HelpWithAssignment.com, profile picture
Uploaded byHelpWithAssignment.com
PPTX, PDF595 views

Accounting System Design and Development-Internal Controls

This document discusses internal controls for computerized accounting information systems. It describes general controls that apply across systems, such as policies for access, backup procedures, and segregation of duties. It also discusses application controls that operate within specific systems or processes to ensure proper authorization, recording, completeness and accuracy of transactions. Examples provided include input and output edit checks, sequence checks, and comparison of control totals. Threats to internal controls like fraud or system errors are also mentioned.

Embed presentation

Downloaded 20 times
 Aims of a computerised accounting information systems  General and application controls  Limitations of controls  Threats to internal controls  Internal Controls (Part II) Accounting System Design and Development
 Identify 3 advantages of computerised application controls. 
 Proper authorisation such as authoring valid transaction  Proper record such as input and output accuracy  Completeness  Timeliness   Consistent execution, authorisation, and application  Enforce Completeness  More difficult to avoid  More timely and efficient to execute  More timely reporting and feedback!!  …etc 
 Some risks apply across a number of areas of the organisation. To address these risks we have GENERAL CONTROLS.  General controls effect the overall information system.  General controls are established with the aim of providing reasonable assurance that the internal control objectives are achieved.  These controls effect all applications  Seen as pervasive – these controls will apply across almost all of the information systems in an organisation.  Support the effective operation of application controls   General Control ◦ Policies/procedures relating to many applications ◦ Support the effective operation of application controls  Application Control ◦ Manual or automated ◦ Operate within a business process / application ◦ Relate to the initiation, recording, reporting and processing of events ◦ Deal with the aims of occurrence, authorisation, completeness and accuracy 
custody of ◦ Access to systems ◦ Policies and procedures ◦ Data protection Telecommunications  Access encryption techniques  To data files ◦ Disaster recovery  Hardware  Physical controls  Segregation of duties  User access  System development procedures  User awareness of risks  Data storage procedures   Organisational  Systems Development ◦ Separation of duties ◦ User involvement  Design, programming, ◦ Authorisation operations, data entry, ◦ Documentation documentation software restricted  Recruitment  Termination ◦ Transmission /  To computer facilities  Other  Authorised users ◦ Backup/Off site storage ◦ Monitor and detect failures 
processed, and use system output. information needs and then design an information analysts and creates an information system by company’s computer. They ensure that data is right output is produced. corporate databases and files.  Systems administration – ensure that the different parts of an information system operate smoothly and efficiently.  Network management – ensure that all applicable devices are linked to the organisation’s internal and external networks and that the networks operate continuously and properly.  Change management – manage all changes to an organisation’s information system to ensure they are made smoothly and efficiently and to prevent errors and fraud.  Users – record transactions, authorize data to be  Systems analysis – helps users determine their system to meet those needs.  Programming – take the design provided by system writing the computer programs.  Computer operations – run the software on the input properly and correctly processed and the  Database administration – maintain and manage
◦ Virtual private networks ◦ Electronic eavesdropping ◦ Message acknowledgement procedures ◦ What unique risks do microcomputers present to an  Wireless technology  Wired Networks ◦ Routing verification procedures  Microcomputers organisation?  Location of computing facility  Restrict employee access  The use of Biometrics   Change management – the person (usually a developer) who makes the IS change should be different from the person who makes the change available to users – the process of making changes available to all users is usually called “migration into production”  Why do we need to segregate these functions? 
 Fault tolerant / Built in redundancies  Disk mirroring  Backups ◦ Hierarchically performed ◦ Where to store backup data? ◦ How often to backup?  Uninterruptible power supply   Separation of duties ◦ Accounting from other sub-systems ◦ Responsibilities within IT  Programming  Data management  Design / Analysis  Testing ◦ Within a process  Authorisation, Execution, Custody, Recording  Computer accounts / Logins / Access controls 
