Auditing & EDP
Auditing & EDP
eGrove
American Institute of Certified Public Accountants
Guides, Handbooks and Manuals
(AICPA) Historical Collection
1968
Recommended Citation
Davis, Gordon B. (Gordon Bitter), "Auditing & EDP;" (1968). Guides, Handbooks and Manuals. 19.
https://egrove.olemiss.edu/aicpa_guides/19
This Book is brought to you for free and open access by the American Institute of Certified Public Accountants (AICPA) Historical Collection at
eGrove. It has been accepted for inclusion in Guides, Handbooks and Manuals by an authorized administrator of eGrove. For more information, please
contact [email protected].
AUDITING
& EDP
B Y G O R D O N B. DAVIS, C P A , PhD
PUBLISHED BY THE AMERICAN INSTITUTE O F CERTIFIED PUBLIC ACCOUN TANTS NEW YORK
Copyright 1968 by the
American Institute of Certified Public Accountants, Inc.
666 Fifth Avenue, New York, N.Y. 10019
TABLE O F CONTENTS
PREFACE
Plan of organization. 9
A ssignm ent of responsibilities, 9. Separation of duties, 10. T h e control function, 12.
Typical organization charts. 13
Management of a computer installation. 15
Standard program m ing conventions and procedures, 16. Standard operating pro
cedures, 18. C ontrol procedures, 20. O rganization and personnel, 20.
3. DOCUMENTATION OF THE DATA PROCESSING SYSTEM
Summary of documentation. 24
Run manual, 26
Problem definition section, 26. System description section, 27. Program description
section, 21. O perating instructions section, 31. L isting of controls, 31. A cceptance
record section, 31.
Equipment controls. 39
R edundant character check, 39. D uplicate process check, 39. Echo check, 40. V a l
id ity check, 40. E quipm ent check, 40.
Physical safeguards. 89
E nvironm ental control, 89. Fire protection, 89. Security protection, 90. Off-premises
storage, 91.
Procedural controls. 91
E xternal labels, 92. F ile protection rings, 92. Tape library, 93. Internal labels, 95.
B oundary protection, 95.
Retention plan. 95
Source docum ents, 96. Punched card files, 96. M agn etic tape files, 96. D isk files, 97.
D um ps to other m edia, 99.
Insurance. 101
Summary. 115
Summary. 196
CASE STUDY; Evaluating inventory records using the computer, 197.
Definitions. 205
O n-line, 206. R eal-tim e, 206. Integrated systems, 207.
Summary. 238
APPENDIX D— GLOSSARY
C H A P TE R 1
FIGURE 1-1 N u m b er of co m p u ters in s ta lle d b y U .S.-b ased co m p an ies fro m 1956 to 1967, 2
C H A P TE R 2
C H A P TE R 3
CHAPTER 5
CHAPTER 6
CHAPTER 7
TABLE 7-1 S u m m ary of co verage p ro vid ed by d ifferen t p o licies for d a ta p rocessing fire
risks, 102
FIGURE 7-1 E x te rn a l m ag n e tic ta p e la b e l, 92
7-2 F ile p ro tectio n rin g for m ag n e tic ta p e, 93
7-3 H isto ry card fo r ta p e reel, 94
7-4 G ran d fath er, fa th e r a n d son in m a g n e tic ta p e files, 98
CHAPTER 8
C H A P TE R 9
C H A P TE R 10
C H A P TE R 11
C H A P TE R 12
TABLE 12-1 S tep s in p rep arin g a co m p u ter p ro gram for a u d it use, 192
FIGURE 12-1 System s flo w ch art for a u d it ro utin es, 200
C H A P TE R 13
A P P E N D IX A
A P P E N D IX C
A P P E N D IX E
A. N e s t , Director,
R ic h a r d
Technical Services Division
C H A P TE R
EDP does not lessen in any way the need for an evaluation of E valuating
the system of internal control. On the contrary, it appears that In te rn al Control
increased emphasis must be given in the review of internal con
trol to ascertain that it is effective. The need for this emphasis
has been brought about by the centralization and the concentra
tion of data processing in an EDP system and the appearance
of new controls that must be evaluated.
The evaluation of internal control rests on a review of the
system to obtain a knowledge of how it is purported to operate
and on an accumulation of evidence which demonstrates how it
actually does operate. The manner in which the auditor seeks
the necessary information and records it in his working papers is
largely a matter of individual preference. Techniques used for
this purpose include questionnaires, checklists, flowcharts and
narrative memoranda.
Having obtained information on the system, the auditor must
next obtain evidence to determine the existence and effectiveness
of the client’s processing procedures and controls. This is done
by making tests of the performance of specific control pro
cedures. The nature and availability of evidence and the types of
tests to be performed depend somewhat upon the complexity of 3
the system design and upon the audit trail found in the elec
tronic system being audited. In some cases, the evaluation of the
operation of the data processing system may emphasize direct
testing of the processing programs; in other cases, the evaluation
may rely largely on tests using printed output from the com
puter processing runs.
E valuating Records In addition to evaluating the system of data processing and con
P roduced by the trol, the auditor must evaluate the reasonableness of those
System
records produced by the system which relate to the existence and
proper valuation of assets, liabilities, equities and transactions.
Historically, the records evaluated have consisted of printed re
ports, listings, documents and business papers—all of which
were readable by the auditor. To the extent that such records
are available in electronic systems, the auditor may use traditional
auditing techniques. However, part of the output from EDP sys
tems is very frequently in machine-readable forms such as cards,
tapes and disks. Although output in this form can always be
converted to readable printout, it presents the auditor with an
opportunity to use the computer to analyze the records.
Computer audit programs can assist in the performance of
auditing procedures such as: (1) selection of exceptional trans
actions and accounts for examination, (2) comparison of data
for correctness and consistency, (3) checking of information
obtained directly by the auditor with company records, (4) per
formance of arithmetic and clerical functions, and (5) prep
aration of confirmations. In using the computer to analyze
machine-readable records, the auditor may either design and
develop specific computer programs for each client and applica
tion or use generalized audit routines.
A note on emphasis
It has been common in the recent literature of auditing to refer
to two approaches to auditing computer-based systems—“audit
ing around the computer” and “auditing through the computer.”
These terms have been avoided in this report because they tend
to be misleading. “Auditing around the computer” may imply
to some that the auditor can ignore the computer and work
around it. This is not true. The auditor should always consider
the control framework in which the computer processing is
carried out. In his tests of the operation of the system, he may
choose to use computer printouts as the basis for audit tests
rather than to test the computer program directly. For a test
of the records produced by the computer system, the auditor
may have the records printed out for manual review or he may
make use of a computer routine to test them in their machine-
readable form. In other words, he may use computer printouts
in much the same way as he would use manually prepared
records, or he may utilize the computer itself in performing
audit steps. Consequently, this report distinguishes between
auditing a computer system without using the computer and
auditing a computer system using the computer.
The question of whether or not to use the computer in audit
tests usually depends on the effectiveness and cost of the com
puter procedure versus the effectiveness and cost of the manual
alternatives. This report does not favor one method over the
other. The auditor should be capable of using the computer for
audit tests when its use is advisable, just as he should be
capable of testing without using the computer when its use is
6 not advisable. Generally, it is not necessary or economical to
use the computer to test simple data processing systems or to
test files with small numbers of records. Audit tests of advanced
systems or of files with large numbers of machine-readable
records are more likely to require the use of the computer.
Summary
Computers have been commercially available for over fifteen
years, yet the recency of the major impact can be appreciated by 7
noting that at mid-1967 over half of all computers had been in
stalled in the preceding three years. The number was expected
to double again in the succeeding three years. Although much
has been written about the impact of computers on the auditor,
many CPAs were just beginning to be affected.
This chapter provides an overview of the auditing of an
organization using a computer for record-keeping. The auditor
may not properly ignore the computer in the audit—first, be
cause the computer requires its own set of controls related to
automated procedures and, second, because many controls nor
m ally resulting from division of duties and human review and
judgment are now concentrated in the computer programs. The
auditor may use the computer in carrying out audit procedures
but this is frequently optional, depending on the characteristics
of the system and the cost and effectiveness of this alternative.
The auditor should be capable of choosing and implementing
the best method for each data processing application and each
particular audit test.
8
C H A P TE R
Plan of organization
T IT L E D E S C R IP T IO N
System s A nalyst A nalyzes th e req u ire m e n ts fo r in form ation .
Evaluates th e e xistin g system and designs new
or im proved d a ta processing procedures.
O u tlin e s th e system and prepares
s p e c ific a tio n s w hich g u id e th e program m er.
Program m er Flow charts th e logic of th e c o m p u te r program s
required by th e overall system designed by
th e system s analyst. Codes th e logic in th e
co m p u ter program language. Debugs th e
re s u ltin g program . Prepares do c u m e n ta tio n .
(S ee C hapter 3 fo r d o c u m e n ta tio n
requirem en ts.)
C om p uter O perator Also c a lle d a console operator. O perates the
co m p u ter according to th e o peratin g
procedures fo r th e in s ta lla tio n and th e
d e ta ile d procedures fo r each program found in
th e C om p uter O perator In structions. (See
C hapter 3 for descrip tio n of th is m anual.)
U n it Record E q u ip m e n t Also called a ta b u la tin g e q u ip m e n t operator.
O perator O perates punched card e q u ip m e n t such as
sorter, co llato r, reproducer, a c c o u n tin g
m achine, etc.
K eypunch O perator P repares data fo r m ac h in e processing by
keypunch ing cards. O perates a card punch
(also c a lle d a keypunch).
DATA P R O C E S S IN G F U N C T IO N P O S IT IO N
Th e Control Function The plan of organization and operating procedures should pro
vide for a control function. The control function is divided into
two types:
1. Processing control internal to data processing
2. Outside control
Internal processing control (data control, quality control, etc.)
is a function of the data processing department and is concerned
with monitoring the accuracy of processing and with ensuring
that no data is lost or mishandled within the department during
processing. For instance, if a detail transaction file is processed
with a master file to produce an updated master file, the sum of
the transaction file and the master should equal the total of the
updated master. The person charged with the processing control
is responsible for making or reviewing such a comparison. Con
trol at the processing level is usually the responsibility of the
data processing manager. A subordinate may be assigned control
activities as a part-time or full-time assignment, depending on
the volume of activity. If the assignment is not full-time, it is
desirable to preserve a separation of duties and to avoid using a
person who has systems, programming, or operator responsibil
ities (especially the latter).
Outside control can take several forms, but is basically con
cerned with an independent check of the functioning of the data
processing department. This independent check can be per
formed by a user department. If the general ledger, for instance,
is maintained through the computer, the accounting department
may keep a control total of the debits and credits to be posted by
the computer to the general ledger. The updated general ledger
from the computer should show a total change equal to the ac
counting department debit and credit posting totals. Another
form of outside control is an independent quality control evalu
ation of data processing’s production. A separate group may be
established for this purpose in a user department where the vol
ume of data to be controlled is large. For example, one large
corporation has a payroll processing control group responsible
for evaluating the payroll data produced by the computer. This
12 is done by performing various tests on the data totals and by
using control amounts (explained in Chapter 5). The outside
control function, as typified by the evaluation group, should be
under the direction of accounting, finance, or some other func
tion in a position to perform an independent and critical review
of performance.
C L A S S IF IC A T IO N M O N TH LY R EN TA L
S m all Less th an $ 5 ,0 0 0
M edium $ 5 ,0 0 0 to $ 1 5 ,0 0 0
Large Over $ 1 5 ,0 0 0
Systems Equipment
Keypunch
analyst- operators operators
programmers
D ata
processing
m anager
S en io r unit
S en ior S enior S en ior
C ontrol K eypunch record
system s p ro g ram m e r c o m p u te r
clerk supervisor e q u ip m e n t
an alyst o p e ra to r
o p e ra to r
FIGURE 2 -2 . Organization chart for a medium-sized data processing installation (equipm ent rental
between $ 5 ,0 0 0 and $ 1 5 ,0 0 0 per month)
14
$25,000. There is further specialization with systems analysts
separated completely from programming. Programming includes
a separate documentation librarian; there are separate data com
munications specialists; and operations has a separate position
for a tape librarian responsible for custody of the magnetic tapes.
D irector o f
in fo rm a tio n
processing
M an ag er of M a n a g e r of
M an ag er of data
prog ram m in g system s and
processing op eratio n s
procedures
D ata U n it record
S ystem s e q u ip m e n t C o m p u te r
c o m m u n icatio n s
analysts o p e ra to rs op erato rs
specialists
F iG U R E 2-3. Organization chart for a large data processing installation (equipm ent rental more than
$ 25 ,0 0 0 per month)
15
munity have become more knowledgeable in the computer field,
effective control techniques have gradually begun to evolve.
Various quantitative techniques have been used in performance
evaluation of data processing activities. By using historical rating
techniques, for example, yardsticks have been applied to the per
formances of analysts, programmers, operators and keypunchers.
The application of management principles to computer data
processing operations typically results in the preparation and
use of a systems and procedures manual which describes standard
operating procedures. The contents of this manual cover the
following topics:
1. Standard programming conventions and procedures
2. Standard operating procedures
3. Control procedures
4. Organization and personnel
As with systems and procedures manuals used in other areas,
the manual is useful in training, supervision and evaluation of
performance. The multitude of differing conventions in pro
gramming, documentation, operating, etc., leads to considerable
confusion. The use of a manual setting forth standard pro
cedures and conventions for the particular installation has proved
to be an extremely valuable aid to management.
S tan d ard P ro gram m in g The major purpose of this section of a computer installation
C onventions and P rocedures systems and procedures manual is to establish standard vocab
ulary, standard programming conventions, standard debugging
procedures and standard documentation methods. The follow
ing brief summary of possible topics suggests the scope and pur
pose of the section:
TO P IC E XP LA N A TIO N
F low charting conventions These are the form s, sym bols and conventions
to be used in flo w ch artin g . G enerally, it is
des ira b le fo r these conventions to agree w ith
th e standards d e fin e d by th e U n ite d S ta te s of
A m erica S tandard s In s titu te (see A ppendix B).
D ecision ta b le conventions These conventions are used when preparing
d ecision tab les. This to p ic should in clu d e
standard abbreviatio n s fo r a llo w a b le c o n d itio n
16 entries.
TOPIC EXPLANATION
S tan d ard O perating This section of the systems and procedures manual describes
P rocedures practices and procedures to be followed in the running of the
processing equipment. The topics include specifications for
machine operation, machine performance, scheduling, file re
tention, housekeeping, record keeping and emergency procedures.
TO P IC EXPLA N A TIO N
21
3
C H A P TE R
Summary of documentation
A data processing application, such as payroll, may include sev
eral separate processing tasks which are the basis for individual
computer runs. Although separated to meet the requirements of
the data processing system, the runs may be interconnected in
that the output from one run may be the input for another run.
For example, a payroll application described in Chapter 10 con
sists of 11 computer runs. The five which are used to prepare the
payroll checks are listed here.
1. Card-to-tape for payroll detail
2. Sort payroll detail into employee number sequence
3. V alidate data
4. Calculate payroll and update master file
5. Print payroll checks
The computer run is the basic unit on which documentation is
24 based, but because of the interrelationship of computer runs an
application overview which shows how the different runs are used
is necessary for complete understanding of the runs. This appli
cation or system design specification describes the overall system.
It may be prepared as a separate report or may be ineluded in the
different run documentations to which it applies.
Run documentation can take many different acceptable forms.
This chapter will present a detailed outline of two common
documentation manuals which fulfill basie requirements. These
are the run manual and the computer operator instructions for
the run.
The run manual is prepared by the systems analysts and/or
the programmers. It contains a complete description of the
program which is used for a data processing run. The sections of
the run manual are generally the following:
1. Problem definition
2. System description
3. Program description
4. Operating instructions
5. Listing of controls
6. Acceptance record
Each of these sections will be described in this chapter.
The computer operator instructions, a reproduction of one
section of the run manual, provide operating instructions for the
machine room personnel. They may be filed separately or as
sembled in notebooks which contain the instructions for all
runs. The relationship of the run manual to the computer oper
ator instructions is shown in Figure 3-1 (this page). The com
puter operator instructions may also be known as the console
run book.
The run manual is an important corporate record and should
be safeguarded accordingly. For example, the manual should be
given fireproof storage and should be returned to the files each
night. For added protection against destruction or unauthorized
changes, a control copy may be stored outside the data processing FIGURE 3-1. Relationship of
center. Ideally, access to copies of the manual should be re computer operator instruc
tions to run manual
stricted to systems and programming personnel. M achine oper
ators do not require access to the run manual since all the infor
mation needed for proper machine operation is contained in the 25
computer operator instructions. Knowledgeable operators who
have access to run manuals have an increased opportunity to
make unauthorized changes in programs.
Run manual
The six basic sections of the run manual are discussed in detail.
These cover the basic elements for adequate documentation.
However, the auditor should recognize that individual differences
can account for many variations in documentation.
P roblem D e fin itio n The problem definition section is intended to provide a clear,
S ection logical and formal record of the problem to be solved. The
individual elements in this section might be:
1. Title page
2. Table of contents
3. Project background
4. Project request
5. Problem statement
6. Minutes of meetings and copies of policy decisions relating
to the job
The project background is a description of the reasons why
the program was prepared and its role in the overall data process
ing system. This serves to place the program in perspective as it
relates to other programs.
Those programs which are prepared in response to requests by
user departments should be approved in advance by the data
processing manager and the systems analyst. The approved re
quest becomes a part of the documentation in ease there is a
discrepancy between the resulting program and the desired re
sult. In some instances, a programmer may finish a program in
accordance with a user’s request only to find that the user has
not defined the problem correctly.
A problem statement should be prepared in support of all new
programs. This form is usually prepared by the systems analyst
26 (if this function is separated from programming) and is the
basic source of information concerning the purpose of the
program.
The system description section supplements the problem state System D escription
ment by indicating the general outline of the new program and S ectio n
the related environment or system in which it operates. Al
though it may be brief, this description is valuable in explaining
the program. This section contains the system flowcharts, the
record layouts, the activity codes, and, if a control function is
involved, the way it is to be handled.
A system flowchart indicates (1) the source and nature of all
input, (2) machine, computer and manual operations and
(3) the nature and disposition of all outputs. This chart assists
in developing detailed operating and control instructions.
Record layouts which specify the placement of data items are
used to describe records maintained on cards, magnetic tapes,
paper tape, magnetic disks, magnetic drums, or printed reports.
For example, a card layout contains the names of all fields, field
locations, field sizes, a description of control punches and a
description of file identification codes (see Figure 3-2, page 28).
Tape layouts contain additional information on record size,
blocking factors and the layout and content of all internal labels
(see Figure 3-3, page 29). There should be a description of the
codes used to identify the various types of transactions affecting
the files being processed and of the codes in the files which
denote type of account, type of customer, etc.
The control function for the computer run is described in this
section. If this function involves a control group or control clerk,
each m an’s duties are defined.
W hereas the system description section described the entire Program D escription
process, computer and non-computer, for accomplishing the S ectio n
data processing task, the program description section covers the
details which document the computer program portion of the
system. Typical topics in this section are:
1. Program flowcharts (also termed block or logic diagrams)
2. Decision tables
3. Table descriptions 27
MULTIPLE-CARD LA YO UT FORM
29
storage is memory assigned for storing intermediate results dur
ing the processing steps. For each item this list might show:
1. Symbolic name assigned
2. Size (in number of characters)
3. Function within the program
4. Initial state (zero, blank or other)
5. W here cleared (i.e., on minor totals, on intermediate totals,
on major totals or on final totals)
A layout of memory is not required in most cases since assign
ment of memory is regulated by the assembler program or by the
operating system. However, in special cases where the pro
grammer has specifically assigned memory to facilitate instruc
tion modification or where there are tables used within a program,
a memory layout may become necessary or desirable.
A copy of the most recent program listing (produced by the
program assembler) should be part of the documentation. This
listing, together with the program flowchart, allows a reader to
follow the detailed coding flow and logic. The list also serves as
back-up in case the source deck is lost or destroyed. Each listing
should be dated and only the latest listing should be retained
in current documentation. Minor machine language changes
(patches) are usually posted directly on the program listing.
These changes should also be authorized and documented by a
program change and approval sheet.
In some situations, a printout of memory after the program
has been loaded can be valuable in diagnosing program errors.
This is particularly true when an error is detected after a program
has been patched or modified. Memory dumps may be included
as part of the documentation for such cases.
In a number of computers, sense switches on the computer
console are used to alter the program flow. The program tests
the condition of the switch and changes the program path de
pending on the switch setting. For example, a program written
to print out account balances may, by a switch setting, be altered
to bypass printing of credit balances. The documentation should
identify each sense switch and describe the conditions or func
tions which will result from each setting.
The programmer can use instructions to modify or change
30 other instructions. This modification process is an extremely
powerful and flexible program technique but it does make pro
grams extremely difficult to follow. For this reason, the purpose
and result of all the program modifications should be fully
documented.
This section of the run manual contains the information re O p e ratin g In structions
S ectio n
quired by the computer operator to run the program. Some in
formation which appears elsewhere in the run manual is repeated
in this section because it is reproduced and furnished to the
operator for use as the computer operator instructions. Any
subsequent changes made in the run manual should, of course,
be reflected in the separate computer operator instructions. This
section of the run manual will be explained in connection with
these instructions.
