CHAPTER 9 – DATA CAPTURE AND BATCH DATA ENTRY CONTROLS Application controls

are manual and automatic procedures that relate to specific EDP accounting systems such as payroll, accounts receivable, and cash disbursements

Controls methodology a description of the role that controls play in EDP accounting

systems states that management or the auditor must make a series of

evaluations and determinations before the usefulness of controls can be defined

Series of steps for evaluations and determinations before the usefulness of controls can be defined:

1. determine the likelihood of errors and irregularities and their impact on audit and business exposures

2. set broad management objectives that specify the need for error-free processing and the avoidance of significant exposure

3. draw up detailed system objectives that represent the conformity of individual EDP accounting systems with the general objectives

4. evaluate the role that controls play in an EDP accounting system

Exposures of independent auditors and management resulting from errors and irregularities such as:

1. Unreliable datao Unreliable input data

- are the result of such errors as incorrect source data, incorrect transaction of source data to a machine-readable medium, or loss of transaction data during the processing cycle

o Uncorrected erroneous input data- may result in erroneous output

2. Improper processing3. Loss or destruction of assets and records4. Failure to accomplish organizational objectives5. Operational inefficiency

Three elements of the control structure:1. Control environment2. Accounting system3. Control procedures

Control environment pertains to the overall attitude, awareness, and actions of

management toward the control structure Acceptable level of errors

one in which management’s exposure is reduced to an immaterial or significant level

Management objective1. To provide an effective

accounting system

2. To provide effective control procedures

System objectivea. Completenessb. Validityc. Classificationd. Valuatione. Timelinessa. Transaction authorizationb. Errors are detected,

corrected, and resubmittedc. Security of data and recordsd. Distribution of outpute. Accuracyf. Uniquenessg. Reasonableness

Prevention controls prevent the occurrence of errors

Detection controls designed to detect the errors that inevitably occur despite

effective prevention controls

Correction controls ensure that errors that are detected will be properly corrected

and resubmitted for input and processing Control methodology and chapter organization objectives:

1. Prevention objectiveo Assurance that the incidence of errors is sufficiently low

to provide reliability, adherence to accounting policy, and protection of assets and records.

2. Detection objectiveo Assurance that errors that do occur are detected.

3. Correction objectiveo Assurance that errors that are detected are properly

corrected and resubmitted for processing. Audit trail

permits management to respond to operating exceptions, such as an out-of-stock inventory item

acts as an application control because it can be used to diagnose the cause and effect of an error

consists of the input, processing, and output documentation and file data that permit the tracing of transaction processing

Data capture a manual procedure that covers the limitation, approval,

authorization, review, and preparation of documentation for source transactions

it is generally a user department function occurs in both batch and on-line entry systems, although the

actual procedures and controls may differ; in on-line systems where the data capture function is reduced or combined with data entry, the focus of control shifts to data entry

Data capture controls are designed to ensure the reliability and accuracy of data,

before the data enter the computer application system Objectives of application controls for reduction of data capture

control risks:1. Prevention objective: To ensure reliable, proper, authorized,

approved, and secure source data.o Application controls that can help meet this objective:

a. User procedures manualb. Source document design

- involves the use of special formats and preprinted data to ensure conformity of work performed to written procedures

Conformity- encourages completeness, accuracy, and

proper authorization Special formats

- include the use of specific boxes for authorization signatures, control totals, footing and cross-footing balances, and retention dates

Pre-printed data- should include repetitive items such as

form number and title, department responsibility, transaction code, and product number

c. Prenumbering- ensures that each transaction will be uniquely

identifiedd. Forms security

- reduces the likelihood of unauthorized or invalid transactions

- should include physical control over the forms as well as dual signatures for the release of forms for source document preparation

e. Separation of duties- reduces the likelihood of unintentional errors

f. Sound personnel practices- these should include procedures to ensure the

hiring of computer personnel, the continuing evaluation of individual performance, periodic rotation of assignments, required vacations, and bonding of key personnel

g. Identification of preparer- increases the likelihood that the separation of

duties is being followedh. Evidence of approval

- evidenced by authorized signature on the source listing

2. Detection objective: To ensure that unreliable, improper, unauthorized, invalid, or lost source data are detected.o Application controls that can help meet this objective:

a. Batch controls Batch number

- identifies the batch of transactions and can be used to keep track of the receipt or transmittal of the batch

Control totals- permit subsequent discovery of loss of

items or changes in data that occur during data preparation, data entry, or data processing

- usually recorded manually by the user in a control log

Log- records the time and place of batch

transmittal and receipt Transmittal ticket

- controls the flow of data from one department to another

- usually identifies the sending and receiving patties and describes the accompanying batch

b. User review- the purpose of the review is to check the source

documents, transmittal tickets, and control log for completeness, accuracy, and conformity with department policy

3. Correction objective: To ensure that unreliable, improper, unauthorized, or invalid source data ate, if appropriate, corrected and resubmitted for data capture.o Application controls that can help meet this objective:

- Error correction procedures- Audit trail

- for data capture, it consists a copy of the source documents of a listing of source transactions

Source list- produced as an audit trail in systems where

no source document is prepared Batch data entry controls

are controls over the initial preparation of data for computer input and the entry of the data into the computer in batch input systems

Batch data preparation an off-line process in batch input systems that assembles and

prepares data for subsequent input to the computer Assembly of data

is the organization of transactions into batches, if not performed in data capture, and (optionally) the sequencing of the batch into master-file order

Preparation involves the conversion and coding of data in machine-readable

form

Batch data preparation provides a major opportunity for control of errors early in the transaction cycle.