 DRP Considers: ◦ Natural disasters ◦ Deliberate malicious acts ◦ Accidental destructive acts…  DRP Usually covers: ◦ Staff  Employees  Customers  Suppliers  Other Stakeholders… ◦ Physical resources  Buildings  Equipments  Cash… ◦ Information resources  Data  Information…   DRP refers to the strategy an organisation will put into action in the event of a disaster that disrupts normal operations. The aim is business continuity, i.e. to resume operations as soon as possible with minimal loss or disruption to data and information.  This plan describes procedures to be followed in the case of an emergency as well as the role of each member of the disaster recovery team. 
 Controls over specific systems/business processes ◦ Relate to the initiation, recording, reporting and processing of events  Provide reasonable assurance that the events occurring in a system/process are authorised and recorded, and are processed completely, accurately and on a timely basis and that resources in that system are protected.  Examples of systems/processes in an organisation: ◦ Sales system, Accounts receivable system, Purchases system, Payments system, Payroll, Financial Reporting, Inventory…   Temporary Site ◦ Hot site ◦ Cold site  Staffing ◦ Evacuating threatened staff ◦ Enabling staff to operate in DRP mode  Staff need to know their roles  Restore relationships ◦ As organisations become integrated the information asset is increasing in importance 
required by the needs of the business process?  Classification based on the stage in the process at which the control occurs ◦ Input controls  Designed to ensure data entering the system is valid, complete and accurate ◦ Process controls  Detect errors and irregularities in the processing of data ◦ Output controls  Protect the outputs of a system   Authorisation ◦ Is the person authorised to execute the transaction?  Eg: Approvals for a large sale to proceed  Recording ◦ Input Validity  Is the data of the correct format/type?  Does the data represent a valid event? ◦ Input Accuracy  Is all data entered correct?  Completeness ◦ Has all data about an event been recorded?  Transaction level ◦ Have all events been recorded?  Business process level  Timeliness ◦ Is data captured, processed, stored and available as 
 Edit Tests ◦ Check validity and accuracy after data has been input  Test of content  Numeric, Alphabetic, Alphanumeric  Test of reasonableness  Is the input within a specified range of values  Eg Hours worked per week is between 0 and 60  Test of sign (+ive, -ive)  Test of completeness  Test of sequence  Has every document been input? Eg Cheques  Requires pre-numbered source documents  Test of consistency  Check digit calculation  Eg: Credit Card – calculate security number from card number  Card Number 1234 5678 9012 3456  Security Number: 687   Observation, Recording and Transcription ◦ Feedback mechanism  Eg: Customer reviews and signs sales form ◦ Dual observation  Eg: Approval from a supervisor, more than one employee in execution of sale ◦ Pre-designed forms  Pre-numbered  Layout of forms  How does a pre-designed form help? 
Invoice 001 Invoice 002 Invoice 007 Invoice 002 Invoice 003 Invoice 004 numbered documents missing documents SALES DEPT DATA ENTRY CLERK COMPUTER Invoice 001 Sale occurs and invoice prepared Invoices Missing entered Invoice 006 Invoice 003 Invoice 005 Invoice 004 Invoice 007 Invoice 005 Checks for gaps in the Invoice 006 sequence of pre- The sequence check and alerts Clerk of has identified that Invoice 006 has not been entered – we do not have completeness.   Controls for the manipulation of data once it has been input. ◦ Batch control totals ◦ Record counts ◦ Sequence checks ◦ Run to run totals  Which aims do they achieve? ◦ Reliable financial reporting  Accuracy of data processing / updates  Completeness of data processing / updates 
SALES PERSON COMPUTER Sales Order Order Details Capture sales Calculate A/R check total Credit Update Accts Sales Receivable Compare totals   The computer takes the daily credit sales data and updates the accounts receivable master balances.  The new balance for the accounts receivable should equal the opening balance + credit sales 
30 They include:  Financial control total  Hash total  Record count 
 Judgement error  Unexpected transaction  Collusion  Management override  Weak internal controls  Conflicting signals   Validation of process results ◦ Activity listings  Distribution and Use ◦ Who is able to access the outputs? ◦ Where are the outputs printed to? ◦ Has the relevant user got all of the output 
 Blair, B and Boyce, G, 2006 (Eds), Accounting Information Systems with Social and Organisational Perspectives, John Wiley, Milton  Turner, L. & Weickgenannt, A. (2009) Accounting Information Systems: Controls and Processes, Wiley I wish to acknowledge Dr. Chadi Aoun’s input and material that were incorporated into the lecture slides as well as the supplementary material and sources provided by John Wiley publishers.   Management incompetence  External factors such as natural disasters  Fraud  Regulatory environment  Information technology such as viruses, email attacks 
For more details on Assignment Help/ Homework Help/ Online Tuitions visit our website at http://www.helpwithassignment.com Thank You