This section documents the steps taken to test the program for A cc ep ta n c e Record
errors before acceptance for use. The information contained in S ectio n
this section covers the test data used in the testing process, the
documentation review approval and the program change record.
Copies of input and output test data should be preserved as
part of the program documentation. In the case of punched
card data, the run manual should contain a listing of the input/
output; the cards themselves should be retained elsewhere. Each
time a program is changed, the test input data should be re 31
processed and the new output compared with the original test
output. This procedure helps to eliminate program errors which
sometimes unexpectedly affect programs that have been changed.
W hen a program is first prepared, the documentation should
be reviewed and approved by a responsible authority such as the
program manager or the data processing manager. This review
and approval should be recorded in the run manual. There
should also be a record of all changes made in a program since
its original implementation. This record (Figure 3-4, page 33)
should show:
1. Date of change
2. Reason for change
3. Approval of change initiation
4. Approval of change method
The program change record is useful in keeping documenta
tion current. It is very time consuming to correct all documen
tation, including flowcharts, each time a program change is
made. Instead, a change record is included with the documen
tation and, unless there is a rather substantial rewrite of the
program, the flowcharts are not redrawn. The original documen
tation plus the change records form the current documentation.
The audit impact of adequate change documentation has been
illustrated by a client whose payroll registers, prepared on the com
puter, did not crossfoot. The auditor insisted that crossfooting
be part of the computer program. On the next audit review, the
first payroll tested did not crossfoot. However, the client’s docu
mentation was good, and the auditors were able to satisfy them
selves that the requested change had become effective, though
not until after the production date of the payroll in question. In
the absence of such documentation, the audit tests might have
had to be extended.
C hange n u m b e r-
Program n am e or
description
D a te
change e ffe c tiv e .
Program No.
TO P IC E XP LA N A TIO N
Id e n tific a tio n and d escrip tio n The m ach in e operator should have a basic
o f program u n d erstanding of th e purpose o f th e c o m p u te r
program . This allow s him to op erate the
program and helps to prevent him from
c o m m ittin g gross errors. The d escrip tio n of
th e program should be b rie f and sta te d in as
sim p le and straightforw ard a m anner as
possible.
C ard layouts and keypunch T he card layouts are som etim es in clu d ed . In
in structions case cards are m angled durin g processing, th e
o p erator m ay need copies o f th e layouts and
keypunch in structions to guide him in
pun ch in g re p la c e m e n t cards. S uch p unch ing
should be c a re fu lly co n tro lled to avoid
in tro d u ctio n o f errors.
System set-up and take-dow n The operator should be given d e ta ile d in struc
in structions tio n s on how to set up a ll th e e q u ip m e n t to
be used during th e c o m p u te r run. These
in structions should also prescribe th e
sequence in w hich th e operations are to be
perform ed. C areful s equencing of set-up and
take-dow n in stru ctio n s can usually reduce
to tal jo b tim e (e.g., readying p rin te r w h ile
program cards are being loaded; u n loading th e
punch, reader and p rin te r w h ile ta p e s are
rew inding).
Deck set-up (fo r card in put) The deck set-up is a diagram show ing th e
arra n g e m e n t of th e program , subroutines, d ate
card, data and se n tin e l cards w hich are
norm ally processed d u rin g a co m p u ter run. (A
se n tin e l card is usually a card c o n ta in in g
special p unch ing to in d ic a te th e end of a file .)
Such a diagram helps to e lim in a te th e errors
a nd lost tim e w hich are o ften caused by
im prop er arran g em en t of th e deck.
Sense sw itch settings Sense sw itches are external sw itches found
on som e com puters and can be te s te d by th e
program . They are used to a llo w th e operator
to spe c ify c e rta in program options when th e
program is to be run. T he fu n c tio n and proper
use o f each e xtern al sw itch should be fu lly
exp lain ed . In s tru c tio n s to th e operator should
describ e exa c tly how th e sw itches are to be set
fo r th e run.
O perator du tie s These in structions should d e fin e th e o p erator’s
d u tie s in s tarting, running and te rm in a tin g the
program . Id eally, n o thing should be le ft to
34 th e o p erator’s m em ory.
TOPIC EXPLANATION
Minimum documentation
The explanations in this chapter are based on a rather complete
documentation plan. Presumably there is a minimum acceptable
set of documentation. W hile difficult to specify as a general
rule, it would probably include the following:
1. Problem statement
2. System flowchart
3. Operator instructions
4. Record layouts
5. Program flowcharts
6. Program listing
7. Test data
8. Approval and change sheet
36
CHAPTER
4
Equipment controls
Another type of equipment control involves having the same D u p lic a te Process
process performed twice and the results of the two operations C heck
compared. Any difference between the first operation and the
second signals an error. The duplicate process may be a comple
mentary action such as reading after writing to check what
was written. 39
Echo C heck In an echo check the central processor sends a command to an
input or output device to perform an operation. The device re
turns a signal that verifies that the proper mechanisms for per
forming the actions have been activated. This check verifies that
the equipment was activated without testing the actual results
obtained.
V a lid ity C heck Since, on many operations, only certain results can be con
sidered correct, one method of checking is to compare a result
obtained against all valid results. Any result not fitting into this
set of valid results is considered incorrect.
In the central processor there are only certain operation codes V a lid ity C heck
which are valid and which the computer can execute and there
is only a certain range of numbers which the computer can access 41
as memory addresses. Before attempting to execute an operation
code or access a memory location, the computer usually per
forms a validity check to determine that it is a valid operation
code or a valid address. V alidity checks are used in some com
puters with character coding to check the movement of data.
Each bit set can encode one character, but not all combinations
are valid. An invalid combination indicates an error.
In terlo cks The computer system has automatic controls to prevent the
equipment from attempting certain operations at the wrong
time. For example, there is an input/output interlock which pre
vents the computer from signalling an input or output device to
perform an action while it is already performing another opera
tion. Thus, a card reader cannot be signalled to read a card
while it is already performing a card-reading operation. A storage
protection interlock is a hardware control used with fairly ad
vanced computer systems that process several programs con
currently. It prevents the computer from using a block of
memory locations that are not assigned to the particular program.
Read
The card transport mechanism in a reader must pull a card from
hopper the input hopper and move it past the read stations (reading
First read
brushes or photoelectric cells) at a precise speed and in a precise
Second read position. (See Figure 4-2, this page). Malfunction of the card
reader may therefore occur because the cards move past the
reading stations at incorrect intervals of time, because the card
is positioned incorrectly, or because the reading mechanism
fails to sense properly. Card reading speeds vary from 200 to
over 1,000 cards per minute, so that a slight delay or slight skew
ing can result in an incorrect sensing. The types of controls
S tacker dru m commonly used in card readers are dual-read and hole-count
controls (both duplicate process), validity checks and photocell
S ta c k e r (circuit) checks. Another check, the double-punch blank-column
check, has been used in some older equipment. These checks
F IG U R E 4 -2 . Path of C a r d in are summarized in Table 4.1 (page 43).
c a rd re a d e r
W hen an error is detected by the card reader, an internal
42 switch is set. The typical error procedure is for the card which
was misread to be routed to a different output bin (stacker) from
those without errors. Depending on the application, the com
puter may halt processing for the error to be handled or it may
continue processing with the error noted for later attention. If it
halts, the reader will usually reject all cards then in motion. A
corrected card and the other cards in process when the error was
detected are re-inserted. Since the more a card is handled, the
greater the chance of error, many installations prefer to complete
the run with errors noted but without card re-entry during the
run.
H a rd w a re c o n tro ls f o r c a rd re a d e rs T A B L E 4.1
T Y P E O F C O N TR O L D E S C R IP T IO N U SE A N D E F F E C T IV E N E S S
Dual read The card is read by tw o separate read Very e ffe c tiv e a t d e te c tin g errors in
stations. R esults of th e tw o reading reading o f cards.
operatio ns are com pared.
H ole count The card is read by th e firs t read station E ffe c tiv e a t d e te c tin g errors. A sm all
and a co u n t is m ade o f th e holes in each p ro b a b ility exists th a t a reading could be
colum n or row (d ep en d in g on w hich way in error even though its tw o hole counts
th e card is read). A second hole count is are id e n tic a l.
m ade by a second read s ta tio n and th e
tw o hole counts are com pared.
V a lid ity A lthough th e re are 4 0 9 6 possible hole An error in reading w h ich , fo r exam ple,
com b in atio n s fo r a colum n on a punched m issed a punch m ig h t s till result in a valid
card, only a fe w (6 4 is com m on) are valid. co m b in atio n of punches. S o m etim es used
The v a lid ity c h eck com pares th e punches in c o m b in a tio n w ith a hole count, d u a l
read ag a in s t th e v a lid co m b in atio n s. T he read, or photocell check.
check can usually be suppressed by
program m ing in order to read non
standard punch co m b in atio n s if th is is
necessary.
P roper photocell A fte r a card is read, th e p hotocell reader Less foolp roof th an o th e r m ethods, but
fu n c tio n in g is te s te d to see th a t it is fu n c tio n in g . A a p p a re n tly q u ite satisfacto ry.
ch eck fo r m isp o sitio n in g o f cards is
in cluded . N ot a p p lic a b le to read heads
using w ire brushes.
D ouble-pu nch blank- The card is ch ecked fo r d oub le punch or Very seldom used e x cep t in old co m p u ter
colum n blan k colum n fo r those colum n s having system s, b u t a com m on te s t in u n it record
n um eric d a ta (w hich should have only eq u ip m e n t.
one punch). A w ired panel is used fo r
program m ing th e test.
43
are summarized in Table 4.2 (below). In one approach, the
results of the punching operation are checked. There is a sepa
rate read station following the punch station. Cards are read
after they have been punched in order to develop information
for either a hole count or a full comparison. A second approach
to punch checking is an echo check in which a signal is sent
from the punch dies verifying that they have been activated.
Both approaches are widely used.
Printer controls
The first step in printing a line is to assemble the characters in
storage. These characters are then loaded into a print buffer
where they are decoded into signals which will select the char
acters to be printed at each print position. There are usually
from 100 to 160 print positions on a line, the most common
numbers being 120 and 132. A hammer located behind the
paper presses the paper and a ribbon in front of the paper against
the type face at the exact moment the selected character is in
position (Figure 4-3, page 45). After a line is printed the paper
and the print ribbon are advanced and the hammer recoils.
There are two basic types of printers—impact and non-impact.
Almost all are of the impact type which uses a mechanically
driven type face pressed against the paper and ribbon. Non-
C O N TR O L D E S C R IP T IO N U SE A N D E FFE C TIV E N E S S
Read com pare A fte r a card is punched, it passes under M ost effective.
a read station. T h e card contents as
read in th is station are com pared w ith
th e data w hich was to be punched.
H ole co u n t A read station reads th e card a fte r it P ro b a b ility of un d e te c te d error very slight.
is punched b u t m akes only a hole count
(row or colum n ) w hich is com pared to
a hole co u n t fo r th e characters w hich
were to be punched.
Echo check The co m p u ter sends signals to punch P ro b a b ility of u n d e te c te d error s till s light,
dies to a c tiv a te th e m to punch the though th e activ a tio n of th e punch dies,
required holes. A signal is sent back rath er than w h a t th e y punched, is being
from th e punch dies v e rify in g th a t they checked.
44 w ere ac tiv a te d .
One section
of characters Paper
Ribbon
Printing
positions
(e.g. 132)
Complete chain
composed of
several character
sections
TYPE E L E M E N T E XP LA N A TIO N
C O N TR O L D E S C R IP T IO N U S E A N D E FFE C TIV E N E S S
P arity bit C
B
Zone
A T racks
(c h a n n e ls )
8
4 1
N u m e ric
2 1
1 T
T he n u m b e r 7 recorded
on m ag n etic ta p e
using 7 channels
and even parity
F I G U R E 4-5. R e c o rd in g o f d a ta on m a g n e tic ta p e
P arity C heck for The basic parity check for magnetic tape is a row check, often
M ag n etic Tap e called a lateral or frame check, in which each character (coded
one character per frame) is given a parity bit when the data is
Longitudinal
check bit for put on the tape. W hen the data is read from the tape the parity
each channel
(track) bit is checked. An improved parity check is the addition of
Vertical parity check bit longitudinal or track parity bits to give a two-dimensional check.
for each row (frame)
Each record encoded on the tape is given a track parity bit in
addition to the row parity bit associated with each frame. This
serves as an added check over the single dimensional row parity.
In addition, the intersection of a missing row bit and a missing
longitudinal bit will, if only one bit is in error, define the exact
bit position causing the error and will allow for automatic error
Block
recovery (Figure 4-6, this page).
Check character A cyclic or diagonal check is used in a few magnetic tape units.
composed of
check bits for
each channel
This is a check character formed by taking a parity check
diagonally instead of down or across. This provides additional
FIGURE 4-6. P a r ity b it capabilities for pinpointing any bit positions that happen to
c h e c k fo r m a g n e tic ta p e . be in error.
Read A fte r W rite C heck The read/write heads on a magnetic tape drive may take two
forms: the single-gap head which acts as both a read mechanism
and a write mechanism (only one operation being performed at
a tim e) and a two-gap head which has both a read head and a
write head. The two-gap head (Figure 4-7, page 49) allows for
a read immediately after a write comparison in which case the
data just written is read and compared. The data is tested to see
if it was recorded at a proper signal level and parity is checked.
The automatic write/read comparison depends upon having the
two-gap head. It is preferable from an error control standpoint
because recording errors are detected and corrected when they
48 occur rather than when the file is next processed. In the latter
case, reconstruction is usually more costly and it is also time
consuming.
A control used with some magnetic tape is that of counting the O th er T a p e C ontrols
number of characters recorded and writing this count on the
tape. W hen the tape is read, the character count is again com
puted and compared. An infrequently used method involves a
dual recording of the information so that there is a back-up
recording of information in case of any problem with the major
recording.
Since most tape errors are caused by surface defects on the H a n d lin g of T a p e Errors
magnetic tape, an error in reading or writing is usually handled
by backspacing the tape one record and repeating the operation.
If the error persists, the operation is repeated again. Dust or
oxide particles will usually be dislodged in this way. If the error
is still uncorrected, the record is noted on the error listing for
subsequent correction and processing is continued. A bad spot
on the tape can be skipped by marking the beginning and end of
the tape portion which is not to be used.
An optical scanner reads characters or marks by scanning with a O p tical S cann ing
beam of light. A character is read by recognizing a particular E q u ip m en t
pattern of light and dark areas. There are several different meth
ods for performing this task.
There are two rates to consider in optical reading—the reject 51
TABLE 4.4 H a rd w a re co n tro ls fo r d ire c t access storage devices
C O N TR O L D E S C R IP T IO N U S E A N D E FFE C TIV E N E S S
P arity A p a rity b it is generated and recorded fo r D etects a recording error only w hen th e
each c h aracter, word or record. record is subsequ ently read.
C haracter T h is is an extension o f th e p a rity check. D etects a recording error only w hen th e
A set of p arity bits is generated based on record is subsequ ently read. Som e
p a rity fo r each o f th e b it positions in a c a p a b ility fo r c o rre c tin g errors.
group of bits. For exam ple, th e re is a
p a rity b it based on th e firs t b it of each
set o f bits in th e record. If th e b it set
c ontain s e ig h t bits, th e c h e c k in g set
contain s e ig h t bits. The c o n ce p t is
s im ila r to th a t of th e tap e record
lo n g itu d in al check bits.
R ead -after-w rite This is a c h eck to d e te c t an error in T he m ost positive check. P erm its d e te c tio n
recording. It consists of reading th e of m ost recording errors a t th e tim e of
record ju s t w ritte n and te s tin g fo r correct occurrence. Can also be program m ed. W hen
recording or correct parity. program m ed, sp ecial ‘‘w rite c h e c k ”
in stru ctio n s are usually a v a ila b le .
rate and the error rate. The reject rate is the percentage of docu
ments rejected because the equipment is unable to recognize the
character. At present, reject rates range from 2-20%. The error
rate is the percentage of documents which were read but which
contained one or more characters incorrectly identified. The
error rate typically ranges from less than 1% of documents up
to 2%.
The reject rate is significant in terms of handling time and
reprocessing. The seriousness of errors undetected because of
misreading depends on the type of application. A 1 % error rate
may be quite acceptable for one application but totally unac
ceptable for another. Programmed tests discussed in Chapter 6
can be used to detect many of the errors that are not found at
the time of reading.
C O N TR O L D E S C R IP T IO N U SE A N D E FFE C TIV E N E S S
V alid ity T h is c h eck d e te rm in e s th a t a received This check has lim ite d value in d e te c tin g
c h a ra c te r is one o f a n u m ber of errors and no valu e in co rre c tin g errors
perm issib le b it configurations. a u to m a tic a lly .
C onstant ratio code T he code is s tructu red so th a t every The code is s im p le to g e n erate and check
c h a ra c te r is represented by th e sam e b u t requires th e transm ission o f extra bits
n u m ber of 0 and 1 bits. T he receiving per c h aracter. It has high valu e in d e te c tin g
te rm in a l counts th e num ber of 1 bits. If errors b u t does not p e rm it a u to m a tic error
th e re is not a constant num ber, an error correction because it does not a llo w fo r
has occurred. id e n tific a tio n o f an erroneous bit.
P arity (sim p le one A p a rity b it is added to each group of This c h eck d e te c ts s in g le -b it errors b u t not
dim ensional) d a ta bits to m ake th e to ta l num ber o f bits errors involving an even num ber o f bits
odd in an odd p a rity check or even in an because p a rity is unchanged. It does not
even p arity check. p e rm it error correction.
P arity (two A p arity b it is added to each c h a ra c te r This check ensures d e te c tio n o f up to th ree
d im en sio n al) code and lo n g itu d in a l p a rity bits are errors in a block. It has lim ite d c a p a b ility
developed fo r each block. A separate b it fo r error correction.
is form ed fo r each level of th e tra n s m itte d
code. T h is check is s im ila r in co n cep t
to th a t o f th e lo n g itu d in a l p arity fo r
m a g n e tic ta p e and th a t o f th e c h a ra c te r
code fo r d ire c t access storage.
53
appeared to be invalid. If the procedures for handling this error
are not followed properly, the result may be a double reading of
the card or a skipping of the card. In reviewing processing pro
cedures, therefore, the auditor should usually devote more atten
tion to the procedures for handling errors than to the hardware
controls which detect them.
54
CHAPTER
5
Loss of D o cu m e n t or During the data processing cycle a record may be lost. Two
Record in H a n d lin g paper documents may stick together, a record may be overlooked
by the keypunch operator, or a record or document may be lost
or dropped or may otherwise disappear in transit or in handling
by the data processing personnel.
T E C H N IQ U E EXAM PLE
P repunched data cards w ith H ourly payroll cards reproduced from m aster
only variab le data added payroll cards (only hours w orked need be
keypunched)
E xception in p u t S ala rie d payroll in w hich no in put is required
unless th e re is an exception
To ensure that the proper transaction or master file is used and F ile Label
that the entire file is processed, file labels are usually used at the Controls
beginning and end of files (especially magnetic tape files). In
fact, many operating systems specify standard file labels. A file
label is a record at the beginning and/or the end of the file which
records identification and control information. Reel labels may
be used for each reel of a multi-reel file. The label at the begin
ning is the header label which identifies the file (see Figure 5-3,
page 65). Typical information on a header label is:
1. Name of file
2. Creation date
3. Identification number
4. Reel number 63
An e rro r in th is colum n Final OK n o tch .
The trailer label is the last record and summarizes the file.
Typical information on a trailer label is:
1. Record count
2. Control totals for one or more fields
3. End-of-file or end-of-reel code
Note that these are internal labels. External labels are a separate
feature and are explained in Chapter 7.
Tests fo r Once read by the computer, the data items can be subjected to
V a lid D ata tests to ensure that they are within the limits established for
valid data. Some examples of the checking which can be done
are:
1. V alid code. If there is only a limited number of valid codes
(say, for coding expenses), the code being read may be
checked to see that it is one of the valid codes.
2. V alid character. Certain characters only are allowed in a
data field, so the computer can test the field to determine
64 that no invalid characters are used.
3. V alid field size, sign and composition. If a code number
should be a specified number of digits in length, the computer
may be programmed to test that the field size is as specified.
If the sign of the field should always be positive or always
negative, a test may be made to ensure that the sign is cor
rect. If the field should contain only numerics or only alpha
betics, a test may be made to determine that the field does
indeed contain the proper composition of characters.
4. V alid transaction. There is usually a relatively small number
of valid transactions processed with a particular file. For
example, there is a limited number of transaction codes
that can apply to accounts receivable file updating. As part
of input error control, the transaction code can be tested for
validity.
5. V alid combination of fields. Combinations, besides individ
ual fields, may be tested for validity. For example, a salesman
code that can be associated with only a few territory codes
can be checked for invalid combinations.
6. Missing data test. The program may check the data fields to
make sure that all data fields necessary to code a transaction
have data.
7. Sequence test. In batch processing, the data to be processed
must be arranged in a sequence identical to that of the file.
Both the master file and the transaction file may be tested to
ensure that they are in correct sequence—ascending or de
scending, as the case may be. The sequence check can also be
used to account for all documents numbered sequentially.
