Upload
zenn-vanrim-lopez
View
214
Download
1
Embed Size (px)
DESCRIPTION
cis
Citation preview
CHAPTER 9 – DATA CAPTURE AND BATCH DATA ENTRY CONTROLS Application controls
are manual and automatic procedures that relate to specific EDP accounting systems such as payroll, accounts receivable, and cash disbursements
Controls methodology a description of the role that controls play in EDP accounting
systems states that management or the auditor must make a series of
evaluations and determinations before the usefulness of controls can be defined
Series of steps for evaluations and determinations before the usefulness of controls can be defined:
1. determine the likelihood of errors and irregularities and their impact on audit and business exposures
2. set broad management objectives that specify the need for error-free processing and the avoidance of significant exposure
3. draw up detailed system objectives that represent the conformity of individual EDP accounting systems with the general objectives
4. evaluate the role that controls play in an EDP accounting system
Exposures of independent auditors and management resulting from errors and irregularities such as:
1. Unreliable datao Unreliable input data
- are the result of such errors as incorrect source data, incorrect transaction of source data to a machine-readable medium, or loss of transaction data during the processing cycle
o Uncorrected erroneous input data- may result in erroneous output
2. Improper processing3. Loss or destruction of assets and records4. Failure to accomplish organizational objectives5. Operational inefficiency
Three elements of the control structure:1. Control environment2. Accounting system3. Control procedures
Control environment pertains to the overall attitude, awareness, and actions of
management toward the control structure Acceptable level of errors
one in which management’s exposure is reduced to an immaterial or significant level
Management objective1. To provide an effective
accounting system
2. To provide effective control procedures
System objectivea. Completenessb. Validityc. Classificationd. Valuatione. Timelinessa. Transaction authorizationb. Errors are detected,
corrected, and resubmittedc. Security of data and recordsd. Distribution of outpute. Accuracyf. Uniquenessg. Reasonableness
Prevention controls prevent the occurrence of errors
Detection controls designed to detect the errors that inevitably occur despite
effective prevention controls
Correction controls ensure that errors that are detected will be properly corrected
and resubmitted for input and processing Control methodology and chapter organization objectives:
1. Prevention objectiveo Assurance that the incidence of errors is sufficiently low
to provide reliability, adherence to accounting policy, and protection of assets and records.
2. Detection objectiveo Assurance that errors that do occur are detected.
3. Correction objectiveo Assurance that errors that are detected are properly
corrected and resubmitted for processing. Audit trail
permits management to respond to operating exceptions, such as an out-of-stock inventory item
acts as an application control because it can be used to diagnose the cause and effect of an error
consists of the input, processing, and output documentation and file data that permit the tracing of transaction processing
Data capture a manual procedure that covers the limitation, approval,
authorization, review, and preparation of documentation for source transactions
it is generally a user department function occurs in both batch and on-line entry systems, although the
actual procedures and controls may differ; in on-line systems where the data capture function is reduced or combined with data entry, the focus of control shifts to data entry
Data capture controls are designed to ensure the reliability and accuracy of data,
before the data enter the computer application system Objectives of application controls for reduction of data capture
control risks:1. Prevention objective: To ensure reliable, proper, authorized,
approved, and secure source data.o Application controls that can help meet this objective:
a. User procedures manualb. Source document design
- involves the use of special formats and preprinted data to ensure conformity of work performed to written procedures
Conformity- encourages completeness, accuracy, and
proper authorization Special formats
- include the use of specific boxes for authorization signatures, control totals, footing and cross-footing balances, and retention dates
Pre-printed data- should include repetitive items such as
form number and title, department responsibility, transaction code, and product number
c. Prenumbering- ensures that each transaction will be uniquely
identifiedd. Forms security
- reduces the likelihood of unauthorized or invalid transactions
- should include physical control over the forms as well as dual signatures for the release of forms for source document preparation
e. Separation of duties- reduces the likelihood of unintentional errors
f. Sound personnel practices- these should include procedures to ensure the
hiring of computer personnel, the continuing evaluation of individual performance, periodic rotation of assignments, required vacations, and bonding of key personnel
g. Identification of preparer- increases the likelihood that the separation of
duties is being followedh. Evidence of approval
- evidenced by authorized signature on the source listing
2. Detection objective: To ensure that unreliable, improper, unauthorized, invalid, or lost source data are detected.o Application controls that can help meet this objective:
a. Batch controls Batch number
- identifies the batch of transactions and can be used to keep track of the receipt or transmittal of the batch
Control totals- permit subsequent discovery of loss of
items or changes in data that occur during data preparation, data entry, or data processing
- usually recorded manually by the user in a control log
Log- records the time and place of batch
transmittal and receipt Transmittal ticket
- controls the flow of data from one department to another
- usually identifies the sending and receiving patties and describes the accompanying batch
b. User review- the purpose of the review is to check the source
documents, transmittal tickets, and control log for completeness, accuracy, and conformity with department policy
3. Correction objective: To ensure that unreliable, improper, unauthorized, or invalid source data ate, if appropriate, corrected and resubmitted for data capture.o Application controls that can help meet this objective:
- Error correction procedures- Audit trail
- for data capture, it consists a copy of the source documents of a listing of source transactions
Source list- produced as an audit trail in systems where
no source document is prepared Batch data entry controls
are controls over the initial preparation of data for computer input and the entry of the data into the computer in batch input systems
Batch data preparation an off-line process in batch input systems that assembles and
prepares data for subsequent input to the computer Assembly of data
is the organization of transactions into batches, if not performed in data capture, and (optionally) the sequencing of the batch into master-file order
Preparation involves the conversion and coding of data in machine-readable
form
Batch data preparation provides a major opportunity for control of errors early in the transaction cycle.