More Related Content

PPTX
Auditing in Computerized Environment
byDr. Sushil Bansode
 
PPSX
CIS Audit Lecture # 1
byCheng Olayvar
 
PPTX
Chapter 6
byNur Dalila Zamri
 
PPT
Auditing in a computer environment copy
bySaleh Rashid
 
PPT
Introduction to computerised accounting
byItisha Sharma
 
PPT
3c 2 Information Systems Audit
byRajeswaran Muthu Venkatachalam
 
PPTX
Chapter 4 : Auditing and the information technology environment
byKugendranMani
 
PPTX
Audit in computerised informaton system environment and recent development i...
byDr. Sanjay Sawant Dessai
 
Auditing in Computerized Environment
byDr. Sushil Bansode
 
CIS Audit Lecture # 1
byCheng Olayvar
 
Chapter 6
byNur Dalila Zamri
 
Auditing in a computer environment copy
bySaleh Rashid
 
Introduction to computerised accounting
byItisha Sharma
 
3c 2 Information Systems Audit
byRajeswaran Muthu Venkatachalam
 
Chapter 4 : Auditing and the information technology environment
byKugendranMani
 
Audit in computerised informaton system environment and recent development i...
byDr. Sanjay Sawant Dessai
 

What's hot

PPT
Auditing In Computer Environment Presentation
byEMAC Consulting Group
 
PPTX
Information System audit
byPratapchandra
 
PDF
Internal Controls Over Information Systems
byJeffrey Paulette
 
PPT
Auditing by CIS . Chapter 6
bySharah Ayumi
 
PPTX
ITGC audit of ERPs
byJayesh Daga
 
PPT
COMPUTERIZED ACCOUNTING AND AUDITING TECHNIQUES (CAAT)
byRikesh Chaurasia
 
PDF
Computer Audit an Introductory
byMNorazizi HM
 
PDF
ICPAS Breakfast Talk Series - Maximising IT Audit 13 Mar 2013
byBarun Kumar
 
PPT
Introduction to Transaction Processing Chapter No. 2
byQamar Farooq
 
PDF
Information systems and its components ii
byAshish Desai
 
PPTX
Internal Control And Fraud 11-19-10
byEd Tobias
 
PPTX
Computer-Assisted Audit Tools and Techniques
by_supriadi
 
PPT
008.itsecurity bcp v1
byMohammad Ashfaqur Rahman
 
PPT
Information systems audit and control
byKashif Rana ACCA
 
PDF
Computerised accounting plus_one_chap_12_15_2
byPrasad Melattur
 
PPTX
Information Systems Audit - Ron Weber chapter 1
bySreekanth Narendran
 
PPTX
Computerised Accounting System
byTuhin Garai
 
PPT
Audit and Assurance
byMuhamadSyawal7
 
DOCX
Computer Assisted Audit Techniques (CAATS) - IS AUDIT
byShahzeb Pirzada
 
PPT
Computerised Accounting System
byengineer sood
 
Auditing In Computer Environment Presentation
byEMAC Consulting Group
 
Information System audit
byPratapchandra
 
Internal Controls Over Information Systems
byJeffrey Paulette
 
Auditing by CIS . Chapter 6
bySharah Ayumi
 
ITGC audit of ERPs
byJayesh Daga
 
COMPUTERIZED ACCOUNTING AND AUDITING TECHNIQUES (CAAT)
byRikesh Chaurasia
 
Computer Audit an Introductory
byMNorazizi HM
 