8. Lim it or reasonableness test. This is a basic test for data
FIGURE 5-3. Header and trailer labels for file on magnetic tape 65
processing accuracy. Input data usually falls within certain
limits. For example, hours worked should not be less than
zero and should not be more than say 50 hours. The upper
lim it may be established from the experience of the particular
firm. Input data may be compared against this lim it to en
sure that no input error, or at least no input error exceeding
certain pre-established limits, has occurred. The following
are sample situations:
The total amount of a customer order may be com
pared with his average order amount. If this order
exceeds say three times the amount of his average order
then an exception notice may be printed.
A material receipt which exceeds two times the eco
nomic order quantity established for the particular item
may be subject to question.
An amount on a receiving report may be compared
with the amount requested on the purchase order. If
there is more than a small percentage variance, an
error in the input data can be assumed.
In a utility billing, consumption is checked against
consumption in prior periods to detect possible errors
or trouble in the customer’s installation.
9. Check digit. The check digit is checked on identification
fields having this control feature.
C ontrol Totals Control totals are used as a basic method for detecting data
errors. The control total process requires that a control figure be
developed by some previous processing and that the current data
processing recompute this amount, comparing the resultant total
with the previous total. Control totals are usually obtained for
batches of data. The batches are kept to a reasonable size so that
errors can be isolated easily. In batch processing, one or more
control totals are prepared for each batch of source documents
before they enter data processing. The control totals are written
on a batch ticket along with other control information. (Figure
5-4 (page 67) and Figure 5-5 (page 6 8 )) which accompanies
the batch. The control totals are normally keypunched or other
wise converted to machine-readable form and accompany the
66 batch as it enters computer processing. The control totals are
D a te _____
C ontrol to tal
D escription o f control
to ta l —
read by the computer for use in checking the batch of input data.
Sales slips to be processed by computer, for example, are first
added on an adding machine so that a control total for the sales
in the batch may be reached. A control total for payroll might
be the number of employees for which checks should be pre
pared. Control figures may be financial totals, hash totals, or
document or record counts.
Financial totals. Financial totals are totals such as
sales, payroll amounts, inventory dollar amounts, etc.,
which are normally added together in order to provide
financial summaries.
Hash totals. Hash totals are totals of data fields which
are usually not added. The total has meaning only as
a control and is not used in any other way in data
processing. To determine that all inventory items are
processed, a control total may be developed of the
inventory item numbers and this control total com
pared with the sum of the item numbers obtained
during the processing run.
Document or record count. In many cases, instead of
obtaining a financial total or hash total, it may be
sufficient merely to obtain a count to ensure that all
documents or records have been received and processed.
The comparison of the control totals obtained prior to process- 67
B atch no. To
D ate From
N u m b e re d
No. of
d o cu m en ts From To
C ontrol to ta ls
ROUTING SLIP
69
given department or past a control point in order to prevent the
accidental or fraudulent reuse of the document for initiating
data processing. Examples of methods include document num
bering, cancellation stamps, and processing marks.
A S ta tis tic a l A nalysis A questionnaire was sent for market research purposes to cus
70 tomers of a company. There were over 15,000 replies which were
to be tallied and analyzed. Most of the questions could be
answered in one of six ways. The impact of a small number of
errors in coding was not great because of the type of analysis
performed. The company used the following procedure:
1. The questionnaire results were punched onto cards but not
verified.
2. A simple edit program was written in to examine each card
for (a) answers out of the possible range (for example, a 3 or
any higher number answering a question with a yes or no
response coded 1 or 2 ), (b) absence of answer to a question
and (c) inconsistent answers to three control questions. The
cards were then counted.
3. Corrections were made based on this simple edit routine and
the revised deck was used in the analysis. Each analysis in
cluded a count of the cards. This count provided a control
against loss or non-processing of a card.
D istrib u tio n Controls The documentation for a run specifies the number of copies to
be prepared by the computer operator. M ultiple copies must be
separated and the carbons removed (decollation). Continuous
forms are sometimes separated (burst), but are also frequently
bound unburst. M echanical equipment is available for removing
the carbons and separating the individual sheets.
72 Normally, the documentation for a data processing run also
describes the distribution of the output. A report distribution
sheet (Figure 5-8, below) or similar control may be used to
record the distribution of the output. A transmittal or release
form may be attached to the document, especially if it contains
confidential information.
The output should be subjected to review before it is sent from U sing O utpu t
data processing. It may receive an additional review by a control For Error C ontrol
function established in the user department. The receiving de
partments also tend to detect errors in the normal course of their
use of the data.
The person charged with processing control inside the data
processing installation checks for completeness of output, correct
number of copies and agreement of control totals and also cross
checks with output from related programs (for example, he
checks reductions of inventory in an inventory control program
against cost of sales quantities in a sales analysis program ). This
review prior to distribution includes scanning of the output for
obvious errors, such as lines of meaningless characters or missing
fields.
In certain cases it may be desirable (as explained in Chapter
2) to have additional tests performed on the output before ac-
Summary
Although input data accuracy is a continuing problem in data
processing, there are various control techniques which may be
built into the data processing procedures.
Input errors can occur when the data is recorded, when it is
converted to machine-readable form, when it is read into the
computer, or when it is handled, moved or transmitted.
Controls over input creation and conversion may include
procedural controls over data recording, review or verification of
transcription or conversion and the use of a check digit.
Controls at the point of entry into the computer may include
a file label, tests for valid data and control totals. The validity
checks are performed on the data fields of each record and may
include tests for valid codes, characters, field sizes, transactions
and combinations and tests for missing data, sequence and limit.
File labels, transmittal slips, route slips and control totals are
used to keep track of batches of data and to prevent loss or non
processing of items as they move through the data processing
installation.
76 Controls over output include distribution controls and reviews
of the output. The reviews may be performed within the data
processing organization and by the users of the output.
The auditor must evaluate input/output error controls as part
of his evaluation of the data processing system. In general, he is
concerned with the adequacy and operation of the controls. In
order to make his judgment, the auditor must understand how
errors might be introduced, what the consequences might be of
possible errors, and what correction procedures are used when
errors are detected. The handling of error corrections should be
well controlled in order to avoid the introduction of new errors
or the accumulation of uncorrected errors in suspense accounts.
CHAPTER
6
Errors in the coding of instructions usually show up in the as Errors in C oding
sembly or compilation process during which the program is
translated from symbolic to machine language form. Errors 79
(other than syntax errors) in written instructions are usually
detected in the debugging phase of program preparation.
Errors in During programming, every path which the processing can possi
Processing Logic bly take should be accounted for—but there may be literally
thousands of possible paths. Thus, a program may be written
with incorrect logic for several processing paths and the defect
detected during the debugging phase only if there is a test of
that path. Test data used in debugging is designed to test all
processing paths, but it is unlikely that all possible sets of condi
tions for a large program can be tested in advance.
Control figures developed in the same manner as the input con C ontrol Figures
trol totals can be used for testing the data processing within the
machine. For example, the number of items to be invoiced in a
billing run may be used as a control total and compared with the
number of items billed on the invoices.
Control figures developed during processing should, where
relevant, be in a form which can be compared with related input
control totals. If input controls are on gross debits and credits,
then the program should also develop gross debit and credit
totals.
For the initial setup of a job, the operator makes use of directions Console M essages fo r
in the computer operator instructions book. This specifies the O perator D irection
equipment to be used, the files to be loaded, etc. For computers
with an operator console I/O device, a console message should
describe any steps to be performed by the operator during the
running of the program. The console input/output unit is
usually a typewriter or a cathode ray tube display. (If a com
puter does not have a console input/output device, the regular
printer must be used for messages.) The console operator should 83
usually be required not only to perform the task but also to verify
via the console input device that the task has been performed.
Tests fo r Proper E quip If files such as magnetic tapes are to be placed on specific units,
m en t and S w itch S ettings it is correct procedure to program a test of the equipment to
check that the files are loaded. If program sense switches (m an
ual switches on the computer which can be tested for setting by
a program instruction) are used, the program should test the
switch settings to see if they correspond to switch settings which
are appropriate for that particular program.
Summary
To obtain reasonably high assurance that a program will do what
is intended, there should be proper organization and supervision
of programming and proper debugging of programs before use.
In addition, the program itself should provide for the detection
of errors which may go undetected during preparation and de
bugging. The programmed tests are relatively simple but can be
very effective in detecting logic errors, incomplete processing
errors, and errors introduced by incompletely debugged program
changes. The programmed error controls can also detect certain
types of operator errors, such as the loading of incorrect data
files or the incorrect setting of sense switches.
The operating system is an important development with re
spect to processing control because it takes over, using standard
routines, many processing tasks which would otherwise have to
be detailed by the programmer. The standard procedures, stand
ard error messages and standard responses eliminate many of
the errors which come from the use of inconsistent, non-standard
methods.
85
7
C H A PTER
A u d itin g C onsiderations The client’s practices for safeguarding of files are important to
the independent auditor. Unsound practices may lead to oper
ating problems for the client and may interfere with the audit
by not providing an adequate audit trail. The client’s retention
practices for safeguarding files may also provide data for audit
tests.
The auditor should alert management to any deficiencies in
procedures for safeguarding records and files and providing file
reconstruction in the event of loss. Even though no loss or
destruction may have occurred, a weak system endangers the
records and, consequently, jeopardizes future operations and
audits of the company.
Proper management of file safeguards aids in the preservation
of an audit trail. An audit trail is a trail of files and references
88 which allows for the tracing of transactions from inception to
final recording in the accounts, or from final recording backwards
to inception. This concept is discussed further in Chapter 9.
A client’s control procedures must be understood if the auditor
is to make use of the computer to test client files. W ithout this
knowledge, the auditor can very easily plan to run a test on files
which no longer exist. Of course, the auditor should not depend
on the retention practices of the client but should specify in
writing the files that must be retained for recurring audits. Other
wise a change of file retention practices during the year may
destroy data desired for the audit.
Physical safeguards
The physical safeguards for computer files may be classified as
environmental control, fire protection, security protection and
off-premises storage. A discussion of fire insurance protection is
included later in the chapter.
Cards, tapes and disks can be affected by extremes of temperature E nvironm ental Control
and humidity. Punched cards, for example, tend to hold static
electricity and stick together if the humidity is too low, but, if
the humidity is too high, they swell in size and can jam the input
mechanism on the card reader. Therefore, it is desirable to con
trol the temperature and the humidity in the areas used for
storing machine-readable records. Standard building tempera
ture and humidity control equipment is adequate.
A magnetic field arising from a power generator or a nearby
high voltage electrical source can destroy the magnetically en
coded contents of media such as disks and tapes. This possibility,
though it seldom occurs, should be considered when environ
mental safeguards are established.
Tape files, card files and disk packs can be easily destroyed by Fire P rotection
fire. These records are even more subject to fire damage than the
printed or written records of manual or tabulating systems. A
small fire which chars only the edges of paper or books can melt
a tape or warp a disk. Both fire and water can damage a card file
so that it can no longer pass through the input reader. In the 89
case of computer equipment, "over-heating to as little as 140°
can cause malfunction of some transistors and temperatures
above 300° Fahrenheit can permanently damage these devices"1
The most spectacular example of fire damage occurred in 1959
in the Air Force Statistical Division Offices at the Pentagon.
Seven thousand reels of magnetic tape were destroyed. The tape
itself was valued at $.25 million; the information on the tape
was probably worth many millions.
The National Fire Protection Association has made extensive
recommendations concerning computer installations.2 In gen
eral these call for:
1. Housing of the computer in a non-combustible environment
2. Use of smoke or fire detectors
3. Availability of carbon dioxide extinguishers
4. Storage of vital records in storage cabinets having a class C
rating (one hour at 1700° Fahrenheit)
5. A separate air conditioning system for the computer or a
shut-off switch for cutting off the air conditioning fans
6. A separate emergency shut-off switch to control electrical
power for the computer system
7. Personnel trained in fire control procedures
Care should be taken to include program files and documen
tation in provisions for fire protection. In one case, a company
purchased an excellent vault for storing magnetic tape and felt
they had done a good job of ensuring fire protection. However,
a magnetic tape can be read only by using a computer and a
computer will not function without a program. The company’s
programs were stored in a steel cabinet next to the computer. In
the event of a fire, the data would have been safe, but there
would have been no way to process it.
S e cu rity Protection M any organizations always lock their general ledgers in their
vaults each night, yet leave the same information on a tape reel
At best, fireproof storage will only guarantee protection of files O ff-P rem ises
or documents for a limited period of time. An intense fire, or Storage
some other disaster such as flood can still destroy data processing
records in “fireproof" storage. For this reason, off-premises
storage is used to provide a further safeguard for essential data
processing records.
Off-premises storage can be implemented by renting space in
a secure, fireproof, remote location. Some organizations use
bank vaults. This is usually quite expensive and therefore suit
able only for selected information. Another method is to use a
different storage location within the same company. One organ
ization which follows this policy mails copies of magnetic tape
files and documentation each day to another location of the
company, where they are stored in a fire-resistant room. Tape
files no longer needed for back-up are returned to the computer
center for reuse.
The method of providing files for remote storage is chosen ac
cording somewhat to the type and portability of the media being
used, whether punched cards, magnetic tape, disk packs or strip
file packs. This topic receives further treatment later in the
chapter.
Procedural controls
Procedural controls can be used in the management of a com
puter center in order to minimize the possibility of data or pro
gram file destruction through operator errors. Some common
methods surveyed here involve external labels, magnetic tape
file protection rings, tape library procedures, internal labels and
boundary protection. 91
E xternal Labels Files should be clearly labeled so that the operator can be sure
of their contents. External labeling can be used on punched
card and magnetic tape files, for instance.
Punched card files should be clearly labeled as to date created
and file name. Such information is usually written on the top
of the deck with a felt marking pen. The first and last cards of
the deck are marked “FIRST CARD’’ and “LAST CARD,”
respectively, and both carry the file identification number.
All magnetic tape reels should be clearly labeled for easy
identification. An unlabeled tape is assumed to be a “scratch”
tape (one available for erasure and reuse). External tape labels
(see Figure 7T, below) indicate the date written, the file num
ber, the file name and the release date. Large installations may
have so many tapes that it is convenient to identify tapes by reel
number, rather than by file name.
It is possible to use the color of the plastic tape reel itself as a
further identification—but not as a substitute for external labels.
Reels can be obtained in six to eight different colors. An installa
tion may work out an identification code, such as red for master
files, yellow for system files, etc.
F ile P rotection Rings Another physical safeguard is used to prevent erasure of informa
tion prior to the release date for a magnetic tape. This device is
a removable plastic or metal ring, the presence or absence (de
pending on the computer manufacturer) of which will prevent
D ate Certified
Density
Date out Program no. File no. Program and file nam e Errors
Retention plan
The retention plan, aside from legal considerations, should pro
vide the basis for file reconstruction and for reference or audit
trail tracing. Since the retention plan is affected by the char
acteristics of the media involved, this discussion considers source 95
documents, punched cards, tape files, disk files and dumps (copy
ing of contents) to other media.
S ource D ocum ents The source documents on which an input file is based must be
retained intact until such time as the file is proved and balanced
with its controls. At this point, the data may be filed or other
wise disposed of. However, the traditional audit and regulatory
retention requirements still prevail and must be observed.
P unched Card Files Any important master file, such as an accounts receivable master
file, should be reproduced and the copy should be stored outside
the installation as a back-up or reserve deck. Two copies of any
revision to the file should be prepared, one for processing against
the current master file and one for filing with the reserve deck.
Should it be necessary to use the reserve deck, all changes made
since it was prepared could be processed to create an updated
deck. A complete new copy of the master file should be repro
duced periodically (say, every six months) for storage in the
outside location. Each time, the previous master deck and inter
vening revisions may be destroyed. Some installations punch
master files into plastic-coated cards which last longer. Plastic
cards cost 3 to 4 times as much as regular cards but they can be
used for about 6 times as many computer passes.
It is not possible to make any blanket statements about card
file retention. In each case the overall system and the im
portance of the file together dictate how long the file should be
retained. Original card files from source documents are usually
retained longer than other files since they are more difficult to
recreate. Machine output card files can be recreated by re
processing, but source files from written documents can only be
duplicated by the laborious process of repunching. If a card file
is correctly transcribed to another medium, such as magnetic
tape, the card file may be released and the replacing medium
preserved.
M ag n etic T a p e Files Back-up support for tape files is usually accomplished by use of
the son-father-grandfather concept (Figure 7-4, page 98). An
organization usually produces an updated master file at each
96 processing by reading the previous period’s master file, making
changes according to the transactions being processed, and
writing the new file. The following is an example of the normal
back-up available for daily processing after processing of W ednes
day’s transactions (keep in mind that the processing creates a
new file tape but does not destroy the old o n e ):
Disk files are of the fixed module or the removable module (disk Disk Files
pack) type. A characteristic of disk file processing is that the old
record is destroyed. W hen there is an updating, a record is read
into storage, altered, then copied back onto the same part of the
file, thereby wiping out the old record. To obtain a back-up copy 97
T ra n s
action
file
F ath er Son
T h is
processing
Old N ew Save fo r
period m a s te r File up d atin g m a s te r cu rre n t
file run file use
S ave Save
Saved
fro m T ra n s G ra n d fa th e r
prior actions m a s te r
processing
period
Reconstruction plan
If an installation prepares file back-up and safeguards it properly,
it has the raw materials for reconstruction. The implementation
of reconstruction may require two additional elements:
1. Physical back-up facilities
2. Programs to facilitate reconstruction
Physical The installation should have arrangements for the use of back-up
B ack-up F a cilities facilities. These may involve the use of:
1. Manufacturer’s installation
2. Data processing service center equipment
3. Another organization that has the same equipment (perhaps
a reciprocal arrangement)
Plans should be ineluded for the transportation of personnel,
data and records to these facilities.
Insurance
Insurance should be included in the plan to safeguard files. Of
course, the details of an adequate insurance program should be
explored with a competent insurance representative but, in order
to review the plan for safeguarding files, the auditor should be
aware of the types of coverage available.
The risks against which the organization should be protected
arise primarily from fire and, if work is performed for others,
from liability for errors or omissions. The risks from fire are
covered in varying degrees by three different types of policies:
1. Fire insurance
2. Valuable papers and records insurance
3. Data processing insurance (all risk) with media and records
section
A summary of coverage by specific risk is summarized in Table
7.1 (page 102). This table shows that data processing risks from
fire are not well covered by regular fire or valuable papers in
surance, whereas the all-risk data processing insurance is designed
specifically for the losses that are associated with computer data
processing.
Organizations (service centers, banks, CPA firms) which rent
time or provide data processing services for outsiders are exposed
to two liability risks:
1. Losses caused by errors in the work performed
2. Losses caused by programs written by a consultant
Both of these risks can be covered by data processing liability
insurance.
There are currently four insurance companies writing data
processing insurance. Two determine premiums on the basis of
an engineering survey of the installation and two quote a flat
rate with a $5,000 deductible clause. In all four cases, actual 101
TABLE 7.1 S u m m a r y o f C o v e ra g e P ro v id e d b y D iffe r e n t P o lic ie s
fo r D ata Processing Fire Risks
102
CHAPTER
8
The auditor’s primary purpose in evaluating internal control is The Purpose of Evaluating
expressed in the second standard of field work of generally ac In te rn a l Control
cepted auditing standards:
‘‘There is to be a proper study and evaluation of the
existing internal control as a basis for reliance thereon
and for the determination of the resultant extent of
the tests to which auditing procedures are to be re
stricted.”1
A secondary, but nevertheless important, purpose is to provide
constructive suggestions to clients. Of course, these two purposes
are related, but it must be understood that the former is required
by professional standards, while the latter is a matter of discretion.
The purpose of these controls is to detect and control errors C ontrols for
A u to m ated E q u ip m en t
arising from the use of EDP equipment. Examples (described
in previous chapters) are:
1. Controls to verify conversion of data to machine-readable
form for input
2. Controls to detect the loss or nonprocessing of data items
3. File controls to guard against the misuse of files stored on
machine-readable media
4. Controls to detect hardware malfunctions
5. Programmed and procedural controls to guard against oper
ator error
If any of these controls are absent, the system may be exposed to
undue risk of error. If an omission is considered serious, the
scope of audit procedures is affected.
In a manual system, internal control relies upon such factors as Program Controls
human alertness, care, acceptance of responsibility and division T h a t S u b s titu te f o r
H u m an Controls
of duties. Computer processing, however, reduces the number of
persons involved in data processing, so that many controls based
on human judgment or division of duties are no longer available.
The computer program provides alternatives for these human
controls. Take for example the following situation: the lowest
level clerk usually reacts when she receives a shipment document
on which to insert prices and cannot relate the description of the
item to the price list; in a computer operation, a non-match
must be programmed lest the shipment be invoiced at $0 and 107
accounts receivable updated with a “no charge" invoice. In
most instances, the computer checks can be more extensive than
those performed manually. Examples (described in previous
chapters) are:
1. Data validity tests and cheek digits
2. Limit and reasonableness tests
3. Sequence checks
4. Error routines for unmatched items, erroneous data, viola
tions of limits, etc.
O rganization and This aspect of internal control relates to the assignment of re
M an ag e m en t sponsibility and authority for the various functions to be per
formed within the organization. Generally, internal control
requires a segregation of duties so that the functions of authoriz
ing and processing transactions and of maintaining custody of
assets are effectively separated.
