Auditing 378
Computer Information Systems (CIS) Environment
Introduction:
- Exists wherever a computer is used (irrespective of whether a 3rd party, or the entity,
operates it)
- Takes part in the processing of financial information of an entity
- The use of a computer impacts on:
o Generation of transactions;
o Processing of transactions;
o Storage of data; and
o Communication of information
o The accounting and system of internal controls [basically the same system, just
adding a computer to it]
Underlying principles:
- General controls
- Framework of controls of Information-Systems activities
- Purpose: To ensure that CIS is developed, implemented, maintained and operated
adequately.
Control environment, security policy & organisational controls
Systems development and program change controls
Access controls
Business continuity
Operating and system maintenance controls
- Application controls
- Manual controls and automated controls over transactions
- Purpose: To ensure validity, accuracy and completeness of transactions and data
(including the maintenance of Master File data)
To initiate, record -> input
To process and -> processing
To report -> output
As well as to change information -> masterfile changes
Factors specific to CIS
- Concentration of functions and information (ie. Previously done by hand, but now done by
using IT -> risk of errors)
- Lack of audit trail (as processes are automatic once input is achieved)
- Lack of segregation of duties (as processes are automatic once input is achieved)
- Initiation and processing of transactions (Limited controls to what your system can do)
- Internal Controls are dependant on CIS
- Uniform processing of transactions (ONE mistake affects all transactions)
- Potential for increased management supervision
Questions:
1. Discuss the terms of a CIS
2. Discuss general controls
3. Discuss application controls
4. Explain the relationship between the above three
5. List the additional risks in a CIS
6. Discuss the basic components of a CIS
7. Describe the different kinds of computer systems
Computer Information Systems (CIS) Environment
Introduction:
- Exists wherever a computer is used (irrespective of whether a 3rd party, or the entity,
operates it)
- Takes part in the processing of financial information of an entity
- The use of a computer impacts on:
o Generation of transactions;
o Processing of transactions;
o Storage of data; and
o Communication of information
o The accounting and system of internal controls [basically the same system, just
adding a computer to it]
Underlying principles:
- General controls
- Framework of controls of Information-Systems activities
- Purpose: To ensure that CIS is developed, implemented, maintained and operated
adequately.
Control environment, security policy & organisational controls
Systems development and program change controls
Access controls
Business continuity
Operating and system maintenance controls
- Application controls
- Manual controls and automated controls over transactions
- Purpose: To ensure validity, accuracy and completeness of transactions and data
(including the maintenance of Master File data)
To initiate, record -> input
To process and -> processing
To report -> output
As well as to change information -> masterfile changes
Factors specific to CIS
- Concentration of functions and information (ie. Previously done by hand, but now done by
using IT -> risk of errors)
- Lack of audit trail (as processes are automatic once input is achieved)
- Lack of segregation of duties (as processes are automatic once input is achieved)
- Initiation and processing of transactions (Limited controls to what your system can do)
- Internal Controls are dependant on CIS
- Uniform processing of transactions (ONE mistake affects all transactions)
- Potential for increased management supervision
Questions:
1. Discuss the terms of a CIS
2. Discuss general controls
3. Discuss application controls
4. Explain the relationship between the above three
5. List the additional risks in a CIS
6. Discuss the basic components of a CIS
7. Describe the different kinds of computer systems
