2. • Describe an
electronic data
processing system
and unique
characteristics of
specific EDP
systems.
• Discuss the
impact of
computers on
accounting
systems.
• Specify major
types of computer
fraud.
3. Data processing – collecting, processing, and distributing of information to achieve a
desired result
Data processing system – equipment and procedures through which the result is
achieved
When a machine performs most of the procedures, the system:
• Is described as an electronic data processing system
• Is known as an automatic data processing system
More especially, when the machine is an electronic digital computer, the system:
• Is described as an electronic data processing (EDP) system or computer system
Computer system – designed to perform specific types of operations
Operations are performed by hardware and are controlled by software.
INTRODUCTION
TO AN ELECTRONIC DATA PROCESSING SYSTEM
4. Computer Hardware – physical components of the system
Central Processing Unit (CPU) – principal hardware of a computer
The CPU is consists of:
1. Main storage unit
2. Arithmetic and logic unit
3. Control unit
Additionally, the CPU controls the:
1. Input device
2. Output device
INTRODUCTION
TO AN ELECTRONIC DATA PROCESSING SYSTEM
5. INTRODUCTION
TO AN ELECTRONIC DATA PROCESSING SYSTEM
Main storage unit (which is also may be referred to as memory)
• Consists of elements
Information stored in any element is referred to as a “bit”
• Used to temporarily store programs and data for processing
• Finite size
• Peripheral equipment – auxiliary storage
Data may be retrieved in a:
a. Sequential fashion by reading the data item by item from start
to finish
b. Random manner by what is called a direct access device
6. INTRODUCTION
TO AN ELECTRONIC DATA PROCESSING SYSTEM
Arithmetic and logic unit
• Accomplish arithmetic tasks, comparisons, and other types of data
transformation
Control unit
• Regulates the activities of the other units and devices by retrieving
machine language instructions from the memory and then interpreting the
instructions
Input device
• Permits the computer to receive both data and instructions
Output device
• Returns information from the computer to user
7. Computer Software – the computer programs
Software – series of programs or routines that provide instructions for
operating the computer
Two broad categories of computer software:
1. Application programs
2. Systems software
• Operating system
• Utilities
INTRODUCTION
TO AN ELECTRONIC DATA PROCESSING SYSTEM
8. INTRODUCTION
TO AN ELECTRONIC DATA PROCESSING SYSTEM
Application programs (sometimes referred to as user of problem programs)
• Designed to accomplish specific objectives for users
• In early days of computers, they were written in machine language (also
known as object language or object code). Today, programming in an
English-like language, such as COBOL (Common Business Oriented
Language) and RPG (Report Program Generator), is made possible.
- Compilers are programs that translate the applications program
written in COBOL, RPG, or other high-level languages (known as
source code) into machine language.
9. INTRODUCTION
TO AN ELECTRONIC DATA PROCESSING SYSTEM
Systems software – operates the computer system and performs routine
tasks for users
Important elements:
• Operating system – a highly complex set of programs designed to:
1. Serve as a means of communication between the computer hardware
and human operator.
2. Schedule, load, initiate, and supervise the execution of programs.
3. Initiate and control input and output operations.
4. Manage and control compilers and utility programs
• Utilities – a program or group of programs designed to perform commonly
encountered data handling functions
10. Computer Installations – facilities where the computer hardware and
personnel are located
Generally organized into one of the following categories:
1. In-house or captive computer
2. Service bureau computer
3. Time-sharing
4. Facilities management
INTRODUCTION
TO AN ELECTRONIC DATA PROCESSING SYSTEM
11. INTRODUCTION
TO AN ELECTRONIC DATA PROCESSING SYSTEM
In-house or captive computer – organization owns or leases the equipment
and hires the necessary trained personnel to program, operate, and control
the various applications processes with the equipment
Service bureau computer – computer is used by an independent agency
which rents computer time and provides programming, key-punching, and
other services
12. INTRODUCTION
TO AN ELECTRONIC DATA PROCESSING SYSTEM
Time-sharing – organization acquires a keyboard device capable of
transmitting and receiving data and, by agreement, the right to use a
central computer facility
Facilities management – organization needing the computer services may
lease or purchase the necessary hardware and install it on its own premises,
then by negotiation, an outsider contractor with the necessary staff of
programmers and operators agrees to manage the facility
13. OF SPECIFIC EDP SYSTEMS
UNIQUE CHARACTERISTICS
The purpose of this section is to describe EDP systems that
are commonly found in the business environment so the
auditor will be able to apply the appropriate controls to the
system in question.
1. Batch Processing
2. Direct Random Access Processing
3. Data Base Processing
4. Small Computer Environments
5. Service Bureau/ Center
6. Distributed Systems
14. Batch Processing
• A common EDP System
• Assumed to be used if the question does not specify
the EDP system
• Key points:
- Transactions flow through the system in batches
(groups of like transactions)
- If CRTs are used in batch processing, it may
appear to the user that changes are occurring
immediately to the master file
- Batch processing normally leaves a relatively
easy to follow audit trail
OF SPECIFIC EDP SYSTEMS
UNIQUE CHARACTERISTICS
15. Direct Random Access Processing
• Most newer systems
• Data is processed as the transactions occur and are entered into the system
• Transactions can be input in any order
a. Transaction data is entered through on-line terminals and stored on direct access, disk
storage.
b. Edit routines immediately check the data for errors. Messages on the display prompt
the user to correct and re-enter the data.
c. Master files and programs are stored on-line so that updating can take place as the
edited data flows to the application.
d. Output comes in the form of CRT displays and hardcopy reports produced periodically.
e. Direct access processing is often referred to as on-line real-time (OLRT).
f. System security must be in place to restrict access to programs and data to authorized
persons only.