W here computers are used, the auditor’s review of internal
control should determine whether the organizational structure
includes any incompatible combinations of functions. Sources
of information and techniques available for reviewing those
aspects of internal control to do with organization are generally
similar whether or not computers are used. Certain matters that
require special consideration in this respect have been discussed
in Chapter 2. In general, separation of the systems design and
programming duties from computer operating duties is desirable.
This separates the preparation of programs from their use in
processing.
Further control based on division of duties is achieved by keep
ing the performance of control functions from the programmers
108 or operators. The control function should include such duties as
maintenance of manual controls which account for all input
data, reconciliation of manual and machine control figures,
reconciliation of run-to-run control totals, investigation of viola
tions, and control over transmission of output. In larger installa
tions, control over data files and programs may be increased by
employing both a tape librarian and a program librarian.
Control practices associated with data processing organization
and management are;
1. Documentation
2. Program changes controls
3. Scheduling of personnel
4. Procedures for reviewing error log, time log, etc.
5. Maintenance of adequate audit trail
6. Provision for file protection
Controls O ver Processing The control points at which specific data processing controls are
applied to prevent or detect errors are presented in Figure 8-1
(below). These are the controls imposed on original source
document preparation, on conversion to machine-readable form,
on processing, on distribution of output, and on uses of output.
Typical controls associated with each control point are outlined
here; they have been discussed specifically in Chapters 2-7.
S ource
Processing O u tp u t User
data In p u t
by
c o m p u te r program
Errors and
corrections
= C ontrol point
In order to obtain a knowledge and understanding of the pro In vestig atin g th e System
cedures and methods prescribed for a data processing system, the
auditor should investigate (1) general aspects of control that
apply to the computer system as a whole and (2) controls asso
ciated with specific applications. Since there is some overlap
between these two types of control, the following division is
not strict:
O b ta in in g In fo rm atio n The auditor’s principal sources of data for making his review of
the computer system controls are organization charts and related
material, documentation, inquiries of responsible data-processing
personnel, and inquiries of accounting and other personnel. The
manner in which the auditor obtains the necessary information
and records it in his working papers is largely a matter of indi
vidual or firm preference (as is also the case where computer
systems are not involved). Techniques ordinarily include ques
tionnaires, check lists, flowcharts and narrative memoranda. An
example of a questionnaire designed for this purpose is included
as Appendix E.
The sample questionnaire is divided into two sections—one
for general system controls and the other for specific application
controls. The questions in the general section relate to the gen
eral control framework present in data processing organization,
documentation, hardware, file protection, and general policies
and procedures for input and output. The other section is used
in connection with each computer application within the scope
of the auditor’s examination (i.e., each application that affects
the financial statements). The extent of the review of different
applications may vary, depending on circumstances.
The error listings made in connection with computer applica
tion runs are a basic source of information about the system
and its performance. They have no direct counterpart in a
manual system. However, similar information can be found in a
manual system by examination of adjusting journal entries for
error correction, error memoranda, corrections in the records
112 and suspense account entries.
Organization is investigated in order to obtain information on A u d it Im p lica tio n s of
Top ics to Be In vestigated
the segregation of duties or practices such as rotation of person
nel, on the organization of the control function and on the oper
ators’ control procedures. This information forms a basis for
evaluating the control provided by the organization and manage
ment of the EDP installation.
A review of documentation provides information relevant
primarily to operating efficiency. Inadequate documentation
exposes the installation to operating hazards but may not affect
the audit steps unless a review of error listings and reports
raises questions about the adequacy of program controls which
can only be resolved if there is adequate documentation, or un
less the independent auditor wishes to test the program directly.
If documentation is inadequate to support the audit procedures
(such as test data), additional audit procedures may be required.
Moreover, inadequate documentation may indicate poor man
agement, which may be indicated elsewhere in inadequate con
trols.
Hardware controls are usually reliable. However, the auditor
should be aware of possible problems, particularly where pro
gram tests are necessary for the detection of errors. He does not
usually gather information on hardware controls unless his
examination discloses hardware-based difficulties.
File protection and file reconstruction are important for pre
venting hazards to the processing of data. However, these con
trols do not usually affect the audit procedures unless some infor
mation needed for the audit has been destroyed. The auditor
should report any uncovered weaknesses to management as
items to be corrected in order to safeguard the organization against
failure caused by a data processing breakdown.
Other general topics may be investigated to aid in assessing
the operating procedures. W hen examining input and output
controls for review of application, for instance, the auditor may
also examine certain overall policies. His investigations reflect
his concern with the organization of input control procedures
and with the administrative procedures for controlling distribu
tion of output and for handling error feedback based on review
of the output. The adequacy of control over error investigations
is of great concern to the auditor, since a procedure for indepen
dent review and approval of error corrections reduces the risk of
introducing undetected error conditions through corrections.
The auditor must make an evaluation of the adequacy of the 113
controls associated with a particular application in order to estab
lish the extent to which audit test procedures should be applied.
The general area of data processing may be viewed as the subject
of a separate control review. Review of a computer application,
however, should consider together the information from the
regular internal review questionnaire (or other source) and the
data processing information. The EDP application questions
thus form a supplement to the regular application questions.
For example, the EDP questions relating to processing of payroll
should be evaluated in terms of the entire payroll application (in
cluding all manual procedures).
W hatever technique is used for obtaining and recording the
necessary information about any computer control system, the
most important and difficult task is the evaluation of this in
formation. Evaluation so far is preliminary, based on the system
purported to be in effect. The next stage, therefore, consists of
tests of compliance to see if the supposed system does exist.
Tests of C o m p lian ce Ordinarily, the information obtained by the auditor in his pre
liminary investigation can be tested by supplemental inquiries
and discussion with data processing personnel and by personal
observation of their activities during the course of his examina
tion.
In non-computer systems, tests to establish the performance of
specific control procedures are made by examination of docu
mentary evidence, such as signatures or initials indicating au
thorization, approval, verification and reconciliation of details
with control totals. Such forms of visible evidence are also avail
able for many control procedures in computer data processing.
Examples of compliance tests using such evidence are:
1. Examination of cards for end notch if they are to be key
verified
2. Examination of machine room log book for proper recording
of control information
3. Examination of documentation for completeness and evi
dence of proper authorization of program changes
4. Examination of control and error listings and tracing of con
trol totals to sheets used in reconciliation to check compli
114 ance with reconciliation procedure
5. Examination of control and error listings for evidence of con
trol totals said to be used.
For the testing of controls contained in computer programs,
evidence that the controls exist and are operative during the
period of the examination is necessary. There are two methods
for obtaining this evidence—one which does not use the com
puter and one which does.
The method which does not involve the use of the computer
program makes use instead of computer printouts and error list
ings to obtain evidence of the processing actually performed.
Transactions are traced from input to regular output or to an
error listing. This procedure tests a sample of processed items
rather than the program itself. The program’s processing and
control steps are inferred from evidence of its handling of selected
transactions (both correct and erroneous). This approach is
described in more detail in Chapter 10.
The second method makes use of the computer to test the
program or to test the results of processing with the program.
This approach is described in Chapter 11. The different methods
may be used separately or in combination, as appropriate.
Summary
In carrying out the internal control review, the auditor evaluates
both the possibilities for errors and the existing controls against
these errors. His review should result in a determination of the
nature and extent of audit procedures to be followed; it should
also enable him to offer appropriate suggestions to the client for
eliminating the weaknesses in existing controls.
The review consists of two major phases: investigation of the
system and testing for compliance. The investigation of the
system makes use of inquiries of responsible data processing per
sonnel and of documents such as procedures manuals, organiza
tion charts, etc. Its purpose is to discover what the system is
supposed to be. The tests of compliance check the system to
determine whether or not it complies with the description ob
tained during the investigation phase.
The internal review should provide the auditor with an under
standing of the system sufficient to allow him to evaluate the 115
extent to which he may rely upon the system of internal control
and the extent to which he must perform audit tests of the
records.
116
9
C H A P TE R
Journal
R eport
Transactions in
sam e sequence
as file
Error
m essages
D irect-
File access
Transaction updating file
Error
M essages
The general principles governing the design of proper audit G eneral P rinciples
trails are as follows:
1. For all transactions affecting the financial statements there
must be a means for establishing the account to which the
transaction is posted.
2. For all accounts reflected in the financial statements there
must be a means for tracing the summary amount back to
the individual transaction elements.
3. For all transactions and accounts drawing a large number
of inquiries, regular provision should be made to supply the
records necessary for answering the inquiries.
4. For all transactions and accounts not typically subject to in
quiries there must be a means for tracing, even though
regular provisions are not made.
The methods by which these general guidelines may be fol Im p le m e n ta tio n M ethods
lowed are limited only by the ingenuity of the system designer.
There are, however, three basic methods:
1. File record gives current balance and references all changes
by transaction listing or batch number (see Figure 9-4,
page 124). This is similar to the ledger system as each 123
change in the file balance is recorded by a reference to the
transaction listing or batch. The transaction listing provides
the details for tracing back to the documents.
C urrent balance
and all
change references
Balance and
docum ent
references
12 6 F IG U R E 9 -5 . In te rn a l R even u e S e rv ic e g u id e lin e s
plexity of the system and require additional cost, but this cost may be
negligible in comparison to the expense that may be incurred at a later
date if the system cannot practically and readily provide the infor
mation needed to support and substantiate the accuracy of the previ
ously reported tax liability.
S ec. 4. ADP R ecord G uidelines.
.01 ADP accounting systems will vary, just as manual systems
vary, from taxpayer to taxpayer. However, the procedures built into
a computer’s accounting program must include a method of producing
from the punched cards or tapes visible and legible records which will
provide the necessary information for the verification of the tax
payer’s tax liability.
.02 In determining the adequacy of records maintained within an
automatic data processing system, the Service will consider as accept
able those systems that comply with the guidelines for record require
ments as follows:
(1) G eneral and S ubsidiary B ooks o f A ccount.—A general ledger,
with source references, should be written out to coincide with financial
reports for tax reporting periods. In cases where subsidiary ledgers
are used to support the general ledger accounts, the subsidiary ledgers
should also be written out periodically.
(2) S u p p o rtin g D ocum ents and A udit Trail.—The audit trail
should be designed so that the details underlying the summary ac
counting data, such as invoices and vouchers, may be identified and
made available to the Internal Revenue Service upon request.
(3) R eco rd ed o r R econ stru ctible Data.—The records must provide
the opportunity to trace any transaction back to the original source
or forward to a final total. If printouts are not made of transactions
at the time they are processed, then the system must have the ability
to reconstruct these transactions.
(4) Data S to ra ge M edia.—Adequate record retention facilities
must be available for storing tapes and printouts as well as all appli
cable supporting documents. These records must be retained in ac
cordance with the provisions of the Internal Revenue Code of 1954 and
the regulations prescribed thereunder.
( 5 ) P ro gra m D ocum entation.—A description of the ADP portion
of the accounting system should be available. The statements and
illustrations as to the scope of operations should be sufficiently detailed
to indicate (a) the application being performed, (b) the procedures
employed in each application (which, for example, might be supported
by flow charts, block diagrams or other satisfactory descriptions of
input or output procedures), and (c) the controls used to insure ac
curate and reliable processing. Important changes, together with
their effective dates, should be noted in order to preserve an accurate
chronological record.
S e c . 5. C o m m e n t s or I nquiries.
Comments or inquiries relating to this Revenue Procedure should
be addressed to the Assistant Commissioner (Compliance), Attention:
C P : A, Washington, D.C., 20224.
Summary
The advent of EDP systems has brought changes in audit trail
form. The extent of the changes varies according to different
system design concepts. The substance of the audit trail has
been retained, however, because of management’s need of in
quiry trails for reference purposes.
General guidelines for the audit trail emphasize that there
must be a capacity for tracing any transaction to a summary
account and for tracing a summary account backward to its in
dividual elements. These guidelines are consistent with those
of the Internal Revenue Service.
The changing form of the audit trail involves an increased
retention of data in machine-readable form. Given machine-
readable records for examination, the auditor may read them by
using the client’s inquiry programs, by obtaining file printouts,
or by using a special audit computer program. This last pos
sibility is the subject of C hapter 12.
130
C H A P TE R
10
Know n
in p u t P rocessing K now n
o u tp u t
T h e c o m p u te r p ro
F IG U R E 1 0 -1 .
132 g ra m as a b la c k box
even if some program controls are missing. Batch totals or
ledger controls are examples.
An audit which does not use the computer is implemented by
the following general steps;
A U D IT A PPROACH IM P L E M E N T A T IO N
The audit of an EDP system usually requires more extensive P lan n in g in A dvance
planning than a conventional audit. The additional planning is
due primarily to the mechanization of processing and to the
attendant changes in the system of internal control. Before de
veloping an audit approach, the auditor should make inquiries
to ensure his awareness of conditions (an altered audit trail,
for example) which might affect the audit.
The audit trail in a batch processing system is usually similar
to the audit trail in a punched card or manual system. Some
times, however, certain necessary information is retained in the
system for a limited period of time only, and/or is not printed
out at all in the normal course of system processing. In this
uncommon case, the auditor must make prior arrangements
for data to be saved and specific printouts to be made.
The audit requires a complete trail of visible records of items
to be tested. If these records are not regularly printed out, the
auditor should request well in advance that a printout be made.
W hen the account balances run at the closing or at other oc
casions are to be included in the examination, the client should
be requested to run an extra set which can be used as an audit
working copy.
W hile conducting the review and evaluation of computer con Use o f Error Listing
trols, procedures and administration, the auditor also reviews the
procedures and controls associated with each application affect- 135
ing the financial statements. He performs the audit verifica
tions by using accepted techniques, such as the examination of
source documents.
In performing both the review and the audit tests, the auditor
usually makes use of the error listings produced during data
processing runs. Those listings of all transactions rejected or
found to be in error during processing are retained as controls
to ensure that corrective action is taken. They also form valuable
documentation on the effectiveness of system controls by indi
cating the types of errors detected by the computer. If any
step (such as the tracing of transactions) uncovers an error,
reference to the error list may disclose that no error of this
type has been detected and, therefore, that some control feature
is absent.
C ase S tudy A
A uditing W ithout U sing T he C omputer : Payroll
Run No. 1: C ard-to-Tap e Payroll detail cards showing employee numbers, number of
hours worked, job number, work code, etc., are keypunched and
verified and then converted to magnetic tape along with the
associated batch control totals punched from transmittal tapes.
The control totals are a record count and a hash total of hours
worked. During the conversion run, control totals for the same
items are accumulated by batch and compared with the pre-
established amounts. Controls and out-of-balance batches are
printed for clerical review, correction and re-entry. All transac
tions are listed.
Run No. 2: S orting The payroll detail records are sorted into employee number
sequence within departments.
Run No. 3: The sorted transactions are checked for correctness and com
Data V a lid a tio n pleteness of the data. Control totals are also checked. Invalid
data and control discrepancies are printed for clerical review.
(Note that data validation is often performed as part of the
card-to-tape run, not after sorting as in this application.)
Run No. 4: Gross and net pay are calculated; year-to-date and period-to-date
C a lc u latio n of Payroll and data are accumulated and written on the new payroll master
U p d atin g of M aster File
file. A payroll register is printed showing such items as name
and number, hours worked, deductions, gross and net pay both
for the current period and on a cumulative basis. A payroll tape
is produced containing the data required for printing employees’
checks and earnings statements. Errors (a missing master record
for an employee, for example) are printed at the end of the
register.
Run No. 5: The payroll tape data is formatted for the printing of checks
P rin tin g of Checks and earnings statements. A copy of the entire earnings state-
138
Transmittal tape
Corrections
RUNS 1-5
PAY CALCULATION
AND CHECK WRITING Time
sheets
Correct errors
Key punch
and and re-enter
verify
following
cycle
Payroll
details
Transaction
listing
1 Out of bal
Card to ance and
tape and controls
balance report
Payroll
transaction
tape
2
Sort to
employee no.
within Dept.
Sorted
payroll
transactions
Error and
3 control
Data report
Validate
standards
input
Valid
transactions
Check register
5 Checks &
Format and earnings
print checks statements
Reconciliation
tape
Sort for 6
labor
distribution
Old
distri Sorted
bution distribution
m aster tape
Following
cycles
Labor distri Labor
New bution and
distri report
analysis
bution
m aster
Changes to
payroll
m aster
Payroll
m aster
Key punch
and
verify 10
Extract and
form at for
print
Payroll
changes Print
tape Employees
and rate of pay
W-2 (Annually)
8
Card to 941 (Quarterly)
tape
Print payroll Other mgmt.
reports and govt.
reports
Payroll
Old changes
payroll
m aster
Following 9 Change
cycle listing
Update
payroll
New m aster
payroll
m aster
140 F IG U R E 1 0 -2 (c o n t.). P a y ro ll p ro c e s s in g s y s te m fo r C a s e S tu d y A
ments serves as a check register. A magnetic tape copy of the
check register is produced and held for subsequent processing
against cashed checks during the reconciliation procedure (not
shown).
The payroll detail records produced by Run No. 4 are sorted Run No. 6: S orting for
into the account order for labor distribution analysis. Labor D istribu tion
Labor hours and dollars are summarized by appropriate accounts. Run No. 7: P reparatio n of
Cumulative and current period data are written onto a new Labor R eport and U p d a t
ing of Labor D istribu tion
distribution tape and a labor analysis report is printed from this M as te r File
tape.
Changes in the payroll master file are keypunched and veri Run No. 8: P lacin g of
fied and converted to magnetic tape. Changes in rate, depart Payroll C hange Cards
On Tap e
ment, deductions, etc., are included.
The payroll master file is updated periodically to reflect changes Run No. 9: U p d atin g of
in the semi-constant portions of the record (pay rate, depart Payroll M aster File
W ith Changes
ment, deductions, etc.). These changes are listed to provide
documentation of the prior and current contents of changed
records.
At appropriate intervals, information is extracted from the pay Run No. 10: Extraction of
roll master file to prepare management and government reports. Data fo r Reports
Form 941 (Employers’ Quarterly Federal Tax Return) is printed Run No. 11:
quarterly; a W-2 W ithholding Tax Statement is produced an R eport P rin tin g
nually; management reports are produced as needed from the
payroll master file.
143
batch for Run Nos. 2, 3, and 4. Run No. 4 prepares
a count of the number of records on the new pay
roll master tape and compares this count to a con
trol total on the old master tape trailer label. The
same type of control is applied to the master tape
prepared in Run No. 9. The transactions are sorted,
then validated. Duplicate transactions should be
detected in this step. Transactions to be corrected
are listed on the error and control report. Re
entry is handled the next time the job is run. A
check for an employee whose record has been re
jected is prepared manually and corrections are
entered in the computer the next time the payroll is
run.
4. Validity (and other) tests of regular hours, overtime hours,
labor codes, employee codes, calculated pay, etc.
Example: These tests are part of the processing
in Run Nos. 3 and 4. The error and control reports
from these runs indicate the reasons for record re
jection and provide some evidence that controls
such as these are operable in the programs.
5. Specific provision for control over changes to the payroll
master file (additions, deletions, rate changes, etc.)
Example: Run No. 8 input is prepared from an
authorized list of changes. The updating in Run
No. 9 produces a change register which is subjected
to a control review.
6. Provision for a transaction register (printed or available on
demand) for the audit trail
Example: Transaction listings are prepared by Run
No. 1 (input transactions). Run No. 4 (payroll
register), Run No. 5 (check register) and Run No.
9 (change listin g).
7. Adequate run-to-run control over record count and amount
fields
Example: Once the record counts and hash totals
of Run No. 1 are established, they are automatically
14 carried forward to the succeeding runs, with ad-
justments for rejected records. The amount of the
payroll is computed in Run No. 4 and this control
total is carried forward to Run No. 5. A record
count and control total on earnings to date is main
tained on the master file and updated and checked
in Run Nos. 4, 9 and 10.
8. Standardized, uncomplicated computer operating instruc
tions and up-to-date documentation of the payroll applica
tion (see Chapter 3)
9. Adequate back-up procedures in case of destruction of key
files (see Chapter 7).
The payroll register from Run No. 4 allows the auditor to com C om parison of Payroll
pare the total of the period payroll with the total of checks W ith Cash D isbursed
drawn for this purpose. He can also use it for tests of in
dividual deduction amounts (social security taxes, state un
employment taxes, hospitalization fees, union dues, etc.). To
ensure that the deducted amounts have actually been remitted
to the appropriate agencies, remittance amounts should be
checked against the totals shown on the payroll register for the
deduction items.
C o m pletio n of the After appropriate testing of the processing has been completed,
A u d it U tiliz in g V a lid a te d the computer listings and registers can be used in performing
C o m p u te r O u tp u t
audit steps such as the following:
1. Examination of a summary of payroll totals by pay periods
and preferably by departments (Run Nos. 4 and 7); in
vestigation of any unusual variations among periods
2. Checking of the footings and crossfootings for the applicable
portion of the payroll registers (Run No. 4)
3. Review of the payroll register for unusual entries, adjust
ments, checks to non-employees, etc.; examination of ap
propriate explanations and support
4. Tracing of hours or labor dollars to appropriate labor distri
bution (cost ) records (Run No. 7)
5. Examination of paid and endorsed payroll checks for agree
ment of number, date, payee and amount with data in the
146 the payroll register
6, Checking of the footings of the labor distribution record and
tracing of the totals to general ledger or cost ledger accounts;
reconciliation of total labor charges distributed with total
pay shown on the payroll register.