ICPAS Breakfast Talk Series - Maximising IT Audit 13 Mar 2013
byBarun Kumar
 
Introduction to Transaction Processing Chapter No. 2
byQamar Farooq
 
Information systems and its components ii
byAshish Desai
 
Internal Control And Fraud 11-19-10
byEd Tobias
 
Computer-Assisted Audit Tools and Techniques
by_supriadi
 
008.itsecurity bcp v1
byMohammad Ashfaqur Rahman
 
Information systems audit and control
byKashif Rana ACCA
 
Computerised accounting plus_one_chap_12_15_2
byPrasad Melattur
 
Information Systems Audit - Ron Weber chapter 1
bySreekanth Narendran
 
Computerised Accounting System
byTuhin Garai
 
Audit and Assurance
byMuhamadSyawal7
 
Computer Assisted Audit Techniques (CAATS) - IS AUDIT
byShahzeb Pirzada
 
Computerised Accounting System
byengineer sood
 

Viewers also liked

PPTX
Business Law - Consumer Protection
byHelpWithAssignment.com
 
PPT
Writingagooddissertation helpwithassignment
byHelpWithAssignment.com
 
PPTX
Introduction to Microsystems for Bio Applications
byHelpWithAssignment.com
 
PPT
Allowable Deduction
byHelpWithAssignment.com
 
PPTX
Introduction to Accounting System
byHelpWithAssignment.com
 
PPTX
Microsystems |Technologies
byHelpWithAssignment.com
 
PPT
International Accounting:Reporting and Disclosure
byHelpWithAssignment.com
 
PPT
Tools of finance help withassignment.com
byHelpWithAssignment.com
 
PPT
Tax Offsets and Trading Stock
byHelpWithAssignment.com
 
PPTX
Measures of association - Biostatistics
byHelpWithAssignment.com
 
PPTX
Brand Equity Assignment help
byHelpWithAssignment.com
 
PPTX
Performance Appraisal in Human Resources from HelpWithAssignment.com
byHelpWithAssignment.com
 
PPTX
Chicago Referencing Style HelpWIthAssignment.com
byHelpWithAssignment.com
 
PPTX
Microsystems Technologies- Thin-Film Processing
byHelpWithAssignment.com
 
PPT
Tools of finance help withassignment.com
byHelpWithAssignment.com
 
PPTX
Hypothesis - Biostatistics
byHelpWithAssignment.com
 
Business Law - Consumer Protection
byHelpWithAssignment.com
 
Writingagooddissertation helpwithassignment
byHelpWithAssignment.com
 
Introduction to Microsystems for Bio Applications
byHelpWithAssignment.com
 
Allowable Deduction
byHelpWithAssignment.com
 
Introduction to Accounting System
byHelpWithAssignment.com
 
Microsystems |Technologies
byHelpWithAssignment.com
 
International Accounting:Reporting and Disclosure
byHelpWithAssignment.com
 
Tools of finance help withassignment.com
byHelpWithAssignment.com
 
Tax Offsets and Trading Stock
byHelpWithAssignment.com
 
Measures of association - Biostatistics
byHelpWithAssignment.com
 
Brand Equity Assignment help
byHelpWithAssignment.com
 
Performance Appraisal in Human Resources from HelpWithAssignment.com
byHelpWithAssignment.com
 
