Types of controls
- Input:
- capturing and documentation
- Control on Screen
- PC and logical controls
- Review and investigation
- Corrections - processing
- General IT Controls
- correct program and file
- PC control → Control totals
- Control during processing
- log, review and investigation - Output
- General It controls
- Distribution
- receipt
- logs, reviews and investigation - masterfile amendments
- General It controls
- Request
- Input controls
- logs, review and investigation → fin data
Types of data entries and processing
- Batch entry and batch processing
- Online entry and batch processing
- Online entry and real time processing
Input control risk
- Unauthorised data entry (transactions)
- Data added/amended/deleted without authorisation
- Errors during the creation of data
- Errors during the capturing/entering of data
- Errors during correction or re-entry of previously rejected data
- Data lost during capturing
- Previously made errors going uncorrected
Input controls: preventive
Capturing and documentation:
- General IT Control (SOD, access control, training)
- Source doc (Efficient design, pre-numb)
- Sequence check numbers
On screen controls:
- screen design
→ User friendly
→ similar to Source doc
-Capturing of transactions
→ Data control group→ transaction to online → min data entry→ reduce required inputs by capturing from MF
-Computer
→prompting
→ Compulsory fields test
→ Data echo test
- visual verification
Input controls: Detective
PC and logical controls:
- validation test-performed by the computer
- validity and authorisation
→ validity test (check account number to MF) → limit test
-Accuracy
→ alphabetic / alphanumeric/numeric test
→ sign test
→ Related data (Inv to GRN)
→ Field length or Field size test = ID is 13 numbers →Reasonibility test(ie discount rate double the usual)
-Completeness
→ Field length and field size
→ test all inputs are completed
Input control: corrective
-Identify
→ error message
→ Register list/log(Audit trial)
= I register for accepted transactions
= another register fa failed transactions “suspense file” = transaction file connected to each suspense file→ Find origin -Investigation
→ Error register “suspense file” → by hand → Back to Sender
→ Investigate error → Input to source doc - Correction
→ Input error
= Immediate message = Immediate correction
=Delayed error =suspense file= check=back to sender
→ source doc
= suspense file back to senter for changes management follow up → Correct error → validity test → Sent for processing
Processing risk
data might be lost during processing;
Invalid data may be added during processing;
data might be changed during processing;
Calculation- or accounting errors can occur;
logical and rounding errors in program may occur;
Wrong program / version of data file may be used.
Processing controls: Preventive
General IT controls
- Access controls
→transactions
→ Standing Data (MF)
→ during processing
-SOD
→ Knowledge of inputs
- Back ups →proir to processing
program and files
-librarian → program
- Internal and external file labeling
→ version of data
→ latest/most accurate version
Processing controls: Detective
Control totals and reports:
- Job Scheduling
→ Run-to-run checks
= Sequential numbers are accurate transaction to transaction
- Control total recon
→ Control reports = computer
→ Batch processing (Financial/hash/record)
= Calculate Input total and compare processing total → File balancing (shadow balances)
= Balance/number of items on captured, amended and stored in an indépendant file
Reports
-clear Audit trial
→ Control report
→ Error reports
→ Exception reports
= possible errors (unusual items)
= Data controls (review of reports)
Processing controls: corrective
Master files
Transaction file: Info on individual transactions used to update Masterfile
Masterfile: Store standing information and balance totals
Updating MF: By transaction data captured from transaction files (normal processing)
Changing MF: To existing data; mostly non-financial
Masterfile: Preventive
General IT controls
- Access Control
→ physical access=terminal
→ logical=Usernameandpasswards
-SOD
-Back ups → before new processing
Request
- Written request
→ masterfile changes form
→pre-numbered
→ Written authorisation by senior staff Input
Input
- Validation tests on changes
→ check info isn’t registered
→ field test applicable?
Masterfile: Detective
Review of log and registers
= clear audit trial
→ Register log of changes
= Sequence number per date→ check to inputs
=limited access’’ read only’’
=Review regularly → compare to change form
→ control over report=compare to changes
→ Exceptions report = unusual changes
Output: risks
→ Distribution to unauthorised persons
→ output incomplete or inaccurate
→ Does not agree with resulting processing
Output: preventive
General IT controls
- Allocate responsibility (SOD and organisational structures) - Access Control
→ On Screen
=passwards
= Read receipts on does
=seperate cloud = ie Trade
→ print outs
= Key cards (auth)
= passwords ( auth)
Distribution
- written procedure
→ Distribution Schedule
= What, when
= Calendar and email
→ Distribution list
I who is authorised
-Distribution
→ Data control group
→ sign distribution register receipt
→ user reviews output on receipt
= Number of pages, table of contents
= makes sense
= Input vs Output
Output controls: detective
Review
Before distribution review
→ Reconcile output and input totals
→ Sequence check report number
→ series check page numbers
→description
→ No messages “empty reports”
-Recon distribution list and register
Output control: Corrective
Correction
- source documents or processing errors
- Error register maintained and reviewed regularly