C ase S tudy B
Sales and other entries to the accounts receivable file are key Run No. 1: C ard-to-Tap e
punched and verified before being converted to magnetic tape.
Control totals for dollar amounts are accumulated by batch
during the conversion run and then compared with input totals.
Out-of-balance batches are noted on the transaction balance
report and subjected to clerical review, correction and re-entry.
Detail transactions in the out-of-balance batches are not posted
to the master file until the batches are corrected and re-entered. 147
INVOICE AND MISCELLANEOUS TRANSACTION
ENTRIES TO ACCOUNTS Transmittal
RECEIVABLE tape
Corrections
M iscellaneous
transactions
Invoices
Correct errors
and re-enter
Keypunch following
and verify
cycle
Accounts
receivable
transactions
Card to Transaction
tape and balance
balance report
1
Trans
action
tape
Sort to
customer
number
sequence
2
Sorted
tran s
action
tape
Valid
trans
actions
To
7
Cash
rem ittances
Correct errors
and re-enter
Keypunch following
and verify
cycle
Cash
tran sactio n s
Card to Cash
ta p e and balance
balance report
4
Cash
tap e
Sort to
custom er
num ber
seq uen ce
5
Sorted
cash
rem ittances
Valid
cash
rem ittances
To
7
FILE MAINTENANCE
Valid
Valid
trans
cash
actions
Old
A/R
m aster
tile Error and Correct
File m ain control entries and
Following tenance report re-enter
following
cycle 7 cycle
New
A/R
m aster
file Print
tape
To
10
Sort to
report
sequence
8
Sorted
print
tape
Monthly Monthly
From
7
A /R
M aster
file
Format
and print Period end
or on request
10
Aged trial
balance
F I G U R E 1 0- 4 ( c o n t. ) . A C C O U n tS
receivable processing for
Case Study B
Transactions on the transaction tape are sorted in customer Run No. 2: S orting
number sequence.
The sorted transactions are analyzed to check for the correctness Run No. 3:
and completeness of the data. Invalid transactions are printed D ata V a lid a tio n
on an error and controls report. The control totals (dollar effect
on accounts receivable) and record count are also p r in te d -
divided into error transactions and valid transactions—and are
compared with manually maintained control totals. 151
Run Nos. 4 , 5 an d 6: The card-to-tape, sorting and data validation runs for cash
C ard-To-Tape, S orting remittances include processing similar to that which is used for
And V a lid a tio n fo r
Cash R em ittan ces sales entries to the accounts receivable file in Run Nos. 1, 2
and 3.
Run No. 7: U p d atin g of Invoices, changes to customer accounts and cash remittances
A ccounts R eceivable are posted to the accounts receivable master file. Data for
M aster File
eventual printing of the different registers and reports is as
sembled on the print tape. Invoice transactions for which no
master record can be found are printed on the error and control
report. Mismatches on cash transactions are assembled on the
print tape for later printing on the unapplied cash report.
The following control totals are printed on the error and
control report for comparison with manually maintained con
trol totals;
1. Accounts receivable control totals on input master file (to
be compared with output master file of previous cycle)
2. Changes to master file accounts receivable control totals as
result of (a) cash transactions and (b) noncash transactions
3. Accounts receivable control totals on output master file (to
be compared with manual control totals)
4. Control totals on cash and noncash errors located in this run
(to be used to adjust manual controls).
Once a month, data is assembled on the print tape to produce
past due notices and customer statements showing monthly
activity.
Run No. 8: All data assembled for reports is sorted into proper report se
S orting fo r R eport quence.
Run No. 9: P rin tin g of The accounts receivable register shows all the postings to the
Registers and Reports master file. The register is used to provide a management trail,
to facilitate the answering of inquiries and to resolve error
situations. The cash remittance register contains an itemization
of all posted cash.
Miscellaneous reports—on overextension of credit, new ac
counts, deleted accounts, transactions requiring special author
ization, or accounts referred to attorneys for collection—are also
152 printed.
At the end of the accounting period—or on request—the master Run No. 10:
file is analyzed to produce an aged trial balance. This trial Aged T ria l B alance
balance is compared with the manual control totals and also
with the accounts receivable control totals on the last accounts
receivable output master file.
The first step in the audit of accounts receivable is to review Review of G eneral
procedures, paying particular attention to the adequacy of the In te rn al Control
internal controls. The major controls over receivables are in
tended to ensure that (1) shipments are properly reflected in
receivables, (2) collections are applied to the correct accounts,
(3) credit and collection policies are correctly applied and (4)
separation of duties is maintained among those responsible for
transaction authorization, sales activities, collection activities,
and maintenance of accounts receivable files. Much of the in
ternal control review can be conducted in the same manner for
either mechanized or manual systems. A typical internal control
questionnaire for accounts receivable records, credits and collec
tions should adequately cover those control points not directly
involved with computer processing.
C irc u lariza tio n Confirmations—based upon the controls in effect and the overall
reliability of the client’s records—are sent to a representative
sample of the accounts. The selection can frequently be made
from the aged trial balance.
In the case example, the aged trial balance can be used, but
it does not contain any information on type of customer or any
indication of accounts in litigation or dispute. These items, how
ever, are coded in the records on the customer master file. The
auditor should request (1) a copy of the aged trial balance as
of confirmation date, with the above two items indicated on the
report or (2) separate reports indicating type of customer and
accounts in litigation or dispute. This request should be made
well before the confirmation date.
In the case of negative confirmations, the auditor should also
request that the customer statements (Run No. 9) for the
customers selected should be pulled out of the normal mailing
to be mailed with the confirmations. Copies of the statements
are available for normal positive confirmation procedures.
Nonreplies to confirmation requests and replies reporting ex
ceptions can be analyzed by use of the various reports from the
system, especially the accounts receivable register, the cash re
mittance register and the subsequent months’ customer state
ments (all produced by Run No. 9 ). For instance, the cash
remittance registers printed after confirmation date will contain
subsequent payments which are useful in clearing exceptions.
The register also provides a trail back to the source document.
The same is true of the accounts receivable register for all
transactions to an account.
Error and control reports (Run Nos. 6 and 7) and cash bal
ance reports (Run No. 4) may explain unusual delays between
receipt of payment and posting to the customer’s accounts. It
is also possible that lost payments are on these error lists and
have never been corrected. The same points apply to the
156 processing of invoices in Run Nos. 1, 3 and 7.
Unusual differences between the aged trial balance at con
firmation date and at balance sheet date can be reviewed by
references to the accounts receivable register produced between
these dates. It will show what transactions caused the difference
and will provide references to the source documents.
The aged trial balance (Run No. 10) should be reconciled with D e ta ile d Tests of th e
Aged T ria l B alance
controls on the customer statements (Run No. 9) and controls
produced by the file maintenance run (Run No. 7) as well as
with the general ledger. This will ensure that the computer sys
tem's output is in balance with the company's books.
Other normal audit procedures should be followed. The aged
trial balance should be test footed and cross-footed, for instance,
and the aging of a number of representative accounts should be
verified by reference to accounts receivable registers and source
documents.
The audit procedures to test the adequacy of the allowance for Review fo r A dequ acy of
bad debts can use the aged trial balance (Run No. 10). Ex A llow ance fo r Bad D ebts
amination of activity on marginal accounts can be performed
by the use of subsequent accounts receivable registers (R un No.
9) and cash remittance registers (Run No. 9 ).
157
C H A P TE R
11
T h e A p p lic a b ility of the The use of test data represents one of the methods available for
T est Data M ethod assisting the audit of a computer-based system. The auditor can
use it, in conjunction with other methods, to determine whether
or not the programs and their related controls have operated as
represented; or he can use it merely to gain information about
160 the operation of particular programs. Because of theoretical
limitations and practical difficulties in implementation, its ap
plicability is severely restricted.
The test data method is most probably applicable under the
following circumstances:
1. A significant part of the system of internal control is em
bodied in the computer program.
2. There are gaps in the audit trail, making it difficult or im
practical to trace input to output or to verify calculations.
This situation is possible in simple applications as well as
in complex integrated systems (see Chapter 13).
3. The volume of records is so large that it may be more eco
nomical and more effective to use test data methods (and
related procedures) instead of manual testing methods.
Say, for example, that an insurance company maintains a
master file of insurance policies in force. At the end of each
month, the file is processed to calculate unearned premiums for
each policy and the total for all policies. Only the total is printed
out and the general ledger is adjusted to this amount. The
auditor can use test data to satisfy himself that the program
provides an accurate calculation and summarization of the un
earned premiums. He can also perform other tests to satisfy
himself (1) that source data is properly prepared and enters the
system without loss or non-processing and (2) that the tested
program is the one used for the processing.
The difficulties of applying the test data method should be
kept in mind. In addition to the points discussed in the next
section of this chapter, relevant factors include availability of
computer time, availability of auditor’s time to prepare and run
test data and his ability to use the method effectively.
Given the same program and the same data repeatedly, the T h e P roblem of
computer consistently produces identical results. An auditor can T h e Program
use test data as a valid basis for inference about processing per
formed by a particular program if and only if he is sure that
that program tested was the one actually used. If changes have
been made in the program during the audit period, the auditor
must be able to ascertain their impact on the processing.
Three methods are available for checking whether or not a
given program was in use during the period under audit. The 161
applicability of each depends upon the type of application and
the type of processing performed.
1. Controlled processing or reprocessing. The auditor checks
the program using test data and then has the tested program
run under his control. (This approach is explained later in
the chapter.)
2. Repeated use of test data during the audit period. This
method is seldom practical for the outside auditor. He may
use it for an on-line system with remote terminals. (See
Chapter 13 for discussion.)
3. Reliance upon client's internal control. The auditor examines
the client’s controls over the program, program changes, etc.
If these are satisfactory the auditor may infer that the pro
gram tested is representative of the program used during the
audit period.
For testing programs which update master records, the auditor Types o f M as te r Records
may choose from four basic types of master records.
The possible choices are:
1. Use of current master records
2. Use of special audit records maintained in the current master
file
3. Use of obsolete master records or copies of current master
records 163
4. Use of simulated master records on separate test file.
W hen using method (1) or (2 ), the auditor includes his test
transactions in the client’s normal processing run. W hen using
method (3) or (4), he obtains a separate master file for later use.
The characteristics and problems of each approach are discussed.
Use of C u rren t The auditor includes the test data in the file of current “live”
M aster Records transactions. This data is processed against current master
records during the regular processing cycle. The main advan
tages of this approach are:
1. That the test can be performed on a surprise basis (subject
to management’s approval)
2. That it is not necessary to load programs and perform other
set-up work solely for the purpose of processing a small vol
ume of test data
3. That a rigorous test of the entire system under normal oper
ating procedures is possible.
The main disadvantages are:
1. That insofar as test data is used to update master files, it
must subsequently be reversed out of the system—a time-
consuming process, requiring the highest order of compe
tence, coordination and precision
2. That the reports produced by the normal processing cycle
for various levels of management must be adjusted clerically
to correct for the presence of test data
3. That the dangers of running tests during normal processing
are so great that it should not be attempted except by an
auditor expert in computer methods
4. That the auditor’s tests may be blamed for any complica
tions in the computer run when the tests are made.
Use of A u d it Records in For this approach, a small number of simulated records are
C u rren t M aster File maintained (for audit purposes only) in the current master file.
They are easily identifiable because they are assigned references
which are obviously simulated (references to non-existent cost
164 centers or departments, for example). During normal processing
they remain inactive because "live” activity does not affect ficti
tious cost centers or departments.
The auditor builds his test data around the contents of these
simulated master records and conducts his testing in the same
manner as with current master records.
The advantages of using dummy records rather than current
“live” records are that in this case the test data does not affect
regular records and does not have to be reversed. It may affect
the reports, however. A disadvantage is that since live master
records (or copies thereof) are not involved in the tests, live
masters in poor condition (having missing data fields, invalid
data, and so on) are not revealed. Other disadvantages are
(1) that the EDP operating personnel may object to having
these audit records “clutter up” their master files, (2) that the
approach requires much pre-planning and client participation
and (3) that the audit records may be used for fraudulent pur
poses by EDP personnel.
These master records come from (1) an obsolete ( “great-grand Use of O bsolete M aster
father” or earlier) master file set aside for the auditor or (2) a Records or Copies of
C u rren t M as te r Records
copy of the current master file made for the auditor. In a se
quential access processing system involving, for example, punched
card or magnetic tape input, actual master records can easily be
reproduced for the auditor. Since an “old” master file is not
destroyed during an updating run, as many actual master records
as are required may be duplicated without the use of the current
master file. In a direct access system, an old master record is
immediately updated, destroyed and replaced by the new master
record. In order to protect the master records, there is usually
a periodic transfer of data from the direct access storage device
to another device (frequently magnetic tape). This transfer
process can be used to provide the auditor with a copy of master
file records.
If the system does not provide printouts of the contents of the
master file, a special printout of the portion of the file to be used
in the test must be arranged. A number of records are selected
from the printout and the test data is constructed around them.
The prepared data is processed with the copies of the files con
taining the selected records.
This method is relatively simple and avoids many of the
dangers of running test data in the regular processing run. One
disadvantage is that programs must be loaded and equipment 165
set up and operated for audit test purposes only. Provisions must
be made to copy a current file or to obtain a copy of an obsolete
file before it is released.
Types o f Tran sactio n s The auditor must determine carefully the types of transactions
166 to be included in his test data. He must consider all of the
possible significant data variations in order to fully test the pro
grams in an application. A review of the basic documentation
should provide information on the nature of the processing and
on the exact record layout of the data processed by the programs.
There are several methods by which the auditor can determine
the types of transactions to be included in his test data. He may
analyze the data used internally for testing the client’s computer
programs. The client’s test data usually tests processing steps
and controls which the auditor is also interested in testing. This
method is the most expedient, since many transactions can be
devised merely by duplication or slight modification of the
client’s test data. It has the added advantage of serving as a
review of the client’s procedures for testing programs. Such a
review may uncover outdated tests or areas in the program which
are not being tested at all; it may therefore be highly informative
and beneficial to EDP operating personnel.
As data processing systems become more integrated and com
plex, greater emphasis will probably be placed on formalizing
a client’s procedures for testing his computer programs. If these
tests are well documented and kept up to date, the auditor may
be able to use the client’s test data to perform a more effective
and efficient audit. Of course, he will have to review the data
and satisfy himself that it contains all the conditions which he
wishes to test. It is reasonable to assume that any test the auditor
wishes to make is also a desirable, if not a necessary, test for the
client to include in his test data.
Another method of determining the types of transactions to
include in the test data involves an analysis of the client’s source
documents, records and system requirements. This method is
more time-consuming than the method which makes use of
the client’s test data. Usually, a combination of the two ap
proaches is necessary in order to ensure the inclusion of all the
transactions which the auditor would be interested in processing.
The test data should include transactions which determine
the processing and handling of the following general conditions:
1. V alid conditions
2. Out-of-sequence conditions
3. Out-of-limits conditions
4. Alternative processing which takes place as a result of the
comparison of transaction records with master records (for 167
example, comparison of the transaction identification num
ber with the identification number on the master record)
5. Units-of-measure differences (for example, tons instead of
pounds)
6. Incomplete, invalid, or missing input information
7. Incorrect master and/or transaction files
8. Fields containing numeric characters instead of alphabetic
characters (and vice versa)
9. Fields containing too many characters
10. Illogical conditions in data fields which should be logically
related
11. Conditions where transaction codes or amounts do not match
the codes or amounts established in internally stored tables.
169
further tests are made and an error exception message is printed
out; if the rate change is valid ($10 or less), the other conditions
are tested. The test data therefore consists of transactions for
the following six conditions:
1. All data valid, including new rate
2. Invalid rate (over $10)
3. V alid rate change and invalid old rate
4. V alid rate change and old rate equalling new rate
5. V alid rate change and invalid alpha name
6. V alid rate change and invalid date
W o rkin g Papers For developmental and review purposes, tests should be docu
mented in working papers. These papers should include sched
ules such as the following:
1. Test data control. This type of schedule describes the condi
tions which are tested, indicates the results expected and re
ports upon the actual results. It is illustrated in Figure 11-2
(page 171). It may also be combined with the transaction
data and solutions schedule.
2. Transaction data and solutions. This type of worksheet lists
and codes all the transactions which are to be processed, both
valid and invalid. The solutions for valid transactions appear
on this schedule. It is shown in Figure 11-2 for tests involv
ing a payroll application.
3. Master file data. This type of worksheet includes a record
format and the contents of the master file data used in the
test. It is illustrated in Figure 11-2 for a payroll master
file.
4. Test data matrix. This paper is useful for reviewing the test
data to ensure that all substantive tests have been made.
The top of the matrix indicates the transaction codes of
the various transactions processed by the program being
tested. The left side of the matrix indicates the types of
conditions which may be tested. The matrix is completed by
entering the conditions tested for transactions included in
the test data. Figure 11-3 (page 172), for example, shows
170 the types of conditions tested in the payroll rate change trans-
action described on page 168. Tests 3 (valid rate change and
invalid old rate) and 5 (valid rate change and invalid alpha
name) both test the invalid input condition (condition 6 ).
The matrix should be completed for all payroll transaction
codes.
Such a matrix indicates those conditions which are not
being tested and those conditions which are being tested too
171
much. It is also useful as a summary for review by the audit
partner or manager.
An alternative to the test matrix is the decision table, in
which the conditions to be tested and the actions to be taken
by the computer are put in a tabular decision format (Figure
11-4, page 173).
Computer printout. The working papers should contain the
computer printouts resulting from the tests (a transaction
listing and the results of the transactions being processed, for
example). These printouts should be cross-referenced to the
test data control worksheet and the transaction data work
sheet.
O b tain in g the W here the data processing application involves a master file as
M as te r Records
input, the auditor must obtain machine-readable master records
against which to process his test transactions. The problem of
choosing a type of master record to use has already been dis
cussed. Advance planning is required to obtain copies of files or
to prepare simulated records. (For instance, simulated records
must be checked to ensure that they do not contain uninten
tional errors.)
E ffect of Tests W hen using test data, the auditor must determine the effect of
On th e System
his tests on the operations of the system. This is a problem
T y p e of Transactio n code
co n d itio n
te ste d 0 1 2 3 4 . . . . . n
1 V alid ity a
2 S equence
3 Lim it b
4 Decision
5 U nits
6 C om p leteness c, e, f
7 Record M atch
8 C om position
9 Field size
10 Logic d
11 Code & a m t.
172
F IG U R E 1 1 -3 . T e s t t r a n s a c tio n m a tr ix
Decision table
Rules
CONDITIONS 1 2 3 4 5 6
Rate > $10 y n n n n n
Old rate on input not same as old
rate on file n y y y y
Old rate is not equal to new rate n y y y
Alpha name on input = alpha name on file n y y
Date valid n y
ACTIONS
Reject transactions X X X X X
Accept transactions X
The auditor must satisfy himself that the program he uses in O b ta in in g and C o ntrollin g
processing his test data is the program presently in use. How th e C lie n t's Program
ever, an assurance that the program tested is the one in use at the
time of the test is not also an assurance that it was used during
the audit period. The latter problem is discussed earlier in the
chapter. There are several possible ways to gain reasonable
assurance that the program tested is the one in use. Assuming
that adequate organizational and administrative controls are
present, the auditor can request the program from the librarian
(preferably on a surprise basis) and process his tests with the
program received.
Alternatively, the auditor may request that the operating pro
gram be left in the computer after the regular processing run
has been completed, so that his test data can then be processed.
This method is particularly appropriate in situations where pro
gram changes are frequent (especially shortly after a program is
first put into operation), since it assures the auditor that the
program version he is using is current.
The auditor should design the test data in a manner which will P reparatio n and
facilitate review of the processing results. He should consider Processing of T e s t Data
173
the use of special codings or distinctive names which permit in
valid test transactions to be easily identified, sorted from valid
tests and listed as separate output.
Preparation of the test data frequently requires use of the
client’s equipment and/or personnel. In addition, computer
time is necessary for the actual data processing involved in test
ing. Therefore, advance planning and consultation with systems
and computer operations personnel is usually necessary.
The auditor should always observe the actual processing of his
test data. This may involve some inconvenience, since such
processing is frequently scheduled during the “grave-yard shift.”
Summary
In certain circumstances, the auditor will find it either desirable
or necessary to make use of the computer for testing the pro
cessing performed by the computer. These circumstances in
clude those applications for which:
1. A significant part of the internal control is embodied in the
computer program
2. There are significant gaps in the visible audit trail
3. There are large volumes of records to be tested.
The purpose of using the computer to test the data processing
system is to obtain assurance that the processing and the controls
are operating as represented and to obtain adequate evidential
matter as required by auditing standards.
In some cases the use of the computer is optional, depending
only on cost and effectiveness as compared to alternative pro
cedures not directly using the computer. In other cases, the use
of the computer is advisable since alternative procedures are
difficult.
