General Control and Aplication Controls
Rujukan: Wilkinson Ch.8
__________________________________________________________
-
Topik Perkuliahan
Kategori
-
Komentar Terakhir
Vimala di Kuliah Sistem Informasi Akunta… gunawan di Kuliah Sistem Informasi Akunta… Igna Radia 023060564… di Topik 8 Igna Radia 023060564… di Topik 11 Igna Radia 023060564… di Topik 12 Mei 2007 S S R K J S M 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 Meta
-
Blog Stats
- 17,464 hits
CHAPTER 8
GENERAL CONTROLS AND
APPLICATION CONTROLS
Control may relate to manual AISs, to computer-based AISs, or both.
Control may be group into General control, Application control, and Security Measures. And it may be group in preventive control, detective control, and corrective control.
General control pertains to all activities involving a firm’s AIS and resources (asssets).
The following are the primary general control groupings for information processing systems:
• Organizational or personnel controls. A firm’s organizational structure represents an underlying control because it specifies the work relationships of employees and units.
• Documentation controls. There an example of segregation of duties in a sequential processing application: data control unit, data preparation unit, computer operations, and data library unit.
• Asset accountability control. It consists of Accounting subsidiary ledgers, reconciliations, acknowledgement procedures, logs and registers, reviews and reassessments, and reassessments.
• Management practice control. Various general control are needed to counteract management-related risks, including human resources policies and practices, commitment to competence, planning practices, audit practices, and management and operational controls.
• Information center operation control. These controls pertain mainly to computer-based systems and may be subdivided into (1) computer operating procedures, and (2) computer hardware and software checks.
• Authorization controls. It establishes standard conditions under which transactions are approved and executed.
• Access controls. It can be grouped under manual cross-checks, processing logic checks, run-to-run controls, file and program checks, and audit trail linkages.
GENERAL CONTROLS AND APPLICATION CONTROLS
*Control may relate to manual AISs, to computer-based AISs, or both.
*Control may be group into:
1. General control
2. Application control
3. Security Measures
4. Preventive control
5. Detective control
6. Corrective control.
*The following are the primary general control groupings for information processing systems:
1. Organizational or personnel controls. A firm’s organizational structure represents an underlying control because it specifies the work relationships of employees and units.
2. Documentation controls. There an example of segregation of duties in a sequential processing application: data control unit, data preparation unit, computer operations, and data library unit.
3. Asset accountability control. It consists of Accounting subsidiary ledgers, reconciliations, acknowledgement procedures, logs and registers, reviews and reassessments, and reassessments.
4. Management practice control. Various general control are needed to counteract management-related risks, including human resources policies and practices, commitment to competence, planning practices, audit practices, and management and operational controls.
5. Information center operation control. These controls pertain mainly to computer-based systems and may be subdivided into (1) computer operating procedures, and (2) computer hardware and software checks.
6. Authorization controls. It establishes standard conditions under which transactions are approved and executed.
7. Access controls. It can be grouped under manual cross-checks, processing logic checks, run-to-run controls, file and program checks, and audit trail linkages.
SUMMARY OF CHAPTER 8 GENERAL CONTROL AND APPLICATION CONTROLS
Control are classified in a variety of ways as controls for manual system and controls for computer based system: as preventive controls, detective controls, corrective control; and as general controls and application controls. The following are the primary general control groupings for information processing system: organizational controls, documentation controls. Asset accountability controls, management center operations controls, authorization controls, and access controls.
CLASSIFICATION BY RISK AVERSION
Control may be classified according to the ways they combat the risk to which a firm and its information are exposed. Preventive controls stop adverse events from occurring, such as errors of financial losses. Preventive controls tend to be passive in nature. Detective controls discover threats that have occurred. They are more active than preventive controls. Corrective control aid in fixing the causes of adverse threats that have been detected.
GENERAL CNTROLS. General controls pertain to all activities involving a firm’s accounting information system and resources (assets). These include controls encompassed by the internal control environment, as well as the other components of the internal control. The controls covered here are found under the control activities component of the internal control structure. The primary general control groupings for information processing systems; (1) organizational controls, (2) documentation controls, (3) asset accountability controls, (4) management practice controls, (5) information center operations controls, (6) authorization controls, and (7) access controls.
