Learein Roma

CompEd 411

Let’s Check
I. True or False:
False 1. Security refers to measures or techniques that prevent, detect, and/or
correct conditions that may lead to loss or damage to the business firm.
False 2. File labels are part of output controls.
False 3. Processing controls include shredding of sensitive documents.
True 4. The use of visitor entry log document those who have had access to the
area.
True 5. Control procedures that should be followed in the input data include specific
procedures that should be established for delivery of data to the computer
department.
False 6. Input manipulation is not a computer fraud.
False 7. The two types of controls are general control and software control.

II. Multiple Choice Questions

1. An employee in the receiving department keyed in a shipment from a remote
terminal and inadvertently omitted the purchase order number. The best systems
control to detect this error would be.
a. batch total c. sequence check
b. completeness test d. reasonableness check

2. Some of the more important controls that relate to automated accounting

information systems are validity checks, limit checks, field checks, and sign test.
These are classified as
a. control total validation routines b. hash totaling
c. data access validation routines d. input validation routines

3. The use of a header label in conjunction with magnetic tape is most likely to
prevent errors by the
a. Computer operator b. Keypunch operator
c. Computer programmer d. Maintenance technician
4. For control purposes, which of the following should be organizationally segregated
from computer operations function?
a. Data conversion b. Surveillance of CRT messages
Learein Roma
CompEd 411

c. Systems development d. Minor maintenance according to a schedule

5. Which one of the following terms best describes a decision support system
(DSS)?
a. Management reporting system b. Formalized system
c. Interactive system d. Accounting information system

Let’s Analyze
III. Questions:
1. Explain brief the concept and importance of system controls.
It is used to improve performance and increase productivity. It allows to prevent,

detect, and/or correct conditions that may lead to loss or damage to the business firm.

2. Distinguish briefly between general controls and application controls.

General controls are measures that ensure that a company’s control environment is

stable and well managed. These controls provide reasonable assurance that development of,

and changes to computer programs are authorized, tested and approved prior uses.

Application controls are controls over the input, processing, and output functions.

Wherein input controls try to ensure the validity, accuracy and completeness of the data

entered into the system. Process control aims to ensure that process variability is controlled

within specifically defined boundaries, and derived from current product and process

understanding, to guarantee quality of the product. Output controls govern the accuracy and

reasonableness of the output of data processing and prevent authorized use of output.

3. Enumerate and explain in your own words the components of General controls.
General controls comprise organizational/personnel controls, file security /software

controls, hardware controls, access to computer and data files controls or controls or access to

equipment and data files, and other data and procedural controls including security and

disaster controls.
Learein Roma
CompEd 411

Organizational controls focuses on the segregation of duties, file security/software

controls are the internal functioning of a computer, mainly through an operating system,

which also controls devices such as monitors, printers and storage devices. Hardware controls

are tangible and built-in controls that detects machine malfunctions and examined

periodically.

4. Give some examples of computer frauds.

Some examples of computer frauds are input manipulation and program alteration.

Fraud by input manipulation occurs when false or misleading data are entered into a

computer for a specific criminal purpose: for example, the amounts entered in a store

inventory database are reduced to hide theft of a commodity. Program alteration is also

known as alteration attack which means that the software created to perform a specific

function has been altered or changed to do something else by an attacker or hacker to access

data and information.

In a Nutshell
Activity 1. The study of the systems control and security measures in an accounting
information system is indeed important to better understand the depths of this
course. The control environment in a computerized system is somehow different
from that of a traditional manual system.
Based from the above discussion and the learning exercises that you have done,
please feel free to write your arguments or lessons learned below
1. ‘Controls’ is important in an AIS to prevent, detect and/or correct some conditions
that may affect the performance of a business firm.
2. There are two types of controls – general controls and application controls.
3. General controls comprise the organizational/personnel controls, file
security/software controls, hardware controls, access to computer and data files
controls or controls or access to equipment and data files, and other data and
procedural controls including security and disaster controls.
4. Application controls comprise the input controls, processing controls and output
controls.
Learein Roma
CompEd 411

5. General controls is for segregating duties in a computer information system

environment – providing reasonable assurance that development of, and changes to
computer programs are authorized, tested and approved prior uses.
6. Application controls is for preventing all other, unwanted applications from running
– they may be malicious, untrusted, or simply undesirable.
7. Input controls try to ensure the validity, accuracy and completeness of the data
entered into the system.
8. Process control aims to ensure that process variability is controlled within
specifically defined boundaries, and derived from current product and process
understanding, to guarantee quality of the product.
9. Output controls govern the accuracy and reasonableness of the output of data
processing and prevent authorized use of output.
10. Computer fraud has to types – input manipulation and program alteration.