Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
8-1
Many systems have developed away from
centralized systems with one main frame
computer using user developed software to
a combination of smaller computers using
commercially available software

Less expensive software
 Electronic checkbooks (e.g., Quicken)

Moderate system
 Basic general ledger system (e.g.., QuickBooks)

Expensive
 ERP systems (e.g., SAP)
Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
8-2

Usually consists of:
Hardware
 Digital computer and peripheral
equipment
 Software
 Various programs and routines for
operating the system

Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
8-3
Input/Output Devices
Card Readers
Terminals
Electronic Cash
Registers
Optical Scanners
Magnetic Tape Drives
Magnetic Disk Drives
Optical Compact Disks
Central Processing Unit
Arithmetic Unit
Control Unit
Auxiliary Storage
Magnetic Disks
Magnetic Drums
Magnetic Tapes
Optical Compact Disks
Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
8-4

Two Types:

Systems software
 Programs that control and coordinate hardware
components and provide support to application
software
 Operating system (Examples: Unix, Windows)

Application software
 Programs designed to perform a specific data
processing task
 Written in programming language (Example: Java)
Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
8-5

Regardless of size, system possesses one or
more of the following elements
Batch processing
 On-line capabilities
 Database storage
 IT networks
 End user computing

Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
8-6



Input data gathered and processed periodically
in groups
Example: Accumulate all of a day’s sales
transactions and process them as a batch at end
of day
Often more efficient than other types of
systems but does not provide up-to-minute
information
Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
8-7


Online systems allow users direct access to
data stored in the system
Two types (a company may use both)

Online transaction processing (OLTP)
 Individual transactions entered from remote locations
 Online real time (Example: Bank balance at ATM)

Online analytical processing (OLAP)
 Enables user to query a system for analysis
 Example: Data warehouse, decision support systems,
expert systems
Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
8-8

In traditional-IT systems, each computer
application maintains separate master files


Redundant information stored in several files
Database system allows users to access same
integrated database file


Eliminates data redundancy
Creates need for data administrator for security
against improper access
Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
8-9


Networks
 Computers linked together through
telecommunication links that enable computers to
communicate information back and forth
 WAN, LAN
 Internet, intranet, extranet
Electronic commerce
 Involves electronic processing and transmission of
data between customer and client
 Electronic Data Interchange (EDI)
Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
8-10




User departments are responsible for the
development and execution of certain IT
applications
Involves a decentralized processing system
IT department generally not involved
Controls needed to prevent unauthorized
access
Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
8-11

Importance of internal control not diminished
in computerized environment
Separation of duties
 Clearly defined responsibilities
 Augmented by controls written into computer
programs

Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
8-12


In a traditional manual system, hard-copy
documentation available for accounting cycle
In computerized environment, audit trail
ordinarily still exists, but often not in printed
form


Can affect audit procedures
Consulting auditors during design stage of IT-based
system helps ultimate auditability
Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
8-13
Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
8-14





Information systems management
 Supervise the operation of the department and report to vice
president of finance
Systems analysis
 Responsible for designing the system
Application programming
 Design flowcharts and write programming code
Database administration
 Responsible for planning and administering the company
database
Data Entry
 Prepare and verify input data for processing
Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
8-15





IT Operations
 Run and monitor central computers
Program and file library
 Protect computer programs, master files and other records from
loss, damage and unauthorized use
Data Control
 Reviews and tests all input procedures, monitors processes and
reviews IT logs
Telecommunications Specialists
 Responsible for maintaining and enhancing IT networks
Systems Programming
 Responsible for troubleshooting the operating system
Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
8-16




History shows the person responsible for frauds in
many situations set up the system and controlled its
modifications
Segregation of duties
 Programming separate from controlling data entry
 Computer operator from custody or detailed
knowledge of programs
If segregation not possible need:
 Compensating controls like batch totals
Organizational controls not effective in mitigating
collusion
Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
8-17



Interested in evaluating the overall efficiency
and effectiveness of information systems
operations and related controls throughout the
company
Should participate in design of IT-based system
Perform tests to ensure no unauthorized
changes, adequate documentation, control
activities functioning and data group
performing duties.
Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
8-18
Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
8-19
General Control Activities

Developing new programs and systems

Changing existing programs and systems

Access to programs and data

IT operations controls
Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
8-20

Programmed Control Activities

Input validation checks
 Limit test
 Validity test
 Self-checking number

Batch controls
 Item count
 Control total
 Hash total

Processing controls
 Input controls plus file labels

Manual Follow-up Activities

Exception reports follow-up
Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
8-21



Designed to test the completeness and accuracy
of IT-processed transactions
Designed to ensure reliability
Reconciliation of control totals generated by
system to totals developed at input phase

Example: Sales invoices generated by IT-based
system tested for clerical accuracy and pricing by the
accounting clerk
Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
8-22


Involves use of one or more user operated
workstations to process data
Needed controls
Train users
 Document computer processing procedures
 Backup files stored away from originals
 Authorization controls
 Prohibit use of unauthorized programs
 Use antivirus software

Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
8-23


Step 1 – Consider IT system in planning
Step 2 – Obtain an understanding of the client
and its environment

Documentation of client’s IT-based system depends on
complexity of system
 Narrative
 Systems flowchart
 Program flowchart
 Internal control questionnaires
Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
8-24




Identify risks
Relate the identified risks to what can go
wrong at the relevant assertion level
Consider whether the risks are of a magnitude
that could result in a material misstatement
Consider the likelihood that the risks could
result in a material misstatement


Evaluate effectiveness of related controls in
mitigating risks
Test of controls over IT-based systems
Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
8-25



Auditing Around the Computer--Manually
processing selected transactions and comparing
results to computer output
Manual Tests of Computer Controls--Inspection of
computer control reports and evidence of manual
follow-up on exceptions
Auditing Through the Computer--Computer assisted
techniques






Test Data
Integrated Test Facility
Controlled Programs
Program Analysis Techniques
Tagging and Tracing Transactions
Generalized audit software – parallel simulation
Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
8-26
In general, using client data and generalized audit
software
Examine client’s records for overall quality,
completeness and valid conditions
 Rearrange data and perform analyses
 Select audit samples
 Compare data on separate files
 Compare results of audit procedures with client’s
records

Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
8-27
Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
8-28