APPLICATION CONTROLS. Application controls relate to the processing of specific accounting tasks or transactions and may be called transaction controls. Application or transaction controls roughly parallel the AIS. The overall objectives of application controls are to help ensure that all transactions are legitimately authorized and accurately recorded, classified, processed, and reported. Application control are generally subdivided into input, processing and output controls.
Chapter8: GENERAL CONTROL AND APPLICATION CONTROL
classification by risk aversion:
- preventive control : stop adverse events from occuring
- detective control : discover threats that have occured
- corrective control: aid in fixing the cause of adverse threats that have been detected
classification by settings:
-general control : pertain all activities involving firm’s Accounting Information System and resources. It is divided into:
1. organization control
2. documentation control
3. asset accountability controls
4. management practice control
5. information center operation controls
6. authorization controls
7. access controls
-Application control : relate to the processing of specific accounting task or transaction. it is divided into:
1. input control
2. processing control
3. output control
CHAPTER 8
(summary of chapter
General Control and Application Controls
Control are classified in a variety of ways as controls for manual system and controls for computer based system:
- preventive controls: stop adverse events from occurring.
- detective controls: discover threats that have occurred.
- corrective control: aid in fixing the cause of adverse threats that have been detected.
- general controls: all activities involving a firm’s accounting information system and resources (assets).
- application controls: the processing of specific accounting tasks or transactions and may be called transaction controls.
The following are the primary general control groupings for information processing systems:
1. Organizational or personnel controls.
A firm’s organizational structure represents an underlying control because it specifies the work relationships of employees and units.
2. Documentation controls.
There an example of segregation of duties in a sequential processing application: data control unit, data preparation unit, computer operations, and data library unit.
3. Asset accountability control.
It consists of Accounting subsidiary ledgers, reconciliations, acknowledgement procedures, logs and registers, reviews and reassessments, and reassessments.
4. Management practice control.
Various general control are needed to counteract management-related risks, including human resources policies and practices, commitment to competence, planning practices, audit practices, and management and operational controls.
5. Information center operation control.
These controls pertain mainly to computer-based systems and may be subdivided into: computer operating procedures, and computer hardware and software checks.
6. Authorization controls.
It establishes standard conditions under which transactions are approved and executed.
7. Access controls.
It can be grouped under manual cross-checks, processing logic checks, run-to-run controls, file and program checks, and audit trail linkages.
Application control, it is divided into:
1. input control
2. processing control
3. output control
CONTROL CLASSIFICATIONS
Classification by risk aversion
Controls may be classified according to the ways they combat the risks to which a firm and its information are exposed. Preventive controls stop adverse events from occurring, such as errors or financial losses. Detective controls discover threats that have occurred. They are more active than preventive controls. An example of a detective controls is visually verifying data for errors immediately after entering the data via microcomputer’s keyboard. Corrective controls aid in fixing the causes of adverse threats that have been detected. For example, information that the level of an inventory items is too low may trigger a suitable request to order more inventory.
Classification by settings
General controls pertain to all activities involving a firm’s accounting information system and resources (assets). Application controls relate to the processing of specific accounting tasks or transactions and may be called transaction controls. Application or transaction controls roughly parallel the AIS. Another group controls does not fit comfortably into either category. These controls, which we will call security measures, are intended to provide adequate safeguards over access to and use of assets and data records.
GENERAL CONTROLS
The following are the primary general control groupings for information processing system:
1. Organizational controls
2. Documentation controls
3. Asset accountability controls
4. Management practice controls
5. Information center operations controls
6. Authorization controls
7. Access controls
Organizational controls
A firm’s organizational structure represents an underlying control because it specifies the work relationships of employees and units. The central control objective, when designing the organizational structure, is to establish organizational independence. When properly provided through a careful and logical segregation of assigned duties and responsibilities, organizational independence results in a complete separation of incompatible functions. It involves two or more employees or organizational units in each procedure, who can be assigned to check on the work of one another. Thus errors made by one employee or unit will be detected by another, and fraud can be perpetrated only by collusion.
Manual system
Authorizing, recordkeeping, and custodial functions should be separated in manual systems.