Two methods for using the computer in testing the data
processing system have been presented: (1) test data and (2) con
trolled processing or reprocessing. The test data method has
limited applicability since it is a test only of the program at the
time tested. The auditor must conduct other tests to assure him
self that the tested program is the one actually used. One
method of providing this assurance is to use the computer to
process data under auditor control. The results of the controlled
run are used in the financial statements or are compared with
processing performed by client personnel.
The use of the computer for testing the system concentrates
on testing the program. Other parts of the system (input, con
trol framework, etc.) must also be tested. The use of the com
176 puter does demand of the auditor a reasonable level of under-
standing of computers. Such a method should be implemented
only after careful planning and after an examination of the
effect of the tests on the client’s system.
L a b o r R eco rd in g an d P a y r o l l A p p l ic a t io n
The EDP system reviewed and tested in this case study consisted
of an automated labor recording and payroll system which
recorded labor transactions and processed payroll for a major
plant of a large manufacturer. In this case, simulated trans
actions were used and processed against special audit records
placed in the current master file. Testing was performed during
the regular processing run.
S pecial cards
E m ployee E m ployee ( in rack)
badge badge
Job cards
(w ith jo b)
Clock
in R ecord beginning
and end o f
job and key in job
d a ta
C ard
punch
Card
punch
Punched card
record o f C ollect
clock in cards 2 0
m in. a fte r Job tra n s
check in action
tim e card
Card to
ta p e C o llect
and process
periodically D irect access
Post file by
tra n s a c tio n em p lo y e e
no.
A tte n d a n c e
d etail
records
R ejected
E m ployee tra n s a c tio n s
Process a tte n D irect access
id e n tific a fo r analysis
d a n c e d a ta . file by
tio n m a s te r and correction
Post to em ployee
t ape
em p lo y e e no.
Exception
a tte n d a n c e
re port to
fo re m a n
Record o f
each W rite ta p e
em ployee o f daily
transactions transactions
D aily
tra n s
action
ta p e
File fo r
backup
P repare
reports &
w rite labor
ta p e
In p u t ta p e fo r report
run and in put fo r
DAILY M A N A G E M E N T REPORTS payroll runs
O u tp u t tap es
fo r m anage
m e n t reports
1
M a n ag em en t
D aily report reports—
on actual and job status
budgeted tim e ty p e o f labor
by shop
A u d it A pproach To evaluate this labor recording and payroll system, the auditors
decided upon a two-phased review:
1. Actual transactions were tested from their initiation through
to final reports. The number and type of transactions for
testing were selected by using the normal audit criteria for
testing of labor charges and employees’ payroll records and
paychecks.
2. The labor recording and payroll system was tested in normal
180 operations by using simulated but realistic transactions de-
signed to test not only routine processing but also the various
exception procedures. Simulated audit master records were
placed in the current file for the tests.
Emphasis was placed on the second phase because it enabled
many facets of the operation to be tested with only a small
number of test transactions. Before designing the simulated
transactions, the auditors made a thorough review of the client’s
system flowcharts and documentation describing the programmed
controls. Also, inquiries were made of responsible persons as to
the various control points designed in the system.
For testing the labor recording system, 42 simulated transactions Tests o f Labor R ecording
were developed, such as:
1. Employee clocking in on time, working normally for full
shift
2. Employee checking in on job without clocking in
3. Employee clocking in but failing to then check in on job
4. Employee absent
5. Employee tardy
6. Employee tardy but within 3-minute ‘‘grace period” allowed
7. Employee leaving before shift ends
8. Employee leaving early but returning
9. Night shift employee clocking in on day shift
10. Employee working overtime into next shift
11. Employee loaned to a different shop
12. Employee charging jobs improperly (for example, charging
direct time as indirect time)
13. Employee using transaction recorder keys incorrectly when
checking in on job
To process the simulated transactions, the auditors prepared a
group of employee badges and employee master records on which
information was entered to agree with the information on the
badges. The transactions were entered into the system by using
the prepared badges and job cards at actual shop locations. 181
Using the transactions outlined above, the test was carried out
in two shops during normal working hours. Both day and night
shifts were used. Data processing supervisors were made aware
of the general nature of the test but not of the specific types of
transactions being tested. Shop foremen were not informed
until after they had questioned the simulated transactions which
appeared as exceptions on attendance reports.
All transactions were traced through to reports which emerged
from the data processing system on the same and on the follow
ing day. These included preliminary and final attendance excep
tion reports, exception reports of erroneous job transactions and
the daily balance report of correct job and attendance trans
actions.
The auditors identified—with two exceptions—every simulated
transaction as correctly processed and concluded that the system
was functioning as it had been described to them. The two excep
tions point up the types of problems which may be encountered.
The auditors made extended tests on a subsequent day to de
termine the reasons for the two exceptions. The first discrepancy
resulted in the rejection of certain apparently acceptable trans
actions as exceptions. This happened because the client had
previously made a change in “leave early” cards but had failed to
collect all the superseded cards from the rack placed in the shop.
This change in the format of the “leave early” transaction cards
caused the system to reject valid transactions recorded in the
format used before the change. The second discrepancy was the
result of a programming error. The erroneous program instruc
tions resulted in the non-processing of the last employee in the
file if the next to last employee had an exception transaction in
the processing cycle. Such a programming error may exist in
many systems, since the processing of the last employee is an
atypical and complex processing routine involving end-of-file and
end-of-job instructions in addition to the normal processing of
the transaction. The testing of the system does not necessarily
turn up such an error, since the tests cannot include every pos
sible condition affecting the next to last and last employee
records. In this case example, the error was revealed by the test
prepared by the auditors. The simulated employee master
records used by the auditor were the last on the master file
and, since the simulated transaction for the next to last employee
was an exception, the transactions for the last employee were
182 not processed.
To test payroll processing, the auditors again designed simulated Tests of Payroll
Processing
transactions to be processed with simulated employee payroll
master records inserted in the file for audit purposes only. Pay
roll was processed by applying pay rates (included in the perma
nent portion of the employees' master payroll records) to the
labor hour transactions accumulated in the variable portion of
the employees’ master records. The labor was accumulated by
employee for payroll processing every two weeks and by job for
weekly accounting distribution reports. The fixed portion of the
master record included (in addition to the pay rate) name, social
security number, number of tax exemptions, budget section, year-
to-date amounts, and vacation and sick leave hours. The variable
portion contained earnings and deduction data resulting from
payroll transactions processed for the current payroll period.
W hen developing the transactions, the auditors first reviewed
the client’s flowcharts and other documentation which described
the input formats, the programmed controls, the output and the
exception reporting for all transactions processed by the com
puter payroll programs. They then reviewed the tests designed
by the company’s programmers to test the payroll programs.
M any of the company’s tests were selected by the auditors for
inclusion in their tests. Additional tests were also formulated.
All test transactions to be processed were then key-punched and
listed in transaction number sequence. The nature and objective
of each test was described on this transaction listing as an aid
in review and in subsequent debugging of the test processing.
The listing was included in the work papers. Several examples
of the 196 transactions included in the test data are the following;
1. Employee hired on same day as terminated
2. Employee having rate change greater than programmed
lim it
3. Employee charging labor hours while on vacation
4. Employee not entitled to bonus charging bonus hours
5. Employee requesting vacation hours exceeding vacation
hours balance in master record
6. Employee charging labor hours exceeding programmed lim it
7. Terminated employee charging labor hours
8. Terminated employee requesting wage advances 18S
9. Employee having accumulated year-to-date earnings and
FICA tax at taxable lim it prior to processing of valid labor
hours
10. Employee requesting tax exemptions exceeding programmed
lim it
11. V alid employee charging normal labor hours
The auditors obtained the client’s computer programs to be
tested by requesting, on a surprise basis, the required programs
from the EDP librarian. The tape reel serial numbers of the
program tapes received were then traced to documentation in the
EDP library, which included a program tape release record and a
program tape journal. Such documentation provided informa
tion on the physical location of the program tapes and on their
usage history. The auditors had previously reviewed the client’s
organization controls and EDP library procedures. Physically
and organizationally, the EDP library and programming activity
were segregated. Their review assured the auditors that the
client’s regular computer programs were being obtained. The
auditors then controlled the programs and the test data, observed
the processing of the test data and obtained the processing
results.
Again, the results of processing proved highly satisfactory and
enabled the auditors to evaluate the adequacy of the system of
data processing and internal controls. A few areas were disclosed
where programming changes would result in strengthened internal
control. The suggested changes were largely concerned with in
put validity checks and reasonableness tests on incoming data.
The tests also revealed that some of the documentation and
some of the client’s test data were no longer current.
As mentioned previously, the audit steps also included some
conventional tests of labor charges and employees’ payroll rec
ords. The procedures included (1) reconciling payrolls paid
with distributed labor, (2) tracing labor distribution from ac
counting entries to weekly and daily reports and (3) tracing in
formation from actual employee master records (selected ran
domly) to evidence supporting pay rates, exemptions and all
deductions.
184
C H A P TE R
12
T e stin g Extensions The computer can be used to perform simple summations and
And Footings other computations to test the correctness of extensions and
footings. The auditor may choose to perform tests on all records
instead of just on samples, since the speed and low cost per
computation of the computer enable him to do this at only a
small extra amount of time and expense.
S e le c tin g and P rin tin g The computer can select and print out confirmation requests
C o nfirm ation Requests on the basis of quantifiable selection criteria. The program can
be written to select the accounts according to any set of criteria
desired and using any sampling plan. The format of the request
can be designed to facilitate m ailing and audit follow-up. For
example, one auditing firm has designed a multi-part form which
is prepared on the computer. A single printing by the computer
prepares a confirmation request set which includes the first re
quest, a mailing envelope, a return envelope, a control copy and
a second request (should it be needed). The form is designed
with carbons to eliminate further handling. The first request is
printed on a form already inside the mailing envelope, which also
contains the return envelope.
E xam ining Records fo r The quality of visible records is readily apparent to the auditor
Q u a lity (C om pleteness, when he makes use of them in his examination. Sloppy record
Consistency, V alid
C onditions, e tc.) keeping, lack of completeness, and so on, are thus observed by
186 the auditor in the normal course of the audit. If machine-read-
able records, however, are evaluated manually, a complete print
out is needed to examine their quality. The auditor may choose
to use the computer for examining these records for quality.
If the computer is to be used for the examination, a program
is written which examines the record for completeness, con
sistency between different items, valid conditions, reasonable
amounts, etc. For instance, customer file records might be ex
amined to determine those for which no credit lim it is specified,
those for which account balances exceed credit lim it and those
for which credit limits exceed a stipulated amount.
The auditor frequently needs to have the client’s data analyzed S u m m a r i z i n g Data a n d
and/or summarized. Such procedures age accounts receivable, P e rform ing Analyses
U seful to th e A u ditor
prepare annual usage requirements, analyze for obsolescence of
parts in an inventory, list all credit balances in accounts receiv
able and all debit balances in accounts payable, and so on. These
procedures can be accomplished with a computer program.
The computer may be programmed to select audit samples by S e le c tin g and P rin tin g
the use of random numbers or by systematic selection tech A u d it S am ples
niques. The sample selection procedure may be programmed to
use multiple criteria, such as the selection of a random sample
of items under a certain dollar amount plus the selection of all
items over a certain dollar amount. Other considerations can be
included, such as unusual transactions, dormant accounts, etc.
The samples selected in this way can be used for such audit tests
as confirmations, price tests of inventory items, and so on.
W here there are two or more separate records having identical C o m paring D u p lic a te Data
data fields, the computer can be used in testing for consistency. (M a in ta in e d in S e p ara te
Files) fo r Correctness
For instance, the cost prices in the master inventory file may be And C onsistency
compared with the cost figures used by the billing program.
Audit data such as inventory test counts can be compared with C o m p a r i n g A u d it Data
the company inventory records by using a computer program. W ith C om pany Records
For this procedure, the audit data must be converted to machine-
readable form. Similar procedures can be used for tracing cash
receipts to accounts receivable records or for comparing selected
inventory costs with the cost data master file. 187
Obtaining a computer program for audit use
One of three major approaches can be used for obtaining suitable
computer programs for use in the evaluation of records. These
are:
1. Programs written by the client
2. Generalized audit programs
3. Programs written by or under supervision of the auditor.
Alternatives (1) and (2) are discussed briefly below. Alternative
(3) is discussed in the next section of this chapter (page 191).
P rogram s W ritten Much of the analysis desired by the auditor is equally useful to
By th e C lie n t the client. The client, therefore, frequently writes programs for
his own use, or he prepares a program for his installation if there
is an internal use for an analysis requested by the auditor. Pro
grams to age accounts receivable or programs to analyze inven
tory turnover and obsolescence, for example, are often needed
by both the client and the auditor.
If an auditor is to use the output of a client’s analysis program,
he must be able to assure himself that the program is performing
what he wishes and is doing so correctly. He may obtain this
assurance by manually testing samples of the analysis, tracing
totals to controls and so on. Alternatively, he may review the
coding or he may test the program by such a method as the test
data method. As explained in Chapter 11, the auditor must also
assure himself that the program used in the analysis is the same
as the one tested. He may do this by relying upon internal con
trols (such as documentation, separation of duties, change pro
cedures and tape library procedures) which are tested to deter
mine that they have been operable, or he may use a copy of the
program which he has tested and controlled. This latter method
is implemented by steps such as the following;
1. Preparation of an auditor’s copy. An auditor’s copy may be
a direct copy of the object program (on magnetic tape, for
exam ple), but, to avoid obtaining a program containing un
documented changes, it is desirable to obtain a copy of the
symbolic program deck and to have it assembled separately
to produce the auditor’s copy of the object program. The
188 auditor also obtains a copy of the client’s run manual (which
includes operating instructions). W ell in advance of running,
an examination is made of the client’s run manual to check
any changes which have been made. If necessary, the audi
tor’s program and operating instructions are updated before
the run.
2. Testing of program. Testing involves either an expert re
view of the coding or the use of test data, as explained in
Chapter 11. An added advantage of performing independent
tests is in the operating experience obtained by the auditor
before the programs are used.
3. Obtaining records. The records to be processed are the client
records as of the end of the audit period (or perhaps, for
interim work, as of the date of the tests). The auditor asks
for a copy of the file or takes advantage of the client’s file
retention practices to obtain the needed records.
4. Running the program. The auditor should be present when
the program is run.
There are many audit functions which change very little from G e n e ra lized C o m p u ter
client to client. This situation suggests the advantage of using A u d it R outines
general audit routines which the auditor adapts to each client.
Attempts to apply the concept of a generalized program, how
ever, reveal several difficulties:
D IF F IC U L T Y D IS C U S S IO N
The role of the auditor in the preparation of a computer pro T h e Role of th e A u d ito r in
gram to perform processing on client records for audit purposes P re p a rin g th e Program
is summarized in Table 12.1 (page 192).
The audit objectives must be clearly defined by the auditor
before the processing to be performed is decided upon. Once
the audit objectives have been set, a review is made of the
client’s machine-readable records which are to be analyzed.
Procedures for analysis are then formulated and the economic
and technical feasibility of developing a computer audit pro- 191
gram is determined. The auditor may need assistance from
EDP specialists in determining the technical feasibility of such
programs. If it is found to be feasible to develop a program, the
next step is to prepare system flowcharts and layouts.
The preparation of a system flowchart provides a broad view
of the data processing required by the computer audit pro
gram. This chart indicates all the input and output files to be
processed. An exact description of each file record is obtained
for subsequent use and the format of the output is defined.
Since the printed output becomes the audit working papers, it
should be designed accordingly.
Auditors who have had some EDP training should be able
to prepare system flowcharts and to design the necessary output
records, though such tasks may require technical assistance
STEP S R E S U L TS A U D IT O R ’S ROLE
T h e P ro gram m in g The auditor should keep in mind the characteristics of the dif
Language ferent programming languages which can be used. Essentially,
these languages are divided into two groups: the symbolic ma
chine-oriented languages and the higher-order machine-indepen
dent languages, such as FORTRAN, PL/I, COBOL and Report
Program Generators (R PG ). Each type of language has its ad
vantages: use of problem and procedure-oriented languages saves
time for writing, debugging and altering programs and makes
program conversion from computer to computer easier; use of
machine-oriented symbolic coding saves running time for the
programs and necessitates less storage for implementation.
A comparison of these advantages favors a higher-order lan
guage such as COBOL, FORTRAN, PL/I, or RPG for the cod
ing of audit routines. Such coding is easier for the auditor to
understand and easier to debug and alter. The disadvantage in
running time is not significant for most audit routines. A more
significant difficulty is the fact that most of these languages are
not available for many small configurations. COBOL, for ex
ample, requires more primary and secondary storage than is
available on approximately half of the business configurations.
The RPG (Report Program Generator), however, is available for
fairly small configurations and may be used instead of COBOL.
FORTRAN is available for many computers which do not have
COBOL compilers.
Although FORTRAN should not be overlooked as a possible
language for coding audit routines, COBOL is usually the most
appropriate for computers which do have COBOL compilers.
RPG is probably most useful for those smaller business com
puters for which it is available. FORTRAN is designed as a
4
9
1 language for writing computational problems; COBOL is de-
signed as a business data processing language; RPG is designed
especially for performing limited processing on input files and
printing the results in a report format.
An E conom ic A p p lic a tio n Computer programs were written to review the entire perpetual
inventory file of a company and to perform the following tests
( usually performed on a sample basis) on all 11,000 items:
1. A check of cost versus market price conditions
2. A check of arithmetic extensions and accumulations
3. A comparison of item cost with standard cost criteria
4. A check of outstanding procurements for unusual items
5. A check against cycle inventory counts
By reviewing the entire file, the auditor was assured of re
vealing 100 per cent of the exceptions to his tests. Accordingly,
he had excellent evidence from which to make an inference
about the records examined.
The work performed for the first year, including the prepara
tion of the computer programs, required 100 hours. In the pre
vious year, 110 hours were required to perform the work
manually. The time necessary to perform the same work in
succeeding years was estimated at 10 hours.
The success of this application resulted from the fact that the
audit tests to be performed were simple but time-consuming and
the number of records involved was large. This justified the ex
pense of writing an audit program. Once the program was writ
ten, the review of the entire file (though not required for reason
able audit assurance) was just as convenient as sampling. This
application is described in a case study on page 197.
Summary
This chapter has discussed computer programs which are used
196 to analyze data produced by the data processing system. Such
a program processes client records according to auditing criteria
embodied in the program to obtain information for the auditor's
evaluation or for further examination.
The use of computer audit programs is probably advisable when
the auditor needs an efficient means of analyzing large masses
of machine-readable data and of selecting those items which re
quire review.
The chapter has described three different methods for using
computer programs for the evaluation of client machine-readable
records:
1. Client programs tested by the auditor and run under his
control to produce the analysis needed
2. Generalized computer audit routines
3. Special audit routines prepared under the supervision of the
auditor and run under his control.
The use of these computer audit routines must be considered
in the context of the economic advisability of a computer ap
proach versus that of alternative methods. The use of generalized
computer audit routines is probably the least expensive of the
computer alternatives; the use of a tested, controlled client
program is more expensive and the use of a routine written
especially for an audit is the most expensive.
C a se S t u d y ; E v a l u a t in g I n v e n t o r y R ecords
U sin g the C o m puter
Summary of system
The computer system consisted of a medium-scale business-
oriented configuration and a Teletypewriter order-entry network.
The perpetual finished stock records, maintained on magnetic
19 8 tape, contained the following information:
1. General information: item code, description, standard cost,
gram weight per piece, date of stock authorization
2. Procurement information: order date and order number for
all procurements; supplier code for purchased procurements
3. Inventory status and transaction information: actual and
available inventory quantities; unshipped quantity (m aterial
available); back order quantity (no material available); inter
department transfers, receipts, and scrapping for the current
month; date and quantity of the most recent physical ad
justment
4. Inventory control and sales information: lead-time; set-up and
order costs; reorder point quantity; economic order quantity;
maximum stock; inventory on order; sales forecast; designa
tions of discontinued, “slow-moving’’ and “dead” items; date
of last sale; largest sale in current and preceding year; gross
sales (amount and quantity) for the month and year to date.
Two inventory files were m aintained: the perpetual inventory
file and the historic inventory file. At the end of each month the
historic inventory file was updated from the month-end perpetual
inventory file. Month-end analysis resulted in various reports—
of obsolete and dead stock, warehouse overstocks, activity analy
sis, distribution, and so on.
P.I. =
P erp etual
In ven to ry PROGRAM
IN V -0 1
S tandard
Cost R ep o rt o f R eport C ard
E xception A ccum u lation s Ta p e O u tp u t
R eport C odes 6 -1 3
C odes 1-5
S o rt by
Codes
Sort
Program
List
C ards
S orted
R eport
Ta p e
R eport o f slow,
obsolete, dead and
discontinued stock
PROGRAM
IN V -0 2
Evaluation
Aspects of the evaluation of computer audit routines can be
categorized under quantity of work, quality of work, manage
ment benefits, or incidental benefits. The comments below do
not imply that the quality or quantity of work in preceding years
was not adequate. Rather, they emphasize the fact that the use of
the computer routines offered advantages over previous methods.
W hen reviewing an inventory file, for instance, the auditor
seldom requires a 100 per cent sample in order to obtain the
assurance necessary to render an opinion. In this case, however,
202 a 100 per cent sample did provide useful data beyond that ob-
tainable from a smaller sample. Since it was obtained at virtually
no additional cost, the 100 per cent sample was clearly one of
the benefits of the computer audit routines.
