1 / 24

Chapter 9

Chapter 9. Controlling Information Systems: Application Controls. Learning Objectives. Know steps in control framework Be able to prepare control matrix Know generic application control plans Describe how these controls accomplish control goals

edwardstevens
Download Presentation

Chapter 9

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 9 Controlling Information Systems: Application Controls

  2. Learning Objectives • Know steps in control framework • Be able to prepare control matrix • Know generic application control plans • Describe how these controls accomplish control goals • Appreciate importance of controls to organizations with ERP systems • Appreciate importance of controls to organizations involved in E-Business

  3. Control Matrix • Control Goals of the • Control Goals of the Information System Operations System Ensure For transaction For the Master effectiveness Ensure inputs, ensure: File, ensure: of operations by efficient ensuring the employment Ensure following of security of IV UA IC IA UC systems goals: resources resources • Recommended A B Control Plans P-1 Immediately endorse incoming checks • P -1 M-1 M-1 M-1 M-1 Immediately separate checks & RAs P-2 P-2 P-2 P-2 P-2 Plan 3 (describe) M-2 Plan 4 (describe) M-2 M-2 M-2 Key: IV - Input validity I C - Input completeness IA - Input accuracy UC - Update completeness UA - Update accuracy • Four key elements: • Control goals • Recommended control plans • Cell entries • Explanations of cell entries A = To accelerate cash flow by promptly depositing cash receipts B = To ensure compliance with compensating balance agreement • P-1: “deposit only to the account of Causeway Company”

  4. Systems Flowchart: Data Entry Without Master Data Data Entry Clerk 1 Data Entry Devices (Networked PCs) Start P-1 Input document Key document Edit Input P-5 P-3 M-1 Display input or error P-4 Transaction data Remove discrepancies if any P-7 Key corrections/ accept input Record input Accepted for processing P-6 Input documents A

  5. Systems Flowchart: Data Entry With Master Data

  6. Processing Steps • Transaction occurs • Record in transaction file • Update master files • Generate outputs

  7. Processing Modes • Periodic • transactions posted after delay • master files updated after delay • output generated after delay • Immediate - all three done immediately • Combination • immediate posting; delayed update/generation • immediate posting & update; delayed generation

  8. Immediate, online processing

  9. Control Matrix • Control Goals of the • Control Goals of the Information System Operations System Ensure For transaction For the Master effectiveness Ensure inputs, ensure: File, ensure: of operations by efficient ensuring the employment Ensure following of security of IV UA IC IA UC systems goals: resources resources • Recommended A B Control Plans P-1- Document design P-1 P-1 P-1 P-2 Written approvals P-2 P-3: Prenumbered forms P-3 P-3 P-3 P-4: Online prompting P-4 P-4 P-4 P-5 Programmed edit checks P-5 P-5 P-5 P-6: Interactivefeedback checks P-6 M-1: Key verification M-1 P-7: Procedures forrejected inputs P-7 Key: IV - Input validity I C - Input completeness IA - Input accuracy UC - Update completeness UA - Update accuracy A =To ensure timely processing of data B = (describe)

  10. Online processing control plans • P-1 Document design. Source document is designed in such a way that makes it easier to prepare initially and later to input data from the document • P-2 Written approvals.A signature or initials on a document to indicate that a person has authorized the event.

  11. Online processing control plans (cont.) • P-3: Preformatted screens • help guide entry of data. May fix length of fields, “case” of field entered. Cursor moves to fields. • P-4: Online prompting • program prompts user to work in sequence and asks questions that control operations.

  12. Online processing control plans (cont.) • P-5: Programmed edit checks • automatically performed when data entered • Reasonableness (limit checks) - tests whether data fall within predetermined limits. (< $5,000/wk pay) • Dependency - logic of data entered to other data entered. • Math accuracy - does math independently; checks user’s calculations

  13. Online processing control plans (cont.) • Programmed edit checks (Cont) • Format checks - tests format on input • missing data • alpha in alpha fields; numbers in numeric fields • input field proper size • input field within set range (ex. - customer #s) • P-6: Interactive feedback checks • feedback to user that entry is accepted/rejected

  14. Online Processing Control Plans (cont.) • M-1: Key verification • Documents keyed by one individual and rekeyed by another individual. Very expensive • P-7: Procedures for rejected inputs • designed to ensure that rejected data - not accepted for processing - are corrected and resubmitted for processing.

  15. Control Matrix Control Goals of the Control Goals of the Information System Operations System Ensure For transaction For the Master effectiveness Ensure inputs, ensure: File, ensure: of operations by efficient ensuring the employment Ensure following of security of IV UA IC IA UC systems goals: resources resources Recommended A B Control Plans P-1 Enter data close tooriginating source P -1 P -1 P -1 P -1 P-2 P-2 P-2: Digital signatures P-2 P-3: Populate inputswith master data P-3 P-3 P-3 P-3 P4: Compare input data with master data P-4 P-4 P-4 P-4 Key: IV - Input validity I C - Input completeness IA - Input accuracy UC - Update completeness UA - Update accuracy A = Ensure timely processing of inputB= (describe)

  16. Control Plans - Batch • Calculate batch totals - • Document/record counts • Item or line counts • Dollar totals • Hash totals - total of fields not normally totaled • Example - invoice #s, part #s, social security #s • Computer agreement of batch totals • batch total calculated manually and entered with batch • computer accumulates batch total during processing • computer generates report comparing totals

  17. Control Plans - Batch (cont.) • Manual agreement of batch totals • similar to above except manually calculated batch totals not submitted to computer • computer produces report with batch total • person compares two and takes appropriate action • Sequence checks • applies to sequentially numbered documents; account for all numbers in sequence to find missing docs. • also applies to sequentially numbered batches of documents to ensure they are in order

  18. Control Plans - Batch (cont.) • Key verification • extremely expensive control plan where a second data entry person keys in source data to compare with data already entered. Rarely used in practice. • Written approvals • requirement that handwritten signatures be affixed to documents indicating approval/authorization • Computer preparation of business documents • part of output of computer process • more efficient (and legible) than manual processes

  19. Control Plans - Batch (cont.) • Rejection procedures • establish procedures to be followed when errors are entered and erroneous records rejected by computer • may write rejected records to suspense file and require periodic follow-up • Prerecorded data • examples: serial numbers, MICR a/c #s, dept. #s • printed on forms so that manual entry not required • Turnaround documents - prerecorded data to capture input on subsequent processing. Ex: RA stub attached to invoice

  20. Learning Objectives • Know steps is control framework • Be able to prepare control matrix • Know generic application control plans • Describe how these controls accomplish control goals • Appreciate importance of controls to ERP • Appreciate importance to E-Business

More Related