Auditing 

is a form of independent attestation performed by 3.) Fraud Audit - investigates anomalies and gather
an expert who expresses an opinion about the fairness of a evidence of fraud that may lead to criminal conviction.
company's financial statement. (James Hall)

Auditing is a systematic process by which a competent, ATTESTATION - lends credibility to Management assertions
independent  person objectively obtains and evaluates ASSURANCE - lends credibility to any information
evidence regarding assertions about economic actions and AUDITING - lends credibility to financial statements (FS)
events to ascertain the degree of correspondence between
those assertions and established criteria and
communicating the results to interested user. FINANCIAL AUDIT COMPONENTS
* Three Classes  of Auditing Standards 
GENERAL PRINCIPLES of AUDITING        -  General qualification  Standards
ISA 200 (International Standards on Auditing) states that an        -  Field Work Standards
auditor should comply  with the Code of Ethics for       -  Reporting Standards 
Professional Accountants issued by IFAC. An auditor must * a systematic process
be have independence, integrity, objectivity, professional
competence and due care, confidentiality, professional * Management Assertions and Audit Objectives
behavior and technical standards. 5  General Categories
1.) Existence or Occurrence
2.) Completeness
MOST COMMON TYPES OF AUDIT FOR DIFFERENT 3.) Rights and Obligations
PURPOSES 4.) Valuation or allocations
1. ) External (Financial) Audits - is an independent 5.) Presentation and disclosure
attestation performed by an expert (auditor) who expresses
an opinion regarding the presentation of FS.
         1.1Attest Services  - is an engagement in which a * Obtaining Evidence
practitioner is engaged to issue, or does issue, a written * Ascertain Materiality
communication that expresses a conclusion about the * Communicating Results
reliability of a written assertion that is the responsibility of
another party.
          1.2 Advisory Service - are professional services AUDIT RISK 
offered by public accounting firms to improve their client Audit Risk is the probability that the auditor will render an
organizations' operational efficiency and effectiveness. unqualified (clean) opinion on FS that are, in fact, materially
2.)  Internal Audit - is an independent appraisal  function misstated.
established within an organization to examine and evaluate
its activities as a service to the organization.
AUDIT RISK COMPONENTS
Operational Audits are usually conducted by the internal 1.) Inherent risk 
auditors,  though experts or specialist can be hired to 2.) Control Risk
conduct reviews in their areas of expertise. 3.) Detection Risk

Compliance Audit is a comprehensive review of an AUDITING TECHNIQUES USED FOR REDUCING AUDIT RISK
organization's adherence to regulatory guidelines 1.) Tests of Controls
(BIR/SEC/DTI/ SSS/HMDF etc.) . 2.) Substantive Tests
 **Use of a computer changes the processing and storage of
financial information and may affect the organization and
procedures employed by the entity to achieve adequate internal
control. The CIS environment affects all aspects of audit
including :
 The consideration of inherent audit risks and control risks.
 The procedures following by the auditor to obtain a sufficient
understanding of the internal control structure.
 The design and performance of audit procedures by the
auditor.
IT audit is the examination and evaluation of an organization's
information technology infrastructure, applications, data use The auditor should have an understanding of computer
and management, policies, procedures and operational hardware, software and processing system sufficient to plan the
processes against recognized standards or established policies. engagement and to understand how CIS affects the study and
evaluation of internal control and application of auditing
the purposes is to evaluate the system's internal control design procedures
and effectiveness: efficiency and security protocols,
development processes, IT governance or oversight. A computer information systems- Auditing in a CIS environment
exists when a computer of any type or size is involved in the
Must consider if the controls are installed as intended, if they processing by the entity of financial information of significance
are effective, or if any breach in security has occurred and if so, to the audit.
what actions can be done to prevent future breaches.
IT- wide variety of software, hardware technology that are used
The primary functions of an IT audit are to evaluate the to manage and control info
systems that are in place to guard an organization's
information. Specifically, IT audits are used to evaluate the Information System- IT is organized to perform a specific task
organization's ability to protect its information assets and to (Organizational process)
properly dispense information to authorized parties. The IT - Info is processes on a large mainframe computer by a separate
audit aims to evaluate the following: info. system department (Software—developed/modified)
 Will the organization's computer systems be available User department>>Send Data> Info system Dept.> Computer
for the business at all times when required? (known as generated report
availability)
 Will the information in the systems be disclosed only to Cloud computing - use of IT services that are accessible over the
authorized users? (known as security and confidentiality) internet
 Will the information provided by the system always be - technology makes it possible to develop information on a
accurate, reliable, and timely? (measures the integrity) timely/efficient manner which could not have been done
otherwise due time and cost limitation
In this way, the audit hopes to assess the risk to the company's - tool for performing accounting tasks w/ speed and accuracy
valuable asset (its information) and establish methods of ** When client maintains accounting records w/ complex
minimizing those risks. sophisticated IT based system- beneficial to them
 can utilize technology in performing various audit procedures
CIS audit is the process of auditing in a computerized  these system make a large amount of data to perform data
environment. The primary objective of CIS audit is to analytics that can improve the efficiency and
determine whether computer systems : - effectiveness of certain audit procedure
 Safeguard assets Major components of Information System
 Maintain data integrity  Hardware
 Achieve organizational goals effectively  Software (System software and Application
 Consume resources efficiently software)
  Data
 People procedure
 Network