Chicago Referencing Style HelpWIthAssignment.com
byHelpWithAssignment.com
 
Microsystems Technologies- Thin-Film Processing
byHelpWithAssignment.com
 
Tools of finance help withassignment.com
byHelpWithAssignment.com
 
Hypothesis - Biostatistics
byHelpWithAssignment.com
 

Similar to Accounting System Design and Development-Internal Controls

PPT
Chapter 2.ppt
byAccounting Guru
 
DOCX
Effects of IT on internal controls
byLou Foja
 
PPT
Ch01 The Information Sys (Accountant's Perspective).ppt
bykhawlamuseabd
 
PPT
Information systems
byProf. Othman Alsalloum
 
PPT
Test2
bySaad Javaid
 
PPT
ch01.ppt jammes hall accounting information
bysaiinpeer
 
PPT
ch01.ppt
byssusera4df42
 
PPT
MA-26-AIS-Notes.ppt
byCristinaClemenso
 
PPT
AIS-CHAPTER-1.ppt
byShanelleCamral
 
PPT
AIS-CHAPTER-1.ppt
byShanelleCamral
 
PPT
hhhh.ppt
byjack952975
 
PPTX
03.2 application control
byMulyadi Yusuf
 
PPTX
ACC 412 NOTES On advanced auditing1.pptx
byBenxLegend
 
PPTX
Consolidated accounting notes presentation
byashforddube14
 
PPTX
james-a-hall-accounting-information-system-chapter-1.pptx
bydelmomae32
 
PPT
James hall ch 1
byDavid Julian
 
PPTX
ACCOUNTING INFORMATION SYSTEMS and Financial accounting
bythemoondev001
 
PPTX
Lecture 7 organization structure- chapter 1 jamed a hall
byHabib Ullah Qamar
 
PDF
CHAPTER 1 AIS.pdf
byyatotcarbonel
 
PPTX
CHANGE MANAGEMENT PROCESS.pptx
byrajalakshmi5921
 
Chapter 2.ppt
byAccounting Guru
 
Effects of IT on internal controls
byLou Foja
 
Ch01 The Information Sys (Accountant's Perspective).ppt
bykhawlamuseabd
 
Information systems
byProf. Othman Alsalloum
 
Test2
bySaad Javaid
 
ch01.ppt jammes hall accounting information
bysaiinpeer
 
ch01.ppt
byssusera4df42
 
MA-26-AIS-Notes.ppt
byCristinaClemenso
 
AIS-CHAPTER-1.ppt
byShanelleCamral
 
AIS-CHAPTER-1.ppt
byShanelleCamral
 
hhhh.ppt
byjack952975
 
03.2 application control
byMulyadi Yusuf
 
ACC 412 NOTES On advanced auditing1.pptx
byBenxLegend
 
Consolidated accounting notes presentation
byashforddube14
 
james-a-hall-accounting-information-system-chapter-1.pptx
bydelmomae32
 
James hall ch 1
byDavid Julian
 
ACCOUNTING INFORMATION SYSTEMS and Financial accounting
bythemoondev001
 
Lecture 7 organization structure- chapter 1 jamed a hall
byHabib Ullah Qamar
 
CHAPTER 1 AIS.pdf
byyatotcarbonel
 
CHANGE MANAGEMENT PROCESS.pptx
byrajalakshmi5921
 

Recently uploaded

PPTX
Math 8 Quarter 4 Week 4-SECONDARY DATA.pptx
byshahanieabbat3
 
PPTX
How to Add an Icon in Systray in Odoo 18
byCeline George
 
PPTX
Overview of How to set priority in Odoo 19 Todo
byCeline George
 
PDF
Holm Community Heritage at St Nicholas Kirk - 2025 AGM Minutes (30.04.2025)
byAntoine Pietri
 
PPTX
Greengnorance Toolkit Module 4 Active Mobility and Transport
byKarl Donert
 
PDF
Pharmaceutical Quality Assurance Unit 1 (BP606T)
byChetan Mali
 
PPTX
Problem and Solution (PowerPoint Game Template)
byacpaulite
 
PDF
How "Raiders of the Lost Ark" and "Ordinary People" Employ Non-Verbal Acting
by6x5csns4pn
 
