Step 2
Step 2
2-Automated controls include validation and edit checks, programmed logic functions, and controls.
3-Manual controls are those that auditors or staff manually verify, such as
4-The purpose of both automated and manual controls is to verify the following:
. Discovering and identifying application components so that transaction flow can be analyzed.
. Determining the appropriate audit procedures to perform tests to evaluate strengths and
weaknesses of the application.
. Analyzing test results.
. Validating the results and reporting on the application’s effectiveness and efficiency. The results
should also be measured against good programming standards and com- pared against management’s
objectives for the application.
The audit engagement letter should set out clearly the types of matters that will be reviewed during
the audit and the scope of such review.
Next, review the long- and short-term goals Finally, review the organization’s goals.
Next, review application controls, data integrity controls, and controls for busi- ness systems.
- When reviewing input controls, the auditor must
ensure that all transactions have been entered correctly. Whatever controls are used, they should be
capable of checking that input is valid. This becomes important because in many automated systems,
the output of one sys- tem is the input of another. In such situations, data should be checked to verify
the informa- tion from both the sending and receiving applications.
transactions into a group. This group then has a value assigned. The total of this transaction can be
based on dol- lar amounts, total counts, total document numbers, or hash totals. This number should
match the count in the receivables system.
choosing a selected number of fields in a series of transactions. These values are computed again later
to see if the numbers match. An incorrect value indicates that some- thing has been lost, entered
incorrectly, or corrupted somehow.
- Hash Totals
The use of hash totals is similar to how cryptographic hashing algrothims such as MD5 or SHA1 are
used to verify integrity.
- Batch Controls Be aware that the CISA exam might ask questions about what is considered a
valid batch control.
Test candidates should understand each type and know that batch controls are used to detect loss,
duplication, or corruption of data.