Function of Information system

1. Provide mechanism to capture input
2. Process- transform input to output
3. Used to convey/communicate output
4. Collect feedback whether the system is working as planned
(performance monitoring)
5. Control- process and procedure that restrict and monitor
input, processing and output
- provide a reasonable assurance that organizational objectives
are met (reliable financial information)

Auditors Responsibility
responsibility w/ respect to internal control over IT systems
remain the same as with manual systems that is to obtain an
understanding:
1. To aid the planning of the remainder of the audit
2. To assess control risk

Factors affecting the evaluation of internal control in that

computer system may:
 Increase management supervisory potential- timely
reports
 Less documentation of initiation and execution
transactions
 Computer controls that affect the effectiveness of
manual control procedures that use computer output
 Detect authorized access and prevent unauthorized
access
 =Auditors can restrict their test to one transaction or occurrence
of potential
*Input errors are unique to IT.
=Auditor must test the operating effectiveness of controls
designed to prevent and detect input errors.

THE WORK OF AN IT AUDITOR

The IT auditor is responsible for analyzing and assessing a
company's technological infrastructure to ensure processes and
systems run accurately and efficiently, while remaining secure
and meeting compliance regulation.
Chapter 1.2 CIS Environment
Developments in the information technology (IT) have had a
tremendous impact on the field of auditing. IT has inspired the
reengineering of traditional business processes to promote more IT AUDIT SKILLS
efficient operations and to improve communications within the The auditor should have sufficient knowledge of the CIS to plan,
entity and between the entity and its customers and suppliers. direct, and review the work performed .

Computerized Information Systems (CIS) environment exists If specialized skills are needed, the auditor would seek the
when a computer of any type or size is involved in the assistance of a professional possessing such skills, who may be
processing by the entity of financial information whether the either on the auditor’s staff or an outside professional.
computer is operated by the entity or by a third party. The auditor considers how the work of the expert is integrated
with the work of others on the audit, and what procedures are
The auditor should consider how the CIS environment affects the undertaken regarding risks identified through the expert’s work
audit. The use of a computer has implications for the processing, THE CISA EXAM
storage and communication of financial information, and Certified Information Systems Auditor (CISA) refers to a
therefore affects the internal control structure employed by the designation issued by the Information Systems Audit and Control
entity. Association (ISACA).
The designation is the global standard for professionals
The CIS environment affects all aspects of the audit including who have a career in information systems, in particular, auditing,
the: control, and security. CISA holders demonstrate to employers
 consideration of inherent risk and control risk that they have the knowledge, technical skills, and proficiency to
 procedures followed by the auditor to obtain a sufficient meet the dynamic challenges facing modern organizations.
understanding of the internal control structure
 auditor's design and performance of audit procedures. OBJECTIVE OF AN IT AUDIT
To enable the auditor to express an opinion whether the
financial statements are prepared, in all material respects, in
Audit of CIS is the process of understanding the IT environment accordance with an applicable financial framework.
to which the company is exposed to identify related IT risk in
order to perform appropriate audit procedures to achieve that SCOPE OF AN IT AUDIT
assurance needed The audit procedures deemed necessary in the circumstances to
achieve the objective of the audit.
IMPACT OF IT TO AUDIT EXAMINATION
*Transaction trails processed for shorter periods of time or only Now-a-days, the corporate world is getting more and more
in electronic form. = Auditors may have limited ability to inclined towards the use of Information technology (IT) and
examine some forms of documentary evidence. computer information system (CIS) in their daily operations. This
*Errors in IT environment are uniform across all transactions. has changed the manner in which the organizations’ carry out
their operations and various business processes. This has further
led to change in the nature of audit evidences generated by each There have been drastic changes in audit approaches and
financial transaction. The method of collection and evaluation of methodologies as a result of emergence of CIS environment
audit evidences has also changed. This requires auditors to
possess reasonable knowledge about tools and various In recent years, there has been a rapid development in the use
hardware & software used in the organization. of computers to generate financial information. This
development has created certain problems for the auditor in
SCOPE OF AUDIT IN CIS ENVIRONMENT / IMPACT OF CIS ON that it is requires to use specialized auditing procedures and
AUDITING techniques. As a result of this, within the accounting profession,
The use of CIS in various organisations has caused drastic impact a group of electronic data processing (EDP) audit specialists have
on audit approaches, techniques, risk involved and internal emerged, equipped with sufficient technical expertise to make
control methods. Following factors (risks) must be given due an intelligent analysis of complex computer audit situations.
consideration while framing an audit plan for an organisation:
1. High speed and Automatic initiation/execution of The basic objective and nature of an audit does not change in a
transactions computer information system (CIS) environment. However, the
- In CIS environment, transactions are processed instantly. Once use of computers in maintaining the books of accounts and
the transaction is fed into the system, it might get executed records affects the processing, storage, retrieval and
automatically with reports can be generated at a very high speed communication of financial information thus may require
and can be viewed by multiple users at a time. Thus giving rise to changing the accounting and internal control systems employed
many security issues. by the organization.