PPTX
How to Create_Generate Engineering Change Orders ECOs in Odoo 18
byCeline George
 
PDF
AI Is a Tool, Not a Voice: Radio, Trust, and the Human Factor
byN.A. Shah Ansari
 
PPTX
Q4_PPT MUSIC & ARTS 7 week 1-2, matatag curriculum
byZEN
 
PPTX
WEEK 2 (2).pptx TLE COOKERY 10 QUARTER 4
byResynFayeCortez2
 
PPTX
Greengnorance Toolkit Module 3 Shopping and Food
byKarl Donert
 
PDF
Tetracycline Class of Antibiotics: SAR, MOA and Uses
bymominzarinamdnajeeb
 
PDF
Beyond the Absurd: A Comparative Reading of Waiting for Godot and the Bhagava...
byKruti Vyas
 
PPTX
MEMORY &FORGETTING. Shilpa Hotakar.Psychology pptx
bySHILPA HOTAKAR
 
PPTX
Greengnorance Toolkit Module 6 Water Resources
byKarl Donert
 
PPTX
How to Track & Manage My Time Section in Odoo 18 Time Off
byCeline George
 
PPTX
Plato's Insight model teaching and learning.pptx
byNikhitaDS
 
PDF
Chapter 05 Drugs Acting on the Central Nervous System: Anticonvulsant (Antiep...
bySandeshSul
 
Math 8 Quarter 4 Week 4-SECONDARY DATA.pptx
byshahanieabbat3
 
How to Add an Icon in Systray in Odoo 18
byCeline George
 
Overview of How to set priority in Odoo 19 Todo
byCeline George
 
Holm Community Heritage at St Nicholas Kirk - 2025 AGM Minutes (30.04.2025)
byAntoine Pietri
 
Greengnorance Toolkit Module 4 Active Mobility and Transport
byKarl Donert
 
Pharmaceutical Quality Assurance Unit 1 (BP606T)
byChetan Mali
 
Problem and Solution (PowerPoint Game Template)
byacpaulite
 
How "Raiders of the Lost Ark" and "Ordinary People" Employ Non-Verbal Acting
by6x5csns4pn
 
How to Create_Generate Engineering Change Orders ECOs in Odoo 18
byCeline George
 
AI Is a Tool, Not a Voice: Radio, Trust, and the Human Factor
byN.A. Shah Ansari
 
Q4_PPT MUSIC & ARTS 7 week 1-2, matatag curriculum
byZEN
 
WEEK 2 (2).pptx TLE COOKERY 10 QUARTER 4
byResynFayeCortez2
 
Greengnorance Toolkit Module 3 Shopping and Food
byKarl Donert
 
Tetracycline Class of Antibiotics: SAR, MOA and Uses
bymominzarinamdnajeeb
 
Beyond the Absurd: A Comparative Reading of Waiting for Godot and the Bhagava...
byKruti Vyas
 
MEMORY &FORGETTING. Shilpa Hotakar.Psychology pptx
bySHILPA HOTAKAR
 
Greengnorance Toolkit Module 6 Water Resources
byKarl Donert
 
How to Track & Manage My Time Section in Odoo 18 Time Off
byCeline George
 
Plato's Insight model teaching and learning.pptx
byNikhitaDS
 
Chapter 05 Drugs Acting on the Central Nervous System: Anticonvulsant (Antiep...
bySandeshSul
 