OF SPECIFIC EDP SYSTEMS
UNIQUE CHARACTERISTICS
16. Data Base Processing
Data base – set of interconnected files that users can
access to obtain specific information
Data base eliminates the need or separate, and often
repetitive, application-specific files.
Data base processing
• Most difficult EDP system to understand
• Dependent on an on-line real-time (OLRT) EDP
system
OF SPECIFIC EDP SYSTEMS
UNIQUE CHARACTERISTICS
17. Data Base Processing
• The emphasis on controls shifts from batch-type controls to OLRT-type controls,
which include the following:
a. User-department – controls in this EDP system must start at the user
department
b. Access control – in addition to the usual controls over terminals and access
of the system, data base processing also maintains control within the data base
itself
c. Backup and recovery – a magnetic tape backup of the data base should be
made at the end of each day
d. Database administrator - responsible for maintaining the database and
restricting access to the database to authorized personnel
e. Audit software – audit software usually tests a backup copy of a database
that has been stored on magnetic tape
OF SPECIFIC EDP SYSTEMS
UNIQUE CHARACTERISTICS
18. Small Computer Environments
• No matter how small the computer may become, the control
objectives remain the same
• The emphasis in this environment should center around the
following points:
a. Security - in a small computer environment, security over the
hardware is not as critical as security over the software and data.
b. Verification of processing - independent verification of the
application being processed on the small computer system
should be made to prevent the system from being used for
personal projects
c. Personnel – central authorization to purchase hardware and
software should be required
OF SPECIFIC EDP SYSTEMS
UNIQUE CHARACTERISTICS
19. Service Bureau/ Center
• Independent computer centers from which companies rent computer time
• Certain controls should be maintained at both the user and the service bureau
locations
a. Contract – ownership for data files and records by the user should be
explicitly stated
b. Processing verification – either batch controls or on-line controls should be
maintained at the user’s location
c. Backup and recovery – backup files should be under the control the user,
not the service bureau
d. Timesharing systems – if the service bureau has on-line access, many
users may access and use the computer simultaneously
OF SPECIFIC EDP SYSTEMS
UNIQUE CHARACTERISTICS
20. Service Bureau/ Center
d. Timesharing systems – if the service bureau has on-line access, many users
may access and use the computer simultaneously
The major concern is protection of user data from destruction and
unauthorized access. Data protection controls include the following features:
1. Boundary protection – reserves a set of addresses for use by a
particular job
2. Passwords on header labels – access is not allowed without the correct
password
3. Physical security of library storage safeguards the files
4. Access control – unique identification and confidential passwords
OF SPECIFIC EDP SYSTEMS
UNIQUE CHARACTERISTICS
21. Distributed Systems
• Represent a network of remote computer sites each having a small computer
connected to the main
• Reduce the load on the main computer system
• Faster turnaround of information
• Controls in this system include
a. Audit unit – each remote location should be well controlled and audited as a
separate unit to verify the integrity of the data processed
b. Segregation – compensating controls over each location should exist as users
may have both authorization and recording functions
c. Uniform standards – a set of uniform standard should be established
OF SPECIFIC EDP SYSTEMS
UNIQUE CHARACTERISTICS
22. O N A C C O U N T I N G S Y S T E M S
IMPACTS OF COMPUTERS
Computers may effect changes in the
accounting system, including the
following:
1. Documents are not maintained in
readable form.
2. Processing of transaction is more
consistent.
3. Duties are consolidated.
4. Reports can be generated easily.
23. O N A C C O U N T I N G S Y S T E M S
IMPACTS OF COMPUTERS
Documents are not maintained in readable form.
In manual and batch systems, entities generally establish
controls that require employees to record on a paper
documents. In real-time systems, however, no paper
documentation is prepared to serve as the basis for recording
the transaction.
Processing of transaction is more consistent.
A computerized data processing system that has been properly
tested before being placed into use and that has appropriate
safeguards generally runs consistently.
24. O N A C C O U N T I N G S Y S T E M S
IMPACTS OF COMPUTERS
Duties are consolidated.
The program in such systems often perform procedures
equivalent to the independent checks in a manual system.
Reports can be generated easily.
Computer systems provide for, or allow users to generate,
necessary reports about the status of transactions or accounts in
a minimal amount of time.
25. O F C O M P U T E R F R A U D
MAJOR TYPES
Auditors must be alert to the increased
potential for management fraud, given
computer capability for altering
databases and fabricating
documentation for nonexistent
transactions.
1. Salami Technique
2. Trojan Horse
3. Virus Programs
4. Trapdoors
26. O F C O M P U T E R F R A U D
MAJOR TYPES
Salami Technique – computer programs are modified to
inappropriately round off calculations to the benefit of the fraud
perpetrator
Trojan Horse – an unauthorized program placed within an
authorized one
Virus Programs – programs with unauthorized information or
instructions
Trapdoors – unauthorized entry points into programs or databases
In addition to these techniques, the theft of computer time is
another fraud client’s face.