2. Uniform processing of transaction, hence low clerical error: Auditor should evaluate the following factors to determine the
While feeding input, processing transactions and generating effect of CIS system environment on the audit:
outputs, computer system performs multiple checks on data at  The extent to which the CIS environment is used to
each at each point of time. Moreover, the processing of record, compile, and analyze accounting information,
transaction is in a uniform manner. Hence the clerical errors  The system of internal control in existence in the entity
generated are minimised. However, there is a shift of errors with regard to: flow of authorised, correct and complete
from human generated errors towards system generated errors. data to the processing centre;

3. Unintentional or system generated errors
As discussed earlier, there is a shift in nature of errors from
human generated to system generated. Errors occur due to lack
of experienced personnel. And errors are mainly related to
development, maintenance and execution of CIS.
4. Concentration of duties:
Under CIS environment, more than one kind of task/function can
be performed by an individual. This leads to difficulty in
segregation of duties among individual. Consequently, it gives
rise to a number of security issues also.
5. Lack of audit trail
In computerized system, the processing of a transaction takes
place instantly. This leads to loss of audit trail. Thus, auditor environment and whether it may influence the assessment of
needs to apply some alternate procedure to compensate the
loss of audit trial.
AUDIT APPROACH IN CIS ENVIRONMENT
The auditor should have sufficient knowledge of the computer
information systems to plan, direct, supervise, control and
review the work performed.
He should also consider whether any specialized skills are
required in the conduct of audit in a computer information
system environment.
In planning the portions of the audit which may be affected by
the CIS environment, the auditor should obtain an
understanding of the significance and complexity of the CIS
activities and the availability of the data for use in the audit.
When the computer information systems are significant, the
auditor should also obtain an understanding of the CIS
inherent and control risks.
The auditor should document the audit plan, the nature, timing
and extent of audit procedures performed and the conclusions
drawn from the evidence obtained. In an audit in computer
information system environment, some of the audit evidence performance.
may be in the electronic form. The auditor should satisfy himself Low maintenance costs as the High maintenance costs
that such evidence is adequately and safely stored and is system is run through a single because each node in the
retrievable in its entirety as and when required. main server. it is easier to system comprises varying
monitor and manage the processing power and
Characteristic of CIS environment whole system using a single distributed across
1. Lacks of visibility of transaction trails main server. geographical regions.
Systems are only vertically Both horizontally and
2. Consistency of performance
scalable. Processing power vertically scalable. Servers
3. Ease of access to data and computer programs
can only be added to the can be added and removed
4. Concentration of duties central server and up to a with varying loads.
5. Systems generated transactions certain limit only.
6. Vulnerability of data and program Less reliable as if the central More reliable as if one server
server crashes the whole crashes the system as a
system will be unavailable whole can still survive.
Types of IT Environment Less throughput as the single Higher throughput as the
Centralized data processing - systems that use client/server server model will become a processing power is
architecture where one or more client nodes are directly bottleneck when keeping up distributed throughout the
connected to a central server. This is the most commonly used with increasing client system.
type of system in many organizations where a client sends a requests.
request to a company server and receives the response. The overall system is less The system is more complex
Example : Internet Service Providers, Application development complex as the system can be as we need to address replica
managed through the central management and
servers, File Systems, and Organizational Networks
server. maintaining consistency.
Distributed data processing- it is a collection of independent
Advantages of Centralized System
computers interconnected via a network. Each node in a system
possesses enough computational power to collaborate on a task.
1. Easy to physically secure. It is easy to secure and service