Accounting System Design and Development-Internal Controls

  • 1.
     Aims ofa computerised accounting information systems  General and application controls  Limitations of controls  Threats to internal controls  Internal Controls (Part II) Accounting System Design and Development
  • 2.
     Identify 3advantages of computerised application controls. 
  • 3.
     Proper authorisationsuch as authoring valid transaction  Proper record such as input and output accuracy  Completeness  Timeliness   Consistent execution, authorisation, and application  Enforce Completeness  More difficult to avoid  More timely and efficient to execute  More timely reporting and feedback!!  …etc 
  • 4.
     Some risksapply across a number of areas of the organisation. To address these risks we have GENERAL CONTROLS.  General controls effect the overall information system.  General controls are established with the aim of providing reasonable assurance that the internal control objectives are achieved.  These controls effect all applications  Seen as pervasive – these controls will apply across almost all of the information systems in an organisation.  Support the effective operation of application controls   General Control ◦ Policies/procedures relating to many applications ◦ Support the effective operation of application controls  Application Control ◦ Manual or automated ◦ Operate within a business process / application ◦ Relate to the initiation, recording, reporting and processing of events ◦ Deal with the aims of occurrence, authorisation, completeness and accuracy 
  • 5.
    custody of ◦Access to systems ◦ Policies and procedures ◦ Data protection Telecommunications  Access encryption techniques  To data files ◦ Disaster recovery  Hardware  Physical controls  Segregation of duties  User access  System development procedures  User awareness of risks  Data storage procedures   Organisational  Systems Development ◦ Separation of duties ◦ User involvement  Design, programming, ◦ Authorisation operations, data entry, ◦ Documentation documentation software restricted  Recruitment  Termination ◦ Transmission /  To computer facilities  Other  Authorised users ◦ Backup/Off site storage ◦ Monitor and detect failures 
  • 6.
    processed, and usesystem output. information needs and then design an information analysts and creates an information system by company’s computer. They ensure that data is right output is produced. corporate databases and files.  Systems administration – ensure that the different parts of an information system operate smoothly and efficiently.  Network management – ensure that all applicable devices are linked to the organisation’s internal and external networks and that the networks operate continuously and properly.  Change management – manage all changes to an organisation’s information system to ensure they are made smoothly and efficiently and to prevent errors and fraud.  Users – record transactions, authorize data to be  Systems analysis – helps users determine their system to meet those needs.  Programming – take the design provided by system writing the computer programs.  Computer operations – run the software on the input properly and correctly processed and the  Database administration – maintain and manage
  • 7.
    ◦ Virtual privatenetworks ◦ Electronic eavesdropping ◦ Message acknowledgement procedures ◦ What unique risks do microcomputers present to an  Wireless technology  Wired Networks ◦ Routing verification procedures  Microcomputers organisation?  Location of computing facility  Restrict employee access  The use of Biometrics   Change management – the person (usually a developer) who makes the IS change should be different from the person who makes the change available to users – the process of making changes available to all users is usually called “migration into production”  Why do we need to segregate these functions? 
  • 8.
     Fault tolerant/ Built in redundancies  Disk mirroring  Backups ◦ Hierarchically performed ◦ Where to store backup data? ◦ How often to backup?  Uninterruptible power supply   Separation of duties ◦ Accounting from other sub-systems ◦ Responsibilities within IT  Programming  Data management  Design / Analysis  Testing ◦ Within a process  Authorisation, Execution, Custody, Recording  Computer accounts / Logins / Access controls 
  • 9.
     DRP Considers: ◦Natural disasters ◦ Deliberate malicious acts ◦ Accidental destructive acts…  DRP Usually covers: ◦ Staff  Employees  Customers  Suppliers  Other Stakeholders… ◦ Physical resources  Buildings  Equipments  Cash… ◦ Information resources  Data  Information…   DRP refers to the strategy an organisation will put into action in the event of a disaster that disrupts normal operations. The aim is business continuity, i.e. to resume operations as soon as possible with minimal loss or disruption to data and information.  This plan describes procedures to be followed in the case of an emergency as well as the role of each member of the disaster recovery team. 