Computer based systems
Organizational independence should also be maintained in computer based system. The mayor segregation of responsibilities is between system development task, which create systems, and data processing tasks, which operate systems. The system development function is concerned with analyzing, designing, programming, and documenting the various applications needed by user departments and the firms as a whole. The data processing function has responsibility for ensuring that transaction data are processed and controlled and the related files and other data sets are properly handled.
Technical services have responsibilities with respect to computer related areas such as data communications, system programming, and decision modeling. Data base administration is concerned with all aspects of the data resources.
Documentation controls
Documentations consists of procedures manuals and other means of describing the AIS/MIS and its operations. It also should include those aspects of a firm that have impact on the AIS, such as policy statements, organization charts, and job description. Documentation is an important cog in the internal control structure; it helps employees to understand and interpret policies and procedures.
Manual systems
Documentation for manual systems should include all of the following components: source documents, journals, ledgers, reports, document outputs, charts of accounts, audit trail details, procedural steps record layouts, data dictionaries, and control procedures.
Computer based system
All of the documentation appropriate to manual system is also needed in computer based system. Computer related documentation concerns system itself and the persons who interface with it. Types of documentation needed in computer based systems:
1. Systems standard documentation. Includes policy statements pertaining to system development and other systems related matters, usually describes suitable methods and procedures for analyzing, designing, and implementing information systems modules.
2. Systems application documentation. Includes the purposes of the application and descriptive materials.
3. Program documentation. Include program flowcharts or other logic diagrams, and information pertaining to operations, testing, changes, and errors.
4. Data documentation. Includes the description of data elements stored within the firm’s data base
5. Operating documentation. Includes all of the performance instructions needed to execute computer programs, plus instructions for distributing the outputs.
6. User documentation. Include instructions for entering data on source documents, information relating to the formats and uses of reports, and procedures for checking for and correcting errors in data.
Control of documentation
A system should be in place to ensure that documentation is not only prepared and kept up-to-date but also properly secured and controlled.
Computer generated documentations
In large firms the computer can automatically prepare much of an application’s documentation. CASE and other software packages can replace handwritten documentation with computer generated documentation.
Asset accountability controls
Specific asset accountability controls that help ensure that assets are properly valued in the accounting records include the use of subsidiary ledgers, reconciliations, acknowledgement procedures, logs and registers, and reviews and reassessments.
Management practice controls
System change procedures
Changes in a computer based information system most often pertain to application programs of the database. If the changes pertain to an application program, it should be initiated by a user department manager who explains the needed change in writing. The requested change should then be approved by the systems development manager. After approval the change or addition is assigned to system personnel.
New system development procedures
The design and development of new computer based application require controls similar to those needed for system changes. Each request for development of new systems or modifications to existing ones should be initiated by either a user department manager or a higher level manager.
Information system operations controls
Computer operating procedures
Data processing schedules should be prepared as far in advance as feasible and revised as necessary. Preventive diagnostic programs should be employed to monitor the hardware and software functions, so that existing or potential problems may be detected.
APPLICATION CONTROLS
These controls that pertain directly to the transaction processing systems. The overall objectives of application controls are to help ensure that all transactions are legitimately authorized and accurately recorded, classified, processed, and reported.
Authorization controls
A general authorization establishes standard conditions under which transactions are approved and executed. A specific authorization pertains to a particular event, with the conditions and parties specified.
Input controls
Input controls would detect errors such as omitted employee time records, omitted customer numbers on sales order, and unreasonable order quantities. Input controls are especially important to direct processing and/or immediate processing systems. Errors in data are quickly spread through such systems and can be quite difficult to detect after leaving the input stage.
Processing controls
Manual cross check
One type of check involves one person on checking the work of others. Another type of check is a form of acknowledgment
Processing logic checks
Sequence check is appropriate when performing sequential processing. Its purpose is to detect when records are not in proper order.
Run-to-run controls
Batched data should be controlled during processing runs, so that no records are omitted from or no unauthorized records are inserted into transaction file. The processing program thus should compute and print batch totals with respect to each run, usually on an exception and summary report.
File and program changes
To ensure the posting of transactions to the proper master files, processing programs should verify that the master files are correct before processing begins. Processing program should periodically be checked for validity.
