Information Systems and Processing Controls - Assignment Example

Processing controls Information systems that are considered to be well designed can prevent both intentional and un-intentional alteration and destruction of data. These data controls can be classified as (a) input controls, (b) processing controls, and (c) output controls Control Category Specific Controls Contribution to Data Reliability Input Controls They correct and screen out data that is bad before they enter the system. Nicoletti (2011) argues that input controls enable the separation of activities into a secure manner. Ensures that the information entered into the computer is accurate, authorized, and complete. Provision of a reasonable assurance that the submitted data for processing are complete and accurately translated like batch totals, validity checks (Xi, 2012). The input controls verify the visual view of source documents to avoid large number of input errors. Processing Controls They compare the predetermined totals so as to detect the duplications, missing amounts, and the trans-positional errors (Merten & Severance, 2010). Prevents and detects errors while the information is being processed. According to Merten and Severance (2010) found out that they comprise of run-to-run totals, conditional statements and limit checks. The objective program accomplishes the desired tasks and compares information (Merten & Severance, 2010). Output Controls Compares results with the intended results checking them against input. The data entered into the computer is valid, accurate and complete (Burch, 2012). Deitel (2011) reported that input controls focuses on detecting errors on completion of processing rather than error prevention. Authorization of receivers of reports. Assures accuracy of the processing result and receipt of the output data Advantages of using computer audit software Computer assisted audits have increased speed because manually most time is spent on routine calculations. On the contrary, a computer program quickly runs through the financial statements and compiles the data and figures. It also reduces the cost of hiring as the cost of obtaining a computer auditing software is cheaper compared to hiring of an auditor. Moreover, they provide balances and checks that are only spotted on calculation errors in the business books, and the also the mismatched entry of items. According to Tyler (2013) found out that audit software aided the auditor in generating models and simulations that are of help to study the financial approach of the business, and how it can be restructured. In addition, the auditor can also use the model to judge the potential risk that is poised by the current system. The computer assisted audits lead to increased accuracy of the audit results by reducing the overall time spent on transactions. It also lessens disruption to business activities by reducing the amount of documentation you need to retrieve, thereby saving on your time and money. Tyler (2013) asserted that the program audit performed a wide variety of tasks like: recalling calculated interest from invoices; analytical procedures; testing the configuration of the operating system; re-performing the calculations that have been done by the accounting systems entity. Subsequent advantages are; there are long term economies, it reads the actual records, deals with large volumes of transactions. The schedules and reports that have been generated by the computer are more objective and professional thus enhancing communication of data. According to Wavomba (2010) reported that the organization gains assurance regarding the accuracy of the transactional data and the extent at which the business transactions adhere to controls and comply with policies. The consisted use of the automated transaction analysis and continuous monitoring enables real-time independent testing and validation of critical data. To sum up, it improves management of auditing procedures. Integrated Test Facility package (ITF) Integrated test facility package is a quality control responsibility that utilizes, monitors, and controls the dummy test data through existing programs and checks the existence and adequacy of program data entry controls and processing controls (Koch, 2009). This involves setting up the dummy entities on an application system and the production data against the entity as a way of verifying processing accuracy. It is also used in certifying electronic billers and new packages. It allows providers to submit test transmissions to the MMIS so as to ensure accuracy before processing in production. Moreover, it can be used to incorporate the test transactions into a normal production run of a system. . According to Koch (2009) argues that regular transactions and all types of invalid and valid transactions are to be blended to properly test the system in normal conditions. Periodic testing does not require separate test processes. The steps to be followed by the auditor include: i. Input the transactions and process them using the clients live system along side live data of the client. ii. Small sets of fictitious records are placed in the master file. iii. Selecting and preparing the test transactions to be passed through ITF. They must a representation of all the transactions the unit of the dummy emulates. iv. Fictitious and actual records are concurrently processed together. v. The auditor compares the dummy records’ output with the expected results as the controls verify the system’s correctness. Generalized Audit Software (GAS) package GAS is one of the tools of IT tools utilized by auditors to get evidence on the quality of records maintained and produced by the application systems. It consists of a series of computer programs that can actually select the desired information, read computer files, and perform the repetitive calculations. It provides an avenue of gaining access to and interrogating the data maintained on the storage media of the computer, thus assisting in basic audit work (Hall, 2011). GAS can accomplish the following tasks: examining records for consistency, quality, and correctness; making computations and verifying calculations; comparing data on separate file; data obtained through audit procedures is compared with the records of the company; selecting and printing audit samples; summarizing and re-sequencing data; performs various operations on the computer files