Audit computer programs were used to review the entire per Q u a n tity of W ork
petual inventory file. The following tests (traditionally per
formed on a sample basis) were performed on the entire file:
1. Checking of cost or market conditions
2. Checking of arithmetic extensions and accumulations
3. Review and comparison of standard costs
4. Checking that all items were accounted for in the inventories
at both new and old standard cost
5. Checking of procurements outstanding
6. Checking of cycle inventory counts
The quality as well as the quantity of the cost or market test Q u ality of W ork
was improved. Formerly, such a test was performed by using
catalogue prices adjusted for quantity and trade discounts. These
prices were then compared on a sample basis to current invoices.
W hen the test was performed by using an audit computer pro
gram, however, the program utilized actual experience by calcu
lating market price for each item from the actual sales amount
and sales quantity for the current year.
The arithmetic check of accumulations, the comparison of
standard costs, the test for gram weights and the check that items
were contained in the inventory at both old and new standard
price were all judged to be more reliable when the computer
was used. The monotony of these procedures provided a possibil
ity of error in the manual processing which was not present in
the computer processing.
The information from the computer audit program on dis- 203
continued, slow-moving and “dead" stocks and on items in ex
cess of one year’s supply was helpful for evaluating “slow-moving
and obsolete” inventory. W hen the client first installed the
computer, the method of analyzing obsolete inventory was
changed. Data from the computer audit program was useful to
the auditor in making statistical analyses and comparisons as a
basis for evaluating allowances for anticipated losses. Because of
the change in reporting, past data was not applicable and new
historical data had yet to be accumulated.
M a n a g e m e n t O rien ted Some of the procedures programmed into the audit computer
program were specifically management-oriented: the item by
item market versus cost data check, for example. Like many
companies, this company had “loss-leaders” and items stocked
merely to accommodate certain customers; management was gen
erally aware of these items. In the current year, however, the
audit routine disclosed items which were being sold at or below
cost and of which management was unaware.
The information produced about purchase orders for discon
tinued stock was advantageous to management as one check on
the effectiveness of the company’s reordering policies. Informa
tion about outstanding procurements plus inventory in excess of
the preceding six months’ sales and current back orders was ad
vantageous for the same reason.
In cid e n ta l B enefits A byproduct of the project was the auditor’s increased knowledge
and understanding of the client’s system. This was not advan
tageous from an audit viewpoint only; it also resulted in a more
effective letter of recommendations from the auditor to man
agement on points relating to the finished goods inventory.
204
13
C H A P TE R
Definitions
The terms “on-line,” “real-time”1 and “integrated system” refer
to concepts associated with advanced systems.
Document or
Record of Input and w ritte n o u t la te r )
( D e p e n d s on d e v ic e u s e d )
The Audit Trail A non-integrated system requires a separate document for each
step in processing. Since a characteristic of an integrated system,
however, is the updating of all related files from a single data
input, much less documentation is required. The system is
designed to perform automatically all processing required by the
input (or by the results of the input), so intermediate authoriza
tion documents are not prepared. W hen an inventory requisi
tion is processed against the inventory file and the expense file,
for instance, the transaction may trigger automatically a pur
chase order and associated processing without employee inter
vention.
A designer could design a system without an audit trail. How
ever, an organization with an integrated computer system cannot
afford to lose control by establishing a system without adequate
provisions for a management trail. In other words, the system
designer is constrained by the requirements of customers, govern
mental agencies and outside auditors as well as management,
even though it is apparent that the audit trail could be eliminated.
Control Totals One of the most effective controls in data processing is the con
trol total. It has been applied in batch totals, file totals, record
210 counts, etc. It can also be used effectively in advanced systems.
Control totals may be accumulated for each type of source trans
action entered as input and may then be traced to controls at
other points in integrated processing to check whether or not all
input transactions have reached the intermediate and final steps.
A control total may be established for each remote input station
and compared with a separately prepared control total of input
from the station. Control totals may also be established by
sorting and restructuring input and output for comparison with
ledger controls and other control figures.
The effects of the source document controls, the authorization
controls, the audit trail and the control totals in an advanced
system is illustrated by the on-line savings and loan system de
scribed below.
Customer accounts for all branches are maintained on a
central computer. A customer can make a deposit or withdrawal
from any branch because each branch has access to the records of
savings accounts for all branches. A customer presents a pass
book and a deposit or withdrawal slip to the teller. Using an
input/output device similar to a bookkeeping machine, the
teller enters the account number, the transaction amount and
the transaction code (and possibly other control information,
such as last recorded balance). The data is transmitted to the
computer, the customer account is updated, and the result is
transmitted back to the I/O device where it is recorded. The
device is also used for such inquiries as those regarding the status
of an account. All processing is performed by the remote com
puter. Although the possibility of inadequate controls does
exist, the visible trail may be improved (see Figure 13-2, page
212) .
s o rted by
branch and
listed
Normal audit procedure usually includes tests of a sample of the C ontinuous M o n ito rin g
processing performed during the audit period. For an advanced
system employing remote input devices and integrated pro
cessing, it may be more effective to arrange for continuous
monitoring of the system—either by a monitoring audit routine
designed for this purpose or by tests performed at irregular inter
vals during the period.
The use of a monitoring audit program is a sophisticated tech
nique. An audit routine is added to the set of programs con
trolling the data processing. Transactions entering the system
are sampled at random intervals and the sample transaction is
written on an audit tape or at an audit output terminal for use in
testing. The system may be designed to record control informa
tion automatically on an input/output device under auditor
control.
The use of on-line input/output devices may make it possible
for the auditor to introduce random test transactions into the
system during the period under audit in order to trace the system
response. This procedure is similar to the procedure for test data
and the precautions mentioned for test data may be applicable.
The limitations of test data method for system testing have been In creased R e lian ce on
described in Chapter 11, where it is suggested that test data, System Testing
though a useful audit technique, has a restricted applicability.
Test data may be useful in advanced integrated systems, how
ever, because it provides a method for testing the operation of an
integrated set of programs which would be difficult to test
manually.
The problems of test data preparation, described in Chapter
11, are increased in an advanced system. One approach is to
rely partially on test data maintained by the client for his testing
of the integrated system. In this case, the client procedures for
documentation, change controls and test data preparation must 213
be reviewed and the client test data checked for adequacy. After
making appropriate additions to or deletions from the client test
data, the auditor uses it to evaluate the operation of the set of
routines performing the integrated processing. Of course, this is
only one of several audit procedures used to evaluate the system.
Research project
The number of advanced systems is growing, but auditing experi
ence with advanced systems is still quite limited. The AICPA
Auditing/EDP Task Force, therefore, plans to undertake a re
search program to evaluate auditing methods for advanced
systems (especially for highly integrated systems). W hen com
pleted, the results of the research will supplement the material
offered in this chapter.
214
14
C H A P TE R
User Controls
The controls which ensure the orderly and supervised processing
of data are the responsibility of the management of the com
puter service center. Though the user is seldom concerned with
these controls, he generally establishes some overall input data
controls (control totals, document counts, numbers of accounts,
for instance) which enable him to check the completeness and
accuracy of the service center’s processing. He may also review
the output documents and records completely or on a sampling
basis, depending upon the nature and volume of the processing.
The user may also undertake to test check manually some of the
processing performed by the service center.
The user should make provisions to protect against a loss of
source documents in transit to and from the service center. For
example, if paid but unposted checks are transported to a service
center for bank data processing, a microfilm copy should be kept
at the sending bank. Another approach is for a copy of the
source documents to be prepared for data processing purposes.
To ensure the timely and complete processing of all trans
actions, both the user and the service center usually review and
screen the input data. The user corrects any errors or omissions
he detects before the data is sent. Any erroneous data items
detected by the service center’s review or computer input valida
tion (editing) routines are left unprocessed. They are listed and
returned to the user.
The user may correct the data items and resubmit them with
the next batch or, as in the case of payroll, he may have to pro
218 cess them manually if it is not practicable to wait until the next
cycle of processing. If processing is performed manually, an
adjustment must be prepared to update the master records at the
next processing.
Audit problems
A company which uses a computer service center presents to the
auditor, in addition to the usual audit problems of EDP systems,
the complicating factor of an outside organization which enters
into the company's scheme of processing, internal control and
record retention. Some of the additional considerations, how
ever, are two-sided, since the outside service center can represent
a formalization and possible expansion of the controls afforded
by division of duties. Deliberate manipulation of records is made
unlikely by the separation of the persons in a position to per
form such manipulation from those having custody of or access
to the assets of the company. There are some exceptions to pro
tection provided by this separation. An employee of a service
center performing processing for a bank or a savings and loan
institution may have lim ited asset access via his accounts. Suit
able precautions should be taken in such cases. Errors in data
processing are often more likely to be detected if a service center
is used; this is because of the arm ’s-length relationship that exists
between the employees of the user (who are responsible for the
accuracy of the data) and the employees of the computer service
center (who are performing the data processing).
Auditors have frequently concluded that, all things con
sidered, the use of an outside computer service center (particu
larly for operations which can be subjected to overall controls
and review—payroll preparation, accounts receivable processing,
etc.) leads to improved internal control and diminished audit
problems. Some auditors have concluded that, where the overall
controls can be maintained effectively, neither the client nor the
auditor need have great concern over the operations within the
service center. It is maintained that there is a definite similarity
between the computer service and the other services utilized by
the client (telephone, electricity, m ail), where, as long as the
service is rendered, there is no need to question how it is done.
The above-mentioned concept is probably valid in many cases
where a computer service center is utilized. Most data pro- 219
cessing applications run by service centers are straightforward
and well defined. Control totals and audit trails are usually ade
quate for audit purposes. Also, there are practical limitations
which make it difficult for the auditor to satisfy himself directly
about the operation and controls of the service center itself.
First, the client is generally only one of many companies using
the service center so that it may be difficult to obtain the co-opera
tion of the service center’s personnel. Second, the operations
performed for the client may be quite simple, but the operations
of the service center may be complex. In addition, questions
may be raised about the ownership of the programs and records
maintained at the service center. (This question should be clari
fied by the client before he contracts with the service center.)
Thus, although the auditor inquires into a few aspects of the
service center operations, he usually concentrates his attention
on his client’s controls.
Auditor activities
There are two tasks for the auditor whose client is utilizing a
computer service center. The first is to advise his client about the
adequate controls which should be established and maintained;
the second is to test the operation of these controls.
Controls For Use The controls to be established are the same as those used in a
W ith S ervice C e n te r data processing installation. The absence of client control over
Processing
the processing itself increases the significance of input controls
and controls based on evaluation of output. The controls ap
plied are generally as follows:
1. Control over data transmitted for processing; additional con
trols are necessary if the client performs data conversion
(a) document count
(b) transaction count
(c) control totals
2. Control over master file changes
(a) control printout of all changes
(b) control count of master records
220 (e) control totals for items in master records
3. Control over error correction and resubmissions
(a ) error printout identifying all errors
(b) error log maintained by client
(c) correction and resubmission review and approval pro
cedure
4. Control over output
(a) output distribution list
(b) control tests on sample of output
5. Adequate management inquiry trail
(a) transaction records
(b) periodic printout of ledger balances
6. Adequate protection and security
(a) client provision for copy of source documents trans
mitted
(b) client provision for "worst case" file reconstruction
(c) service center provision for routine reconstruction
(d) security maintenance over client records kept at service
center
A sample questionnaire useful for recording information about
these controls is included at the end of this chapter.
Audit procedures include the following steps, which are directly A u d it Procedures
related to the use of the service center computer:
1. Review client controls.
2. Check client controls against details processed by the service
center.
3. Check client provisions for liaison with computer service
center. Check that issuance of instructions and data to serv
ice center is restricted to authorized persons and that sum
mary and control reports prepared at the center are delivered
directly to the client personnel responsible for maintaining
controls.
4. Inquire about operations at the computer center; observe
supervision; record security procedures followed.
5. Check for accuracy a sample of transactions processed at 221
service center. Possibly introduce test data to check opera
tions of controls, procedures and program steps or exception
listings (see discussion below).
In addition to following these audit procedures, the auditor
must perform his usual tests of the records and so on. If data
volume and other economic considerations dictate, the auditor
may arrange to use the service center computer to perform audit
procedures such as those described in Chapter 12.
O bserving Service If the service center maintains at the center records important
C e n te r O perations
for the audit, the auditor should try to observe the center's oper
ations. The following control points are appropriate subjects of
inquiry:
1. Security provisions over client data and files
2. Back-up and reconstruction provisions
3. Methods for handling important conditions, such as (a) un
matched transactions (no master file records), (b) control
total or control count inconsistencies and (c) error corrections
At the same time, the auditor can obtain an idea of the adequacy
of supervision at the center.
U sing T e s t Data a t The auditor must evaluate the adequacy of the controls which
S ervice C enters
are supposed to exist at the computer service center. If he finds
that the error printouts produced during processing are insuffi
cient for this purpose, he may introduce some erroneous data
with the regular input data. The problems of using such test
data are discussed in Chapter 11.
General Information
1. Background
1-1. Name of data processing service organization
1-2. A ddress----------------------------------------------------
Application Frequency
229
C H A P TE R
15
THE AUD ITO R SHOULD Understand EDP for two reasons: (1) SO
that he can prepare a reliable evaluation of internal control in a
computer-based data processing system and (2) so that he can
utilize the computer in auditing if the characteristics of the system
and the relative cost of the application make this procedure
advisable. Since the computer is becoming omnipresent in all
areas of information processing, there is a strong ease for the
position that all CPAs should have a good knowledge of EDP.
A concurrent updating of audit staff computer expertise has
often failed to accompany the rapid adoption of computer tech
nology by client companies. In a 1966 survey by the Canadian
Institute of Chartered Accountants, 34 per cent of a sample of
Canada’s largest companies stated that they were dissatisfied
with the degree of computer “know-how” displayed by their
auditors.
Where client
has a
RECOMMENDED
1 Where client
has a
2 magnetic
tape or
3 Where client
has a
KNOW LEDGE R E Q U IR E M EN TS small card random access large integrated
computer system system
G W E G W E G W E
Main com ponents
COMPUTER Tape & random access
SYSTEMS com ponents
Hardware controls
Concepts of programming
languages
COMPUTER Problem definition
PROGRAMMING
Program testing & debugging
Program controls
The auditor should have a broad knowledge of file organiza C h ara cte ristic s of
tion, process flow and system design. He should also understand C o m pu ter-B ased
D ata Processing System s
the various methods for safeguarding computer files and the
problems of including management or audit trails. He should 233
have the ability to analyze and design an information system of
modest complexity.
C o m p u ter C en ter The auditor should understand the use of software in the opera
O perations
tion of the computer. Though he does not generally operate
the computer himself, he should understand the operator’s role
and should be able to supervise the running of computer audit
programs.
C ontrols in EDP System s The auditor should be familiar with the controls used in EDP
systems (data conversion controls, input controls, hardware con
trols, processing controls, output controls, operating controls,
file and program controls, etc.). He should know the types of
errors usually encountered and the methods for detecting,
handling and correcting them.
A u d itin g T e ch n iq u es The auditor must understand fully the audit procedures that
N o t U sin g th e C o m p u te r do not make use of the computer and must know how to obtain
234 the records necessary for implementing these procedures.
The auditor should be able to recognize situations in which the A u d itin g T e ch n iq u es
U sing th e C o m p u ter
computer can be used effectively for conducting the audit. He
should be able to plan and supervise the development and use
of techniques such as test data, controlled processing and audit
computer programs.
Courses by C olleges The colleges and universities have responded slowly to the need
And U n iversities for training in electronic data processing. Since 1965, however,
the number of courses offered has increased, and it is expected
236 to continue increasing to satisfy the needs of the business com-
munity. M any colleges and universities have equipment avail
able (at least on a lim ited basis) for use in connection with the
courses; many offer evening courses in adult education programs.
The general principles of electronic data processing and many S e lf-In s tru c tio n and
elements of programming can be learned through self-instruc Pro gram m ed Learning
tion, and there are a number of programmed self-study courses
available. Several manufacturers use the programmed learning
method extensively. Home-study computer courses are offered
by several home-study institutions. A major drawback of self-
instruction, however, involves the lack of "hands-on” experience
and the difficulty of asking questions.
Summary
The CPA who performs audits in an EDP environment should
have an adequate understanding of computers. Since most
CPAs did not receive instruction in EDP as part of their
academic training, other sources of training have become neces
sary. A general knowledge of EDP is appropriate for most
CPAs, whether or not they perform audits for organizations
using computers. The problems of developing proficiency and
of keeping up in the EDP field have caused many accounting
firms to hire non-accountant computer specialists.
To date, manufacturers have provided most of the computer
training, though colleges and universities are responding to the
need. In addition, the AICPA is expanding the number and
depth of the Professional Development Division courses in
EDP.
238
A P P E N D IX
Definition of a computer
The term “computer” can be applied logically to any calculating
device. In common usage, however, the term refers specifically
to the electronic computer. ( Early writers in the computer field
frequently referred to the “automatic computer” in order to
differentiate it from other calculating devices.) The computer
has certain differentiating characteristics, as follows:
1. Electronics. The computer relies largely on electronic ele
ments (transistors, resistors, diodes, etc.) rather than on
mechanical operations. The use of electronic elements makes
possible much faster operation than is possible with me
chanical devices.
2. Internal storage. The computer has internal storage (fre- 239
quently called memory) for storing both the program and
the data being processed by the program,
3. Stored program. Prior to its execution, the program of in
structions which specifies the sequence of operations is put
into the internal memory. This program makes the computer
‘‘automatic," since the entire set of steps to be taken is deter
mined in advance and human intervention is seldom required
during execution.
4. Branching capability. A distinguishing feature of the com
puter is its ability to check the types of data being processed
or the results of computations against previously defined
conditions, and then to select from alternative sets of process
ing instructions or to modify instructions in the stored
program.
In other words, a computer is an electronic device capable of
solving problems. A stored program of instructions directs the
computer in accepting data, in performing prescribed operations
and in supplying the results of these operations as output.
The two main types of computers are the digital and the
analog. The digital computer operates essentially by counting;
all quantities are expressed as numbers. The analog computer
operates by measuring; for example, quantities may be expressed
as voltages which are read from meters. Computers which com
bine features from both the analog and the digital are called
hybrid computers. Most electronic computers are digital and in
this review the term “computer” refers only to the digital
computer.
Digital computers may be categorized according to orienta
tion : (1) business data processing, (2) scientific and engineering
computation, (3) process control. There is a trend, however,
toward making general purpose computers, so that these dis
tinctions do not always hold. Computers may be designed with
any or all of the characteristics summarized below.
Computer hardware consists of devices which can perform one or H ardw are
more of the following functions: data preparation; input to the
computer; computation, control and primary storage; secondary
(auxiliary) storage; and output from the computer. “On-line”
(or online) equipment is connected directly to the computer;
“off-line” (or offline) equipment is used separately and is not
connected directly. The relationships between these functions
are shown in Figure A-1, page 242.
F U N C T IO N TY PE OF E Q U IP M E N T U S E D
M ag n etic ta p e
M a g n e tic disk
pack unit.
D rum
storage unit.
M ag n etic disk
M ag n etic d ru m
The most commonly used input device is the punched card In p u t D evices
reader. Paper tape readers must be used when input data has
been punched onto paper tape by an add punch, a cash register
attachment, or a typewriter attachment. M agnetic character
readers are most often used for check processing in banks.
Optical scanners are increasingly popular, especially for reading
ticket data (gasoline charge tickets and airline tickets, for ex
am ple). Figure A-4 (page 246) shows the various input devices.
The printer heads the list of output devices (see Figure A-5, page O u tp u t D evices
247). Output data must be in a form readable by personnel
(unless it is to be used for further processing); the line printer
performs this task. The cathode ray tube (C R T ) display device
is expected to become more popular for systems in which many
persons at remote locations must interrogate the computer or
view records in the file. Table A.3 (page 248) shows typical
speeds for common input and output units.
Since punched cards are the most common input medium, the E q u ip m e n t
data preparation equipment in an EDP system will usually in D ata P reparatio n
clude keypunches. It may also include other card handling
equipment, such as sorters, collators, interpreters and repro-
M a g n e tic ta p e on reel
M a g n e tic
ta p e u n it
P ap er
ta p e reader
P ap er ta p e on reel or roll
Docum ent
O ptical scan n er
C onsole
O p e r a t o r ty p e w r it in g ty p e w rite r
246
F IG U R E A -4 . Input devices
OutDut Media Output Device
C ard punch
Punched card
P ap er ta p e P ap er ta p e punch
D isplay
Visual display (C R T )
TY P IC A L RATES
D EV IC E U N IT OF M E A S U R E M E N T LOW M E D IU M H IG H
S m a ll S ystem — Card In this type of system, the transaction files, the master files and
the programs not in use are stored on punched cards. Processing
is of the batch type and uses sequentially organized data and
files. In addition to computations, many card-handling opera
tions (sorting, merging, etc.) must be performed. These opera
tions are usually performed by off-line sorters and collators, but
248 some manufacturers offer a multi-function card handler which is
Inputs Used Equipment Output Produced
Operator
Punched cards
Documents
Card punch
Verifier
Operator
O p e ra to r
D ocum ents
P ap er ta p e
B ookkeeping m a c h in e w ith p ap er ta p e punch.