  • 10.
     Controls overspecific systems/business processes ◦ Relate to the initiation, recording, reporting and processing of events  Provide reasonable assurance that the events occurring in a system/process are authorised and recorded, and are processed completely, accurately and on a timely basis and that resources in that system are protected.  Examples of systems/processes in an organisation: ◦ Sales system, Accounts receivable system, Purchases system, Payments system, Payroll, Financial Reporting, Inventory…   Temporary Site ◦ Hot site ◦ Cold site  Staffing ◦ Evacuating threatened staff ◦ Enabling staff to operate in DRP mode  Staff need to know their roles  Restore relationships ◦ As organisations become integrated the information asset is increasing in importance 
  • 11.
    required by theneeds of the business process?  Classification based on the stage in the process at which the control occurs ◦ Input controls  Designed to ensure data entering the system is valid, complete and accurate ◦ Process controls  Detect errors and irregularities in the processing of data ◦ Output controls  Protect the outputs of a system   Authorisation ◦ Is the person authorised to execute the transaction?  Eg: Approvals for a large sale to proceed  Recording ◦ Input Validity  Is the data of the correct format/type?  Does the data represent a valid event? ◦ Input Accuracy  Is all data entered correct?  Completeness ◦ Has all data about an event been recorded?  Transaction level ◦ Have all events been recorded?  Business process level  Timeliness ◦ Is data captured, processed, stored and available as 
  • 12.
     Edit Tests ◦Check validity and accuracy after data has been input  Test of content  Numeric, Alphabetic, Alphanumeric  Test of reasonableness  Is the input within a specified range of values  Eg Hours worked per week is between 0 and 60  Test of sign (+ive, -ive)  Test of completeness  Test of sequence  Has every document been input? Eg Cheques  Requires pre-numbered source documents  Test of consistency  Check digit calculation  Eg: Credit Card – calculate security number from card number  Card Number 1234 5678 9012 3456  Security Number: 687   Observation, Recording and Transcription ◦ Feedback mechanism  Eg: Customer reviews and signs sales form ◦ Dual observation  Eg: Approval from a supervisor, more than one employee in execution of sale ◦ Pre-designed forms  Pre-numbered  Layout of forms  How does a pre-designed form help? 
  • 13.
    Invoice 001 Invoice 002 Invoice007 Invoice 002 Invoice 003 Invoice 004 numbered documents missing documents SALES DEPT DATA ENTRY CLERK COMPUTER Invoice 001 Sale occurs and invoice prepared Invoices Missing entered Invoice 006 Invoice 003 Invoice 005 Invoice 004 Invoice 007 Invoice 005 Checks for gaps in the Invoice 006 sequence of pre- The sequence check and alerts Clerk of has identified that Invoice 006 has not been entered – we do not have completeness.   Controls for the manipulation of data once it has been input. ◦ Batch control totals ◦ Record counts ◦ Sequence checks ◦ Run to run totals  Which aims do they achieve? ◦ Reliable financial reporting  Accuracy of data processing / updates  Completeness of data processing / updates 
  • 14.
    SALES PERSON COMPUTER Sales Order Order Details Capturesales Calculate A/R check total Credit Update Accts Sales Receivable Compare totals   The computer takes the daily credit sales data and updates the accounts receivable master balances.  The new balance for the accounts receivable should equal the opening balance + credit sales 
  • 15.
    30 They include:  Financialcontrol total  Hash total  Record count 
  • 16.
     Judgement error Unexpected transaction  Collusion  Management override  Weak internal controls  Conflicting signals   Validation of process results ◦ Activity listings  Distribution and Use ◦ Who is able to access the outputs? ◦ Where are the outputs printed to? ◦ Has the relevant user got all of the output 
  • 17.
     Blair, Band Boyce, G, 2006 (Eds), Accounting Information Systems with Social and Organisational Perspectives, John Wiley, Milton  Turner, L. & Weickgenannt, A. (2009) Accounting Information Systems: Controls and Processes, Wiley I wish to acknowledge Dr. Chadi Aoun’s input and material that were incorporated into the lecture slides as well as the supplementary material and sources provided by John Wiley publishers.   Management incompetence  External factors such as natural disasters  Fraud  Regulatory environment  Information technology such as viruses, email attacks 
  • 18.
    For more detailson Assignment Help/ Homework Help/ Online Tuitions visit our website at http://www.helpwithassignment.com Thank You