Users have equal access to data and user privileges can be
the server and client nodes by virtue of their location
enabled as required. Failure of independent components does
2. Dedicated resources (memory, CPU cores, etc)
not affect the overall system which results in higher availability
3. More cost-efficient for small systems up to a certain
and improved reliability.
limit – As the central systems take fewer funds to set up,
they have an edge when small systems have to be built
It also address the limitations and problems faced by traditional
4. Quick updates are possible – Only one machine to
centralized systems such as security, data storage, and privacy
update.
concerns. A distributed system is similar to a decentralized one
5. Easy detachment of a node from the system.
in that it doesn’t have a single central owner. But going a step
further, it eliminates centralization. In a distributed system,
Disadvantages of Centralized System
users have equal access to data, though user privileges can be
enabled when needed.
1. Highly dependent on the network connectivity – The
system can fail if the nodes lose connectivity as there is
Examples: Internet, blockchain, SOA-based systems
only one central node.
2. Problems with the central server may result in a
Centralized Systems Distributed Systems
complete system breakdown. Hence, a single point of
failure.
Low fault tolerance as the High fault tolerance due to
central server acts as a single the absence of a single point 3. Less possibility of data backup. If the server node fails
point of failure. of failure. Servers can be and there is no backup, you lose the data straight away
added/removed without 4. Longer access time for clients far from the server and
affecting the overall improper scheduling algorithms

Advantages of Distributed Systems
1. There is no central point of failure in distributed
systems. The system can survive even if a node fails/is
removed from the system. Hence, High fault tolerance.
2. Distributed Systems are both horizontally and vertically
scalable. Therefore it is much easier to add new servers
as the load increases in the system and take machines
offline when the workload is low.
3. Allow many users access to a common database
4. The workload can be shared over multiple machines as
each node possesses enough processing power. This
reduces the overloading of a single machine.
5. The high geographical spread of distributed systems
reduces the latency when getting a response to a
request.
Disadvantages of Distributed Systems
1. It is more difficult to order/schedule transactions in the
system as different nodes have different latencies and
performances.
2. As all the nodes connected to a distributed system are
independent, it is difficult for all the servers to agree
upon the same information(consensus).
3. Messages/Information can be lost in the network system
because of the absence of a central server.
4. Due to the distribution across multiple servers
troubleshooting and diagnostics are more difficult.
5. More effort must be put to make the network more
secure and users have to control replicated data across
multiple locations.
Decentralized Systems
As its name implies, decentralized systems don’t have one
central owner. Instead, they use multiple central owners, each
of which usually stores a copy of the resources users can access.
Another advantage of this design is that the access time to the
data is often faster. That’s because owners can create nodes in
different regions or areas where user activity is high.
However, decentralized systems are still prone to the same
security and privacy risks to users as centralized systems. While
their fault tolerance is higher, this comes at a price. Maintaining
a decentralized system is usually more expensive.
Pros
 Less likely to fail than a centralized system
 Better performance
 Allows for a more diverse and more flexible system
Cons
 Security and privacy risks to users
 Higher maintenance costs
 Inconsistent performance when not properly optimized
Batch processing system
- an efficient way of processing large volumes of data where a
group of transactions is collected over a period of time. Data is
collected, entered, processed and then the batch results are
produced. While sales team/employees would gather
information throughout a specified period of time. Afterward, all
that information would be entered into the system all at once.
-Batch processing is the processing of transactions in a group or
batch. No user interaction is required once batch processing is
underway. While batch processing usually carried out to end-of-
cycle processing.
- involves storing all the data received until a certain amount is
collected and then processed as a batch.
Batch processing in data integration means:

A decentralized system can be just as vulnerable to crashes as a  This data process is scheduled at a specific time.
centralized one. However, it is by design more tolerant to faults.  Processing a sufficient amount of data.
That’s because when one or more central owners or servers fail,
the others can continue to provide data access to users. This means that when data is processed as a batch, data will be
collected and organized into one transaction file. This
Resources remain active if at least one of the central servers transaction file (source) is then stored until enough data has
continue to operate. Usually, this means that system owners can been collected, at which point the master file (target, like a
repair faulty servers and address any other problems while the central database) is updated via data integration at scheduled
system itself continues to run as usual. periods of time. So, data is not only collected together but also
processed together.

Advantages of Batch Processing
 Batch Processing is Ideal for processing large volumes of
data/transaction. It also increases efficiency rather than
processing each individually.
 Here, we can do processing independently. Even during
less-busy times or at a desired designated time.
 For the organization by carrying out the process, it also
offers cost efficiency.
 Also, allows a good audit trail.
Disadvantages of Batch Processing
 The time delay between the collection of data and
getting the result after the batch process.
 In the batch processing master file is not always kept up
to date.
 A one-time process can be very slow.
Real time system
- involves continuous input, process, and output of data. Hence,
it processes in a short period of time. There are some programs
which use such data processing type. For example, bank ATMs,
customer services, radar systems, and Point of Sale (POS)
Systems. Every transaction is directly reflected in the master file,
with this data process. So, that it will always be up-to-date.
 Real-time data processing is immediate and constantly
up-to-date
 Real-time integration is carried out at the time of the
event.
With real-time processing, also known as online transaction
processing, as soon as the transaction takes place, the master
file is updated at the same time. This means it is mirroring a
constantly updating cycle of information. With real-time
processing, immediate data integration is required so that the
information is updated ASAP.
Advantages of Real-Time Processing
 While performing real-time processing, there is no
significant delay in response.
 In real-time processing, information is always up to date.
Hence, it makes the organization able to take immediate
action. Also, when responding to an event, issue or
scenario in the shortest possible span of time.
 It also makes the organization able to gain insights from
the updated data. Even helps to detect patterns of
possible identification of either opportunities or threats.
Disadvantage of Real-Time Processing
 Real-Time processing is very complex as well as
expensive processing.
 Also turns out to be very difficult for auditing.
 Real-Time processing is a bit tedious processing.
Electronic commerce
- refers to the buying and selling of goods or services using the
internet, and the transfer of money and data to execute these
transactions. Ecommerce is often used to refer to the sale of
physical products online, but it can also describe any kind of
commercial transaction that is facilitated through the internet.
- E-commerce draws on technologies such as mobile commerce,
electronic funds transfer, supply chain management, Internet
marketing, online transaction processing, electronic data
interchange (EDI), inventory management systems, and
automated data collection systems.
Applications:
POS (Point of sale) refers to the place where a customer
executes the payment for goods or services and where sales
taxes may become payable. It can be in a physical store, where
POS terminals and systems are used to process card payments or
a virtual sales point such as a computer or mobile electronic
device.
EFT (electronic funds transfer) refers to the sending of money
electronically,
EDI (Electronic Data Interchange) computer-to-computer
exchange of business documents in a standard electronic format
between business partners. EDI documents can flow straight
through to the appropriate application on the receiver’s
computer (e.g., the Order Management System) and processing
can begin immediately.
Database system
Database Systems is software that caters to the collection of
electronic and digital records to extract useful information and
store that information
Two components:
Data base- database is information that is set up for easy access,
management and updating. It store aggregations of data records
or files that contain information, such as sales transactions,
customer data, financials and product information.

Databases are used for storing, maintaining and accessing any

sort of data. They collect information on people, places or
things. That information is gathered in one place so that it can
be observed and analyzed. Databases can be thought of as an
organized collection of information.

