
to ensure that only proper programs are used.
Page 14
APPLICATION CONTROLS
1) Input controls
2) Processing
controls
3) Output
controls
Page 17
INPUT CONTROLS
The control at the input level is important and
must be checked before the transactions are
processed.
Input control means first that the transactions
sent to the IT department for processing are :
a)Authorized
b)Accurate
c)Complete
d)Timely and
e)Presented only once
Second, any errors detected at the input level
must be corrected and resubmitted for processing.
Page 18
Page 19
PROCESSING CONTROLS
The system should provide for accurate and timely
processing of the input data.
Computers are now programmed to perform the
checking which includes the completeness tests,
logic tests and control totals.
As such the control at this level should basically
incorporate the proper maintenance of the
computers. Any defects or errors found must be
duly corrected.
Page 20
OUTPUT CONTROLS
In addition to the input and processing controls, it
is necessary to have control at the output level to
ensure that the output data are valid.
Outputs include reports, cheques, documents and
other printed or displayed (on terminal screen)
information.
A number of controls should be present to minimise
the unauthorised use of output.
A report distribution log should contain a schedule
of when reports are prepared, the names of
individuals who are to receive the report, and the
date of distribution.
Page 21
Page 22
Page 23
Thank You