D ocum ents
O p e ra to r D o c u m e n ts enscribed
w ith m ag n etic c h aracters
M ag n etic ink enscriber
O p e ra to r
D ata
collection M a c h in e sensible m ed iu m
te rm in a l such as punched cards
O p e ra to r
D ocum ents D o c u m e n ts
F IG U R E A -7 . Sm all card-oriented s y s te m
251
1 2 3 4
Tape
co n tro ller
Ta p e drives
O p e ra to r
console
Figure A-10 (page 254) should cost between $5,000 and $8,000
per month. Memory size is sufficient to store from 16K to 32K
characters.
D EV IC E P R O C E S S IN G A PPROACH
O p erato r
console
P rin ter
C ard reader
C entral
processing
unit
C ard punch
C onsole
Note from the table that batch processing can be used with
direct access devices as well as with sequential access devices.
B atch Processing w ith Sequential access batch processing is usually used wherever rec
S e q u e n tia l Access ords are maintained on punched cards or magnetic tape. W here
File Storage
batch-sequential processing is used with a sequential access file
storage device, the entire master file is put through the computer
at each updating (see Figure A-11, page 255). For this reason,
it is desirable to allow the transactions to accumulate into large
batches between each processing in order to reduce the frequency
of processing. The user sorts the transactions into the same
sequence as in the master file so that each record on the master
file needs to be read only once. The time taken to read a record
represents a fixed time cost each time the file is processed,
whether or not the record is updated. The variable processing
time to process a transaction may overlap, at least in part, the
fixed time element for reading the record. The nature of many
processing applications is such that batching and sequencing re
2 54 quirements are not actually restrictions. Batch processing is ideal
for payroll and accounts payable, for example. Besides, it is
faster and cheaper to process by batch.
A direct access file storage device can select and update a par B atch Processing w ith
D ire c t Access
ticular record without having to read all the other records too. File Storage
The most popular direct (or random) access file device is the
disk file. W hen using such a device, it is not necessary to batch
the data, but in many eases speed and cost advantages make
batching (sequential or nonsequential) appropriate. Processing
with a magnetic disk, for instance, may be completed faster if the
input data is sequenced to minimize the mechanical movement
of the disk as it locates records. (See Figure A-12, page 256.)
W here applications involve relatively few transactions com
pared to the number of file records, however, the saving in direct
access seek time is too small to justify the extra sorting time that
would be necessary, so the transactions may be left in random
order in the batch.
T ransactio n records
sorted into sam e
sequence as m a s te r
file
M essages
and
reports
Programming a computer
S tep s in P rep arin g Steps 3 (planning computer logic) and 4 (preparing program)
A Program in Figure A-13 involve the preparation of a computer program.
Step 3 usually makes use of a program flowchart and/or a de
cision table, both of which show the processing step sequences
256 and the decisions on which the selection of a sequence is based.
Steps Comments
Proposed
1. A nalysis o f problem . report C o lle c t f a c ts a n d d e c id e w h a t in fo r m a t io n is
n e e d e d , fre q u e n c y o f p ro c e s s in g , c o n tro ls re
qu ired , etc.
R ead D ata
4 . P rogram p rep aratio n . Add A to B W rite th e program of in structions and debug it to
G iving C rem ove all errors.
D ocum ent
6. In p u t d a ta prep aratio n . Punched P rep are in p u t d a ta by collecting o r tran scrib in g
Card d a ta into m a c h in e -re a d a b le fo rm such as punched
cards.
K ey-punching
Program
Rep o rt
8. U se o f th e o u tp u t.
F IG U R E A -1 4 . C o d in g o f s te p s to p e rfo rm C = A + B in m a c h in e , s y m
258 b o lic a n d p r o c e d u r e -o r ie n te d la n g u a g e s
symbolic instruction is generally translated into one machine-
language instruction. The programmer utilizes symbolic opera
tion codes (for example, the code for addition might be ADD or
A) and memory locations are referenced by symbolic names in
stead of actual location numbers. W hen the assembly program
converts these symbolic codings into absolute instructions, it also
performs simple checks to detect errors in coding. Steps for using
a symbolic programming system are shown in Figure A-15 (page
260).
Since many computer operations are programmed in the same
way, it is wasteful for the programmer to have to rewrite the
same set of detailed instructions each time the operation is to be
performed. To improve programmer efficiency, most computer
manufacturers provide symbolic programming languages with
‘'macro” instructions. “Macros” are names given to sets of coded
instructions for performing often-used operations. By including a
macro-instruction in a program, the programmer generally avoids
a great deal of detailed coding. During the translation process,
the assembly program interprets the macro name as a specifica
tion calling for a set of instructions rather than as a simple one-
for-one translation. Accordingly, the set of instructions is copied
from the assembly program library and inserted in the object
program being assembled.
A procedure- or problem-oriented language is machine-inde
pendent and is usually written with little or no reference to the
computer on which it is to be translated and run. Each com
puter must have a unique compiler program for translation. The
programmer uses descriptive English words and common mathe
matical notion to describe processing steps. Examples of these
languages are (1) FORTRAN (FORmula TRANslator—an
algebraic language), (2) COBOL (COmmon Business Oriented
Language) and (3) PL/I (Programming Language, version 1—
a combined algebraic and business language).
Report program generators (RPG ) are of special interest to
the business user. The generators accept programs written in
a problem-oriented set of specifications and produce a complete
machine-language program. They are especially suitable for the
preparation of simple printed reports.
Each of these levels of programming has its advantages and
disadvantages. Lower-level languages are generally more efficient
in terms of running time. Higher-level languages are easier to
use, reduce programming time and can be used with different 259
1. Flow charting th e program logic
A ssem bly or
program
C om p uter m em ory
S tep 2: Source program cards read one at
a tim e and converted to m achine
language. Error checking perform ed
on each s tatem en t.
Listing of program
Program deck in
m achine language
XXX XXX
XXX XXX
XXX XXX O bject or
program
260
F IG U R E A -15. Preparing a program using a symbolic assembly system
computers. Documentation is improved with the use of higher-
order coding. Programs written in a language such as COBOL
are partially self-documenting because of the use of English
phrases and sentences in the ending. In general, the trend is
toward the use of higher-order languages. Depending on the
efficiency of the compiler, the improvement of programming
effectiveness is usually a more significant factor than the gaining
of machine running time. In some eases there is virtually no
difference in running time. Throughput time for programs in
volving little computation for each input item, for example, is
not altered by a less efficient coding of the computational steps.
A compiler language is usually preferred for once-used or infre
quently used programs. For often-used programs, the choice de
pends on the cost advantages and disadvantages mentioned
above.
262
A P P E N D IX
A nalysis of Problem The first step was the preparation of the problem definition.
The problem statement for this program (see page 267) is a
brief but complete description including input and output. In
this case, the only input consisted of punched cards and the out
put was a printed report.
S ystem Design The next step was the design of the system, for which a systems
flowchart was prepared (see page 268). (A system flowchart is a
pictorial description of the flow of information through the sys
tem, but it does not indicate the computer program steps which
are needed to perform the processing.) The flowchart conformed
to the standard flowchart symbols and conventions explained in
Appendix C. Layouts were also prepared to show the form of
the input and the desired form of the output (see pages 269-
270).
P lan n in g th e A decision table (see page 271) and a program flowchart were
Program Logic used to assist in the planning of the program logic.
Decision tables, which are used less frequently than flow
charts, show conditions and actions in a clear and uniform
fashion and therefore help to ensure that program logic will
provide full coverage for all possible combinations of conditions.
In the upper half of the table, each rule (there are five in this
program) involves a different combination of conditions. The
lower half of the table describes the action or actions to be taken
during the running of the program in response to each combina
tion of conditions.
264 The program flowchart (see pages 272-275) indicates the proc
essing steps, arithmetic calculations, decision points and input/
output functions which must be prepared in order to instruct
the computer in executing the required processing tasks. As a
cross-check that the logic is complete, it is useful to take each
rule on the decision table and trace it through the flowchart to
see if the flowchart shows the appropriate actions.
The detailed program steps were coded with the aid of the de Program P reparatio n
cision table and the program flowchart. This particular pro
gram was coded in a symbolic assembly language called AUTO
CODER. The source language instructions were written on
coding sheets with one line of coding for each computer in
struction (see pages 276-280). The numbers along the top
line of each coding sheet indicate the card columns in which
the information is to be punched. One card was punched for
each line on the sheets, so that the source language card deck
contained 118 cards. The numbers and comments which appear
in columns 46-72 of some lines are explanatory comments to
aid documentation. In line 03 on page 276, the number 1/23
means that this particular line of coding performs the function
described in page 1, block 23, of the program flowchart. Such
cross-references facilitate the future checking of program logic
and coding. Lines 10 and 11 on page 280 contain another
type of explanation which can be used on coding forms to
clarify coding logic. The instruction on line 10 reserves a 6-
character location in which the program can store an account
number. This instruction is explained by the comment which
begins in column 46 of line 10. Since the comment is longer
than the space available on line 10, it is continued on line 11.
The asterisk in column 6 on line 11 indicates that the line
contains an explanatory comment rather than a computer in
struction. This line will have no effect on the program, but it
will be printed out every time the source deck is listed.
W hen the source deck had been keypunched and verified, it
was assembled to produce a machine-language object deck. The
program listing which was obtained from the assembly process
became part of the permanent program documentation. This
listing (see pages 281-283) shows each symbolic source language
instruction and the corresponding machine-language instruction
produced by the assembler. It was very useful during the testing
and checking of the new program. 265
D ebugging The next step consisted of testing the new program and “de
bugging" any errors thus detected. Test cases were prepared to
test four of the five rules contained in the decision table. (The
fifth rule covers the last card condition; there was no need to
test for this condition since the test deck naturally had a last
card.) A keypunch worksheet (see page 286) was prepared for
the test cases, and their expected results were calculated in ad
vance. These manual calculations were compared later with the
output produced by the test case processing (see page 287).
Since the program output agreed with the pre-computed output,
the program could be considered ready for use in producing the
combined trial balance.
D o cu m en tatio n All of the forms and documents used in designing and im
plementing the combined trial balance program became part of
the program documentation. In addition, it was necessary to
prepare a set of instructions for the computer operator to follow
when running the program (see page 284). Such instructions
must always be fairly detailed so that the operator need not seek
assistance. If changes are made in the program, change records
should be filled out and attached to the documentation. There
were no control features in this simple program, so a listing of
controls was not prepared.
266
RUN MANUAL
267
26 8
269
270
271
272
273
274
275
276
277
278
279
2 8 0
281
PAGE 2
282
283
Operating Instructions
Combined Trial Balance Program MO73
December 27, 1967
Program D escription
Card Layout
C o m p an y code
S etu p
The input for the run consists of the program cards followed
by the ledger balance-forward cards which have been sorted
off-line into account-number order. There is no sentinel card
for the data.
The printer is used for output. Two-part paper—100 to 132
284
column—is required, either blank or lined. There is no special
form.
U N IT U S E D FOR
R eader In p u t o f program and data
P rin te r O utput
P unch N ot used
Sense S w itches N ot used
R estart
O u tp u t
Both copies of the output plus the program and data decks will
be picked up by a representative of the auditing firm o f . . . .
285
286
28 7
A P P E N D IX
Description of use
C onnector T e rm in a l
XXX
A1
S triping— a line draw n inside th e sym bol near top. T he reference inside th e stripe
id en tifies th e processing. The sym bol acts as a cross reference to th e de ta ile d flo w
charts fo r th e fu nction.
C onsole switch 1
should be o ff
A nno tatio n sym bol
Test
SW 1
Read P rint
payroll reports
Basic in p u t/o u tp u t sym bol d a ta
C om m ission
Punched card sym bol d a ta
P ap er ta p e
to m ag n etic
ta p e
conversion
S ales
P rint
In p u t/o u tp u t using a d o cu m en t. reports
D o cu m en t sym bol
Sales C re d it C ontrol
register pro b lem s report
For in put entered m a n u a lly a t th e tim e o f processing fro m o nline keyboards, c on
sole sw itches, etc.
M an u al in p u t sym bol
E nter d a te
via console
Tran sactio n s
O nline storage
sym bol
M a s te r U p d a te
file m a s te r
file
S ales 1
report O ff prem ises
storage
S ales
file
A : B C o m p a re A to B
Decision A >B A g re a te r th a n B
sym bol A <B A less th a n B
a ≥ b A g re a te r th a n o r equal to B
A≤ B A less th a n o r equal to B
YES Test
v a lu e of A :B
code
1 2 3 4
P redefined process
(s u b ro u tin e ) sym bol
In spect K eypunch
M a n u a l op eratio n invoice & ve rify
sym bol
T a p e to
S o rt ta p e
A u xiliary op eratio n cards converter
sym bol
R epresents th e entry or e xit point fo r th e system — start, stop, halt, in te rru p t, etc.
T e rm in al sym bol
s ta rt H a lt
Keying
C lerical M anual o p e ra tio n
o p eratio n o p eratio n
N one: use m a n u a l o p eratio n
N o n e b u t n o te proposed
in te rn a tio n a l s tandards
P red efined process
S orting
co llatin g
S ort
A nno tatio n
C o lla te
O fflin e storage
T ra n s m itta l
ta p e
O n lin e M anual
keyboard in p u t
N o n e - use d o c u m e n t
sym bol
296
International symbols
The reader may have noted in Figure C-3 (page 292) the omis
sion of some commonly used symbols. These are the proposed
international standard flowchart symbols (see Figure C-5 below),
which, if adopted, will form a supplement to the USA standard
symbols.
P arallel
m ode
M erge E xtract
S ort C o llate
297
A P P E N D IX
G LO SSA RY
1 A U E R B A C H C o m p u te r N o te b o o k fo r A c c o u n ta n ts is a looseleaf
reference serv ice, which is updated monthly and contains summaries of
computer systems, performance comparison charts, and special reports
for accountants. It is published by AUERBACH Info, Inc., Philadelphia,
and is available from the American Institute of Certified Public Ac
countants. 299
lute coding’’ rather than "coding, absolute” ). In the case of
terms with two or more meanings, the meanings are numbered
sequentially, with the most common or the most general one
listed first. The formal definitions are often followed by ex
amples and comments which clarify the meaning, usage and sig
nificance of each term defined in the glossary.
Several different types of cross-references are used. Their
meanings are as follows:
1. same as indicates that the referenced term has the same
meaning as the term containing the reference and that the
referenced term is the preferred one.
2. synonymous with indicates that the referenced term has the
same meaning as the term containing the reference and that
the term containing the reference is the preferred one.
3. contrast with indicates that the referenced term is a related
term that has a meaning significantly different from that of
the term containing the reference.
4. see also indicates that the referenced term is a related term
whose definition provides additional background or clarifi
cation.
5. see indicates that the referenced term is an alternative or
qualified form of the term containing the reference.
QUESTIONNAIRE FO R EVALUATION OF
INTERNAL CONTROL IN ELECTRO N IC DATA
PRO CESSIN G
1. Background
1-1. W here is the computer located?
1-2. Give a brief description of equipment
1-3. Applications
Cash □
Receivables □
Inventory □
Property, plant and equipment □
Payables □
Sales ■ □
Payroll □
Cost and expenses □
Other (list major ones below) □
2. Organization (Chapter 2)
6, Documentation (Chapter 3)
6-1. Is a run manual prepared for each com
puter run? □ □ C
6-2. Are operator instructions prepared for
each run? □ □ c
6-3. Are documentation practices adequate? □ □ c
Does the normal documentation for an
application include the following?
Yes No
Problem statement □ □
System flowchart □ □
Record layouts □ □
Program flowcharts □ □
Program listing □ □
Test data □ □
Operator instructions □ □
Summary of controls □ □
Approval and change record □ □
6-4. Is there supervisory review of documen
tation to ensure that it is adequate? □ □ B
6- 5. Is documentation kept up to date? □ □ C
335
Yes N o
creation of data and its conversion
to machine-readable form? □ □ A
(a) Procedural controls □
(b) M echanical or visual
verification □
(e) Cheek digit □
101-2. Is there adequate control over trans
m ittal and input of data to detect
loss or nonprocessing? Note data
field controlled. □ □ A
Field
(a) Financial control to ta ls---------
(b) Hash control to tals---------------
(c) Document co u n ts----------------
(d) Sequential numbering of
input documents ---------
(e) O th e r-------------------------
101-3. Are the input control totals and run-
to-run control totals for each applica
tion checked by someone other than
the equipment operator? □ □ A
By whom? ---------------------------------
101-4. If data transmission is used, are con
trols adequate to determine that
transmission is correct and no mes
sages are lost? □ □ B
(a) Message counts □
(b) Character counts □
(c) Dual transmission □
(d) O th e r--------------------
101-5. Is input data adequately tested for
validity, correctness and sequence? □ □ B
Note: Questions may have to be
applied to each important data field
of the input being reviewed by the
536 auditor.
Fields Tested
(a) V alidity tests:
(1) V alid c o d e___
(2) V alid character
(3) V alid field
(4) V alid transaction _
(5) V alid combinations
(6) Missing d a t a ---------
(b) Sequence -------------------
(c) Lim it -------------------------
(d) Reasonableness
(e) O th e r------------
Yes No
101-6. Is control over distribution of out
put adequate? Describe. □ □ B
101- 7. Describe the control function, if any,
for evaluating quality of output.
Y es N o
104-4. Are there adequate provisions for
periodically checking master file con
tents (Chapter 7)? □ □ B
Yes No
(a) Periodic printout and
review □ □
(b) Periodic test against
physical count □ □
(c) O th e r---------------------------------
104-5. Are the back-up and reconstruction
provisions adequate (Chapter 7 )? □ □ B
Describe -----------------------
340
INDEX
M
Macro instruction, 17, 258-259, 313 Q
Magnetic ink character reader, 51, 246 Questionnaire, use of in audit
Magnetic tape controls, 46-48 application, 334-340
Magnetic tape layout, 29 general, 326-333
Manual input, 313 service center, 226-229
Master file, 252, 256, 314
Master records, for audit tests, 163-166, 172-173
Memory (see storage) R
Memory layout, 28, 30, 314 Random access, 49-50, 52, 252-256, 317
Merge, 314 Real-time (or realtime), 206, 256, 317
Modulo N check, 62, 314 Reasonableness test, 65-66, 82, 337
Monitoring, 213 Reconstruction plan, 100-101
Monitor routine, 262, 314 Record, 252, 317
Multiprogramming, 314 Record count, 66-67, 220, 227, 317, 336 343
Record gap, 47, 317 System configuration, 252-255, 321
Record layout, 28-29, 34, 269-270, 317 System control, 108-111, 214
Record mark, 317 System description, 27
Record retention, 125-128 System flowchart, 27, 264, 268, 289, 331
Redundancy check, 39, 317 System testing, 213-214
Report file, 318 Systems analyst, 10-15
Report program generator (RPG), 259-261, 318
Reprocessing, 174-175
Rerun, 318 T
Rerun point, 318
Tabulating equipment operator, 10
Residue check, 62, 318 Tag, 321
Restart, 318, 338 Tape library, 93-94, 333
Retention plan, 95-100
Tape record, 93-95
Review of system, 132-133
Telecommunications, 322
Route slip, 68-69
Test data, 160-174, 222
Routine, 318
Test deck, 160-174, 222
Row parity check, 48, 318
Test routine, 322
Run, 24, 319
Tests for valid data, 64-66
Run manual, 26-32, 35-36, 263-288, 319
Tests of compliance, 114-115
Throughput, 322
s Time-sharing, 222-226, 322
Trace routine, 322
Secondary storage, 243-245, 319 Track, 322
Security protection, 90-91 Track parity check, 322
Selective dump, 319 Trailer record, 63-65, 322, 333
Self-checking code, 62-63, 319 Training in EDP, 7, 231-238
Self-checking number, 62-63, 319 Training, sources of, 236-238
Sense switch, 34, 84, 319 Transaction code, 322
Sentinel, 319 Transaction file, 253, 322
Separation of duties, 10-12, 327-328 Translator, 258-260, 322
Sequence test, 65, 337 Transmittal control, 68-69
Sequential processing, 252-256, 319 Trap, 323
Serial access, 252-256, 319 Troubleshoot, 323
Service center, 215-229
Snapshot, 319
Software, 241-242, 319 U
Son-father tapes, 96-97
Sort, 319 Unit record, 323
Source document, 320 Unit record equipment operator, 10-15
Source language, 258-260, 265, 320 USASl (United States of America Standards Insti
tute), 289-290
Source program, 258-260, 265, 320
Stacker, 320 Utility routine, 261, 323
Standard operating procedures, 18-19
Standards, 16-18
Storage, 243-244 V
Storage dump, 320 Validity check, 40-43, 46, 53, 64-66, 323, 337
Storage protection, 95, 303, 320 Variable-length record, 323
Subroutine, 262, 320
Verifier, 60-61, 64, 323
Summation check, 320
Verify, 60-62, 323
Supervisory routine, 262, 320
Symbolic address, 321
Symbolic coding, 258-261, 265-266, 276-283, 321
Synchronization check, 46, 321
w
System, 321 Word, 323
34 4 System analysis, 10-15, 321 Working storage, 323
P rin te d by Lenz & R iecker, In c.