Audit trail linkages
A clear audit trail needed to enable individual transactions to be traced, to provide to changes in general ledger account balances, to prepare financial reports, and to correct transaction errors or lost data.
Output controls
The outputs provided by an information system should be complete and reliable and should be distributed to the proper recipients. The outputs generated during processing should be distributed only to proper users. Distribution can be controlled by means of distribution registers. By reference to the registers, the control group should distribute the outputs directly and in timely manner, recording the distribution in the control log.
CHAPTER 8
General Control and Application Controls
Control may relate to manual AISs, to computer-based AISs, or both.
General Controls
The following are the primary general control groupings for information processing system:
1. Organizational controls
2. Documentation controls
3. Asset accountability controls
4. Management practice controls
5. Information center operations controls
6. Authorization controls
7. Access controls
1. Organizational or personnel controls. A firm’s organizational structure represents an underlying control because it specifies the work relationships of employees and units.
2. Documentation controls. There an example of segregation of duties in a sequential processing application: data control unit, data preparation unit, computer operations, and data library unit.
3. Asset accountability control. It consists of Accounting subsidiary ledgers, reconciliations, acknowledgement procedures, logs and registers, reviews and reassessments, and reassessments.
4. Management practice control. Various general control are needed to counteract management-related risks, including human resources policies and practices, commitment to competence, planning practices, audit practices, and management and operational controls.
5. Information center operation control. These controls pertain mainly to computer-based systems and may be subdivided into
(1) computer operating procedures
(2) computer hardware and software checks.
6. Authorization controls. It establishes standard conditions under which transactions are approved and executed.
7. Access controls. It can be grouped under manual cross-checks, processing logic checks, run-to-run controls, file and program checks, and audit trail linkages.
Application control, divided into:
1. input control
2. processing control
3. output control
CHAPTER 8
GENERAL CONTROL AND APPLICATION CONTROL
I. CLASSIFICATION BY RISK AVERSION :
- preventive control : stop adverse events from occuring
- detective control : discover threats that have occured
- corrective control: aid in fixing the cause of adverse threats that have been detected
II. CLASSIFICATION BY SETTINGS:
General controls pertain to all activities involving a firm’s accounting information system and resources (assets). Application controls relate to the processing of specific accounting tasks or transactions and may be called transaction controls. Application or transaction controls roughly parallel the AIS. Another group controls does not fit comfortably into either category. These controls, which we will call security measures, are intended to provide adequate safeguards over access to and use of assets and data records.
Accounting Information System and resources. It is divided into:
1. organization control
A firm’s organizational structure represents an underlying control because it specifies the work relationships of employees and units.
2. documentation control
There an example of segregation of duties in a sequential processing application: data control unit, data preparation unit, computer operations, and data library unit.
3. asset accountability controls
It consists of Accounting subsidiary ledgers, reconciliations, acknowledgement procedures, logs and registers, reviews and reassessments, and reassessments.
4. management practice control
Various general control are needed to counteract management-related risks, including human resources policies and practices, commitment to competence, planning practices, audit practices, and management and operational controls.
5. information center operation controls
Includes all of the performance instructions needed to execute computer programs, plus instructions for distributing the outputs.
6. authorization controls
It establishes standard conditions under which transactions are approved and executed.
7. access controls
It can be grouped under manual cross-checks, processing logic checks, run-to-run controls, file and program checks, and audit trail linkages.
III. Application control : relate to the processing of specific accounting task or transaction. it is divided into:
1. input control
Input controls would detect errors such as omitted employee time records, omitted customer numbers on sales order, and unreasonable order quantities. Input controls are especially important to direct processing and/or immediate processing systems. Errors in data are quickly spread through such systems and can be quite difficult to detect after leaving the input stage.
2. processing control
-Manual cross check
-Processing logic checks
- Run-to-run controls
- File and program changes
- Audit trail linkages
3. output control
The outputs provided by an information system should be complete and reliable and should be distributed to the proper recipients. The outputs generated during processing should be distributed only to proper users. Distribution can be controlled by means of distribution registers. By reference to the registers, the control group should distribute the outputs directly and in timely manner, recording the distribution in the control log.