used to store information. Steps to be followed include: i. Planning and designing the application of the audit. ii. Get the copies of the application files that are to be tested. iii. Ensure that the final reports and output are generated from the files that are being tested. iv. Making input forms of the package for these tests. v. Compiling the package on the computer clearing the reported errors in editing. vi. Attend execution of the package against copy files and maintaining the security of the copy files and data output. vii. Check the results and interface them with subsequent manual audit work. Control flowcharting package The control flowcharting is used to interpret the source code of the program and generates a flowchart corresponding to it. The software makes it much easier to update and modify flow charts. The most popular programs are Visio and SmartDraw. Breaks down the process into individual activities to be displayed in short hand form in a graphical presentation of data flow. Diagrammatic representation gives a step by step solution to any given problem. The flowcharts are used in designing, analyzing, and managing of a program or a process. The types of flowcharts include document, data, system, and program flowcharts (Nicoletti, 2011). Their major advantage is the ease of amendment and features that are automated thus creating a more professional looking chart as part of the documentation for the audit process. The steps to be followed include: i. Identify the objectives of the audit. ii. Understanding narrative descriptions of the system, prior audit papers, and laws. iii. Determine key control points to be used to produce, process data flow diagrams. iv. Adequate security procedures to ensure protection of user’s data. Program (parallel) simulation and modeling package It involves utilizing a program simulation and modeling package that uses actual data so as to conduct similar systemized process by using a different computer-logic program developed by the auditor (Deitel, 2011). It can also be used to seek answers to difficult audit problems within statistically acceptable confidence limits According to Buyya and Murshed (2009) suggested that the development of a parallel simulator is mainly hindered by lack of simulation tools like the SPaDE/C++ a parallel simulation environment for developing portable simulation models. In the parallel simulation model package, an efficient and accurate simulation of large parallel application can actually be facilitated by the use of parallel discrete-event and direct execution simulation. The simulation environment is composed of simulator kernel, the MPI communication library simulator (MPI-SIM), parallel I/O simulator (PIO-Sim), and the parallel file system simulator. In summary, the auditor does the comparison of the output from the auditor's software to output from the system of the client's to test the effectiveness of the client's software and to establish if the balance of the client is correct (Buyya & Murshed, 2009). Steps to be followed by the internal auditor are: i. Apply the computer audit program to the clients data files with the results obtained compared to the results done on the same file by the clients program. ii. Run the same data used in the company’s current application program using the simulated application program and the results compared against the simulated application. iii. Verify the resulting balances are actually derived from the input data and examining the disaster recovery plan. System Configuration a. Batch processing. The system handles large amount of data but it is periodically being processed in a very short time. According to Hall (2011) asserts that this makes it to be non-continuous. Since all transactions are being processed in a batch mode, the data is gathered into groups and processed as a single event. The ITF technique eliminates the need of transactions being reverse tested. b. It processes those activities that have deadlines thereby, eliminating customer errors being quick. Data is processed without significant delay and the results are relayed fast enough to influence ongoing activity. Requires a dedicated processing capacity to deal with data as they occur thus having a predictable response time. According to Dietel (2011) reported that user inter-phase of the real time system uses special input devices that provide data. c. It reduces the amount of paper documents in the system as digital form documents are effective, efficient, and adequate for purposes of audit trial. It has a certain level of consistency with regard to the amount of time it takes to accept an application’s task thus customer can immediately see results. Accounts receivables are separated from the general ledger control account. According to Nicoletti (2009) suggested that operational efficiencies are attained by processing data in batches because it eliminates critical points in the process. Better management of the inventory which leads to competitive advantage. Moreover, they are fewer clerical errors. d. Flowchart of the proposed new system Reference List Burch, C. (2012, December 5). Retrieved March 19, 2013, from Classification of Controls-Application Controls: http://www.hockinternational.com/forum/viewtopic.php?f=91&t=3818 Buyya, R., & Murshed, M. (2009). Concurrency and Computation: Practise and Experience. GridSim: a toolkit for the modeling and simulation of distributed resource management and scheduling for Grid computing , 14 (13-15), 1175-1220. Deitel, H. (2011). An Introduction to Operating Systems. IBM Systems Journal , 355-370. Hall, J. (2011). Information Technology Auditing and Assurance. Boston: Cengage Learning. Koch, H. (2009). Implementing an integrated test facility audit using differential files. Journal of Information Sytems , 3 (2), 126-135. Merten, A., & Severance, D. (2010). Data Processing Control. Belmont: Sage Publishers. Nicoletti, B. (2011). Lean and Digitise Sourcing. Journal of Internet and Information System , 2 (3), 85-98. Tyler L. (2013, August). Retrieved March 19, 2013, from Advantages and Disadvantages to an Assisted Audit: http://smallbusiness.chron.com/advantages-assisted-audit-20298.html Wavomba, Z. (2010). Advantages of Computers in Auditing. Journal on Auditing , 1 (1), 14-12. Xi, Y. (2012). Control and Optimization Techniques. International Journal of System Control and Information Processing , 134-155 Read More