Lesson 02 (ii)

Internal Controls in a
Computerized Environment
University of Colombo - Faculty of Management & Finance
Bachelor of Business Administration 2023
Semester V
BBA 3304 – Auditing
By: P. I. S. Jayathilaka
Internal Controls in a Computerised
Environment

IT Controls

General Application
Controls Controls
General Controls
• Policies and procedures that relate to many applications and
support the effective functioning of application controls by
helping to ensure the continued proper operation of
information systems.
• E.g.
• Software and hardware access controls
• Controls over data center
• Controls over network operation
Examples of General Controls
1. Controls in development of computer applications
Standards over systems design, programming and documentation
Full testing procedures using test data
Approval by computer users and management
Segregation of duties so that those responsible for design are not
responsible for testing
Installation procedures so that data is not corrupted in transition
Training of staff in new procedures and availability of adequate
documentation
Examples of General Controls (Contd..)
2. Controls for prevention or detection of unauthorized changes
to programs
Segregation of duties
Password protection of programs so that access is limited to
computer operations staff
Full records of program changes
Restricted access to central computer by locked doors, keypads
Use of anti-virus software
Policy prohibiting use of non-authorised programs or files
Back-up copies of programs being taken and stored in other locations
Examples of General Controls (Contd..)
3. Controls to prevent unauthorized amendments to data files
Password protection
Restricted access to authorised users only

4. Controls to ensure continuity of operation

Storing extra copies of programs and data files offsite
Protection of equipment against fire and other hazards
Back-up power sources
Disaster recovery procedures eg availability of back-up computer facilities.
Maintenance agreements and insurance
Application Controls
• Application controls are transactions and data relating to
each computer-based application system and are specific to
each application. The objectives of application controls,
which may be manual or programmed, are to ensure the
completeness and accuracy of the records and the validity of
the entries made therein.
• Application controls are relate to procedures used to initiate,
record, process and report transactions or other financial
data.
Categories of Application Controls
Completeness
Application Controls

Input controls Accuracy

Processing controls Authorization

Output controls

Master files and standing data controls

Examples of Application Controls
1. Input controls
• Completeness: Document counts- E.g. operation of batch controls using
accounting software would be the checking of a manually produced figure
for the total gross value of purchase invoices against that produced on
screen when the batch-processing option is used to input the invoices.
• Accuracy:
Existence check, eg that a supplier account exists,
Character check, eg that there are no alphabetical characters in a sales invoice
number field
• Authorisation: manual checks to ensure information input was authorised
Examples of Application Controls (contd..)
2. Processing controls- Screen warnings can prevent people logging out
before processing is complete.

3. Output controls- Wages exception report showing employees being

paid more than Rs. 200,000/-

4. Master files and standing data controls- Wages master file could be
forwarded monthly to the personnel department to ensure employees
listed have personnel records.