Data base management system Internal control

DBMS (Database management System) is a software that can
save and retrieve user data while taking adequate security
actions. It includes a group of programs that manipulate the
database. The DBMS accepts the application request and directs
the operating system to supply the data. A DBMS can save and
retrieve data on large systems through users and other third-
party applications. DBMS enables users to create their own
databases according to their needs. The term “DBMS” contains
the user and other application programs of the database. It
provides an interface from the data to the software.
- organizational plan and all related measures to safeguard
assets, ensure the accuracy and reliability of accounting records,
promote operational efficiency and encourage adherence to
prescribed managerial policies
- implemented to minimized or eliminate risk (Error or Fraud)
Financial Audit
Compliance audit
Operational audit
- process, effected by an entity’s board of directors,
management and other personnel, designed to provide
reasonable assurance:

 financial information is reliable, accurate and timely

 compliance with applicable laws, regulations, contracts,
policies and procedures
 effectiveness and efficiency of operations

Components of internal control

Control environment
Risk assessment
Information and communication system
Control activities
Monitoring

Risk in IT environment:
Computer hacking (trespass, unauthorized use)
Intrusion
Identity theft/Information theft
Computer fraud
Information abuse
White collar crime

Objectives:
Integrity- complete, honest and fair information
Reliability- information can be trusted
Validity- well grounded, just and relevant
IT CONTROLS
Information technology drives the financial processes of modern
organizations. Automated systems initiate, authorize, record and
report the effects of financial transactions. As such, they are
inextricable elements of the financial reporting processes and
need to be controlled.
IT Control- a control relate specifically to computer environment
 Rely on computerized (electronic) actions
 Generally more consistent and efficient and may be built
into software used for business processes
Physical control- class of control that relate specifically to
human activity employed in accounting system
- rely on human actions.
- allow for the use of judgment in performing control
activities.
A variety of controls are performed to check accuracy,
completeness and authorization of transactions. When
computer processing is used in significant accounting
applications, internal control procedures can be classified into
two types
GENERAL CONTROLS
- control policies and procedures that relate to the overall
computer information system. It is not application specific but,
rather, apply to all system.
- apply to information system activities throughout an
organization.
- any controls related to the security, use, or design of computer
programs. Similarly, it consists of any methods that help secure
data or information within these systems. General controls apply
throughout the organization. Any department or area within a
business that uses information technology will include general
controls as well. General controls are crucial in ensuring the
effective operation of any programmed procedures within a
company.
These controls include:
1.)Organizational Control- written plan of the organization, with
clear assignment of authority and responsibility. In a CIS
environment, the plan of an organization for an entity’s
computer system should include
a.) Segregation between CIS department and user department.
b.)Segregation of duties within the CIS department.
2.) Systems Development and Documentation Controls
Software development and as well as changes thereof must be
approved by the appropriate level of management and the user
department.
To ensure that computer programs are functioning as designed,
the program must be tested and modified, if needed, by the user
and CIS Department. Moreover, adequate systems
documentation must be made in order to facilitate the use of
the program as well as changes that maybe introduced later into
the system.
3.) Access Controls
Every computer system should have adequate security controls
to protect equipment, files and programs. Access to the
computer should be limited only to operators and other
authorized employees. Additionally, appropriate controls, such
as the use of passwords, must be adopted in order to limit
access to data files and program only to authorized personnel.
4.)Data Recovery Controls
Due to vulnerability of files and programs, computer files can be
easily lost and this loss is disastrous to an entity. The survival of
the entity affected by such disaster depends on its ability
to recover the files on a timely basis. (backups)
5.) Monitoring Controls
designed to ensure that CIS controls are working effectively as
planned. These include periodic evaluation of the adequacy and
effectiveness of the overall CIS operations, conducted by
persons within or outside the entity.
General controls apply to all computerized systems or
applications. They include a mixture of software, hardware, and
manual procedures that shape an overall control environment.
In contrast, application controls are specific controls that differ
with each computerized application. For example, the
application controls for payroll systems differ from sales
systems.

General controls include software, hardware, and manual

procedures. Therefore, these controls may consist of software
controls, computer operations controls, data security controls,
administrative controls, physical hardware controls, and much
more.

Application controls are more specific. As mentioned above,

there are only three types of application controls. These include
input, processing, and output controls. Each of these may consist
of more kinds, which all fall under application controls.

APPLICATION CONTROLS

Application Controls are those policies

and procedures that relate to specific use of
the system. These are designed to provide
reasonable assurance that all transactions
are authorized, and that they are processed
completely, accurately and in a timely
manner. These include:

1.)Controls Over Input

2.)Controls Over Processing
3.)Controls Over Output