Objectives of application controls for reduction of data capture control risks:
1. Prevention objective: To ensure reliable and properly prepared batch data.o Application controls that can help meet this objective:
a. Written instructions- reduce the likelihood of error by encouraging
compliance with standard procedures- should cover the assembly of batches of data,
operation of key entry devices, application of controls, and response to errors
b. Low error environmentc. Review of input datad. Turnaround documents
- are output documents that double as source documents
- are used extensively in credit card and other receivables billing operations
e. Formatting2. Detection objective: To ensure that unreliable and improper
data preparation is detected.o Application controls that can help meet this objective:
a. Batch controls- involves establishing initial batch control over
source documents or acting as an interface between the user and EDP if batch controls were established during data capture
Batch controls include:a) Assemblyb) Control totals
- should be computed as a byproduct of data preparation
- used to detect loss of documents or data items, nonprocessing of documents or data items, or ensure in data preparation
♥ Three types of control totals:i. Financial totals
- are summaries of field amounts for all the records in a batch that are normally computed as a result of processing
ii. Hash totals- are summaries of field amounts
for all records in the batch that are computed only for control purposes
iii. Record counts- are totals of the number of
logical and physical records (if different) keyed during data preparation
c) Batch header record- a machine-readable record of the batch
control totals and is used by the computer during input or processing for automatic balancing of control totals
d) Batch transmittal and route slips♥ Transmittal slip
- includes the batch description and control totals
♥ Route slip- shows the organizational path of
transaction processing
e) Log- normally contains the batch sequence
number, job description, times of receipt and transmittal, and signature of responsible individuals
b. Key entry validation- the purpose is to detect inaccurate, incomplete,
inconsistent, or improper data through calculation and logical comparison
- most performed during input and processing but not during data preparation
Key entry validation includes:a) Logic tests
♥ Types of logic tests:i. Tests of data classification and
transaction codes are fairly easy.ii. Sign test
- used when a character or field should always be negative or positive
iv. Value test- can be used if a data field always
contains a certain valuev. Alphanumeric condition test
- used for characters that should be either alphabetical or numeric
vi. Field size test- used when the size of the field is
prespecifiedvii. Limit test
- determines whether a data value falls within certain limits
b) Check digit- a redundant digit calculated from the
number in an identification field and attached to that number
♥ modulus- the base multiplier and is usually
10 or 11♥ digit weights
- position multipliers applied to each digit in the field
c) Balancing of control totalsc. Key entry verification
- a method for detecting operator errors in the keying of data onto disk, tape, or some other input medium
- an expensive process Verification
- a duplicate process that requires a second operator to rekey the same set of source documents as a verifier
Verifier- compares the second keying with the first
keying of the data and identifies any difference for immediate or subsequent correction
3. Correction objective: To ensure that unreliable and improper data detected during data preparation are properly corrected and resubmitted.o Errors from source
- result from illegible source documents and errors in the preparation of the source documents
o Errors during data conversion- result from operator keying errors
Batch input the on-line reading of batch data from a machine-readable
medium such as disk or tape into primary storage this provides the opportunity to use a full range of programmed
data validation and editing tests to ensure that data are reliable and proper prior to processing
Objectives of application controls for reduction of data capture control risks:
1. Prevention objective: To ensure reliable and proper input of batch data. Each application should have written procedures to guide
the control clerk and the computer operators and should limit data to be entered at the computer console.
2. Detection objective: To ensure that unreliable and improper batch input is detected.o Application controls that can help meet this objective:
a. Batch controls- requires establishing control over batches upon
arrival from data preparation and reconciling batch data upon completion of the input and validation run
b. Input validation3. Correction objective: To ensure that unreliable and improper
data detected during batch input are properly corrected and resubmitted.o Application controls that can help meet this objective:
a. Controls to match error correction system design Three basic approaches:
a) Delay processing until entire batch is validated♥ Circulating error file
- common suspense file- used in correction with
generalized input data validation routines
b) Process validation and rejected transactions
c) Process valid transactions onlyb. Upstream resubmission
- submit all corrected transactions to the same input validation requirements used during the original input
c. Audit trail
CHAPTER 10 – ON-LINE ENTRY, PROCESSING, AND OUTPUT CONTROLS On-line entry
the entry of individual transactions directly into the computer via a terminal
Objectives of application controls for reduction of data capture control risks:
1. Prevention objective: To ensure reliable, proper, authorized, and valid transaction entry. Application controls for on-line transaction entry are
written procedures to guide the terminal operation and computer-assisted procedures to reduce the possibility of errors
o Written procedures- should cover the operation of the terminal as well
as application-related procedures for the referencing of files, entry of transaction and parameter data, correction of keying errors, and withdrawal of transactions with source errors
o Computer-assisted procedures include:a. Screen formats
- guide terminal operators in supplying the proper data in the proper location
b. Computer dialogue- conversation between the terminal operator
and the computer2. Detection objective: To ensure that unreliable and improper
data entry is detected.o Application controls that can help meet this objective:
a. Batch controls- depends on whether the transactions are
batched prior to entry Batching of transactions prior to entry
- means that the terminal is being used as a batch input device
Postentry batch control totals- control totals that can only be computed
upon completion of data entry for the transactions actually entered during a given time period
b. Data entry validation Types of validation tests:
a) Classification and code validity testsb) Valid character and field testsc) Limit testsd) Check digit testse) Data echo check tests
- provides the terminal operator with visual confirmation that the data have been properly entered and received by the computer
Three other validation tests:a) record confirmation check
- an extension of the data echo check- instead of simply echoing the input
data back to the terminal, descriptive file data are added to the echo
b) inclusion of verifying data- involves the input of an item of
reference data from the master-file record in addition to the transaction identification data
c) data approval test- can be used to determine that the
transaction does not violate management policies