Objectives of application controls for reduction of data capture control risks:

1. Prevention objective: To ensure reliable and properly prepared batch data.o Application controls that can help meet this objective:

a. Written instructions- reduce the likelihood of error by encouraging

compliance with standard procedures- should cover the assembly of batches of data,

operation of key entry devices, application of controls, and response to errors

b. Low error environmentc. Review of input datad. Turnaround documents

- are output documents that double as source documents

- are used extensively in credit card and other receivables billing operations

e. Formatting2. Detection objective: To ensure that unreliable and improper

data preparation is detected.o Application controls that can help meet this objective:

a. Batch controls- involves establishing initial batch control over

source documents or acting as an interface between the user and EDP if batch controls were established during data capture

Batch controls include:a) Assemblyb) Control totals

- should be computed as a byproduct of data preparation

- used to detect loss of documents or data items, nonprocessing of documents or data items, or ensure in data preparation

♥ Three types of control totals:i. Financial totals

- are summaries of field amounts for all the records in a batch that are normally computed as a result of processing

ii. Hash totals- are summaries of field amounts

for all records in the batch that are computed only for control purposes

iii. Record counts- are totals of the number of

logical and physical records (if different) keyed during data preparation

c) Batch header record- a machine-readable record of the batch

control totals and is used by the computer during input or processing for automatic balancing of control totals

d) Batch transmittal and route slips♥ Transmittal slip

- includes the batch description and control totals

♥ Route slip- shows the organizational path of

transaction processing

e) Log- normally contains the batch sequence

number, job description, times of receipt and transmittal, and signature of responsible individuals

b. Key entry validation- the purpose is to detect inaccurate, incomplete,

inconsistent, or improper data through calculation and logical comparison

- most performed during input and processing but not during data preparation

Key entry validation includes:a) Logic tests

♥ Types of logic tests:i. Tests of data classification and

transaction codes are fairly easy.ii. Sign test

- used when a character or field should always be negative or positive

iv. Value test- can be used if a data field always

contains a certain valuev. Alphanumeric condition test

- used for characters that should be either alphabetical or numeric

vi. Field size test- used when the size of the field is

prespecifiedvii. Limit test

- determines whether a data value falls within certain limits

b) Check digit- a redundant digit calculated from the

number in an identification field and attached to that number

♥ modulus- the base multiplier and is usually

10 or 11♥ digit weights

- position multipliers applied to each digit in the field

c) Balancing of control totalsc. Key entry verification

- a method for detecting operator errors in the keying of data onto disk, tape, or some other input medium

- an expensive process Verification

- a duplicate process that requires a second operator to rekey the same set of source documents as a verifier

Verifier- compares the second keying with the first

keying of the data and identifies any difference for immediate or subsequent correction

3. Correction objective: To ensure that unreliable and improper data detected during data preparation are properly corrected and resubmitted.o Errors from source

- result from illegible source documents and errors in the preparation of the source documents

o Errors during data conversion- result from operator keying errors

Batch input the on-line reading of batch data from a machine-readable

medium such as disk or tape into primary storage this provides the opportunity to use a full range of programmed

data validation and editing tests to ensure that data are reliable and proper prior to processing

Objectives of application controls for reduction of data capture control risks:

1. Prevention objective: To ensure reliable and proper input of batch data. Each application should have written procedures to guide

the control clerk and the computer operators and should limit data to be entered at the computer console.

2. Detection objective: To ensure that unreliable and improper batch input is detected.o Application controls that can help meet this objective:

a. Batch controls- requires establishing control over batches upon

arrival from data preparation and reconciling batch data upon completion of the input and validation run

b. Input validation3. Correction objective: To ensure that unreliable and improper

data detected during batch input are properly corrected and resubmitted.o Application controls that can help meet this objective:

a. Controls to match error correction system design Three basic approaches:

a) Delay processing until entire batch is validated♥ Circulating error file

- common suspense file- used in correction with

generalized input data validation routines

b) Process validation and rejected transactions

c) Process valid transactions onlyb. Upstream resubmission

- submit all corrected transactions to the same input validation requirements used during the original input

c. Audit trail

CHAPTER 10 – ON-LINE ENTRY, PROCESSING, AND OUTPUT CONTROLS On-line entry

the entry of individual transactions directly into the computer via a terminal

Objectives of application controls for reduction of data capture control risks:

1. Prevention objective: To ensure reliable, proper, authorized, and valid transaction entry. Application controls for on-line transaction entry are

written procedures to guide the terminal operation and computer-assisted procedures to reduce the possibility of errors

o Written procedures- should cover the operation of the terminal as well

as application-related procedures for the referencing of files, entry of transaction and parameter data, correction of keying errors, and withdrawal of transactions with source errors

o Computer-assisted procedures include:a. Screen formats

- guide terminal operators in supplying the proper data in the proper location

b. Computer dialogue- conversation between the terminal operator

and the computer2. Detection objective: To ensure that unreliable and improper

data entry is detected.o Application controls that can help meet this objective:

a. Batch controls- depends on whether the transactions are

batched prior to entry Batching of transactions prior to entry

- means that the terminal is being used as a batch input device

Postentry batch control totals- control totals that can only be computed

upon completion of data entry for the transactions actually entered during a given time period

b. Data entry validation Types of validation tests:

a) Classification and code validity testsb) Valid character and field testsc) Limit testsd) Check digit testse) Data echo check tests

- provides the terminal operator with visual confirmation that the data have been properly entered and received by the computer

Three other validation tests:a) record confirmation check

- an extension of the data echo check- instead of simply echoing the input

data back to the terminal, descriptive file data are added to the echo

b) inclusion of verifying data- involves the input of an item of

reference data from the master-file record in addition to the transaction identification data

c) data approval test- can be used to determine that the

transaction does not violate management policies