Chapter 14 System Controls

A Quote “The factory of the future will have only two employees, a man and a dog. The man will be there to feed the dog. The dog will be there to keep the man from touching the equipment.” Warren Bennis

Learning Objectives l To understand controls in computer-based accounting systems. l To learn the objectives of system controls - preventive, detective, corrective. l To study general controls and application controls.

System Controls l Internal Controls implemented in a computer-based accounting information system are called system controls.

Objectives of Controls l Preventive Controls »e.g. credit card approval check, valid account check, valid purchase order check, check authorization, segregation of duties... l Detective Controls »e.g. Trial balance, using pre-numbered forms, requiring documentation of program changes... l Corrective Controls »e.g. policy of writing an adjusting entry to correct an error found in the trial balance, procedures to change a program...

Scope of Controls l General Controls »Controls affecting all applications l Application Controls »Controls specific to applications

What are some of the General Controls ? l Organization of the MIS department such that there is segregation of duties »Systems Analysts and Programmers »Computer Operators and Programmers »Data Control and Librarian l Procedures for system and program changes »Formal review and authorization for new systems »Adequate documentation »Formal testing procedures for new and modified systems »Authorization and documentation for changes made in systems

General Controls Contd... l Hardware controls »Parity check »Dual read »Read after Write »Echo check

General Controls Contd... Access Controls l Segregation of duties l Identification and Authentication Procedures »Userid and password »Automatic callback »Limited data file access - read/write access l Physical security »only authorized personnel should be allowed to enter the data center, tape library, computer operations desk.

General Controls Contd... l Other data and procedure controls »File backup procedures. »Batch and Batch with on-line inquiry - grandfather- father-son technique. »On-Line real time systems - file dumps and transaction logs.

General Controls Contd... Contingency Plans l Adequate insurance for lost equipment, software and business loss. l Designated alternative processing location. l Identifying vital applications. l Off-site storage location. l Assigning responsibility to carry out the contingency plan.

What are some of the Applications Controls ? l Input Controls l Processing Controls l Output Controls

Input Controls Data Validation (preventive control) l Field check (e.g. Numeric field should contain numeric data) l Validity check (e.g. Valid account numbers) l Sign Check (e.g. positive) l Limit check (e.g. age field should be between 20 and 65, weekly hours worked should be less than 80, l Sequence check (e.g., check no., transaction no.) l Completeness check (no blank amounts or no blank accounts) l Default values e.g. if a field is blank, assume a default value.

Input Controls Contd... l Check Digits »self checking number (modulus 11) l Control Totals (used in detective controls) »Batch total - used in a batch system. »Amount or Quantity total - serves as control total and used for decision maker. »Hash total - only serves as control total e.g. sum of account numbers. »Record count.

Input Controls Contd... Direct data entry procedures l Source input documents. e.g. Optical character reader for multiple choice exam forms l Turnaround documents (magnetic ink character reader) l Point of sale data entry (Cash registers acts as computer terminal)

Processing Controls l Sequence Checks »confirms the sort order l Run-to-run Controls »uses control totals l Physical File Identification »external file labels »internal file labels l Programmed Controls »crossfooting check

Output Controls l To ensure the accuracy of the results of processing. l To ensure that only authorized personnel receive the reports produced by an application. l Performed by data control group. l Output distribution log.

End of Chapter 14