Lesson 2 (Ii) Internal Controls in A Computerised Environment
Lesson 2 (Ii) Internal Controls in A Computerised Environment
Internal Controls in a
Computerized Environment
University of Colombo - Faculty of Management & Finance
Bachelor of Business Administration 2023
Semester V
BBA 3304 – Auditing
By: P. I. S. Jayathilaka
Internal Controls in a Computerised
Environment
IT Controls
General Application
Controls Controls
General Controls
• Policies and procedures that relate to many applications and
support the effective functioning of application controls by
helping to ensure the continued proper operation of
information systems.
• E.g.
• Software and hardware access controls
• Controls over data center
• Controls over network operation
Examples of General Controls
1. Controls in development of computer applications
Standards over systems design, programming and documentation
Full testing procedures using test data
Approval by computer users and management
Segregation of duties so that those responsible for design are not
responsible for testing
Installation procedures so that data is not corrupted in transition
Training of staff in new procedures and availability of adequate
documentation
Examples of General Controls (Contd..)
2. Controls for prevention or detection of unauthorized changes
to programs
Segregation of duties
Password protection of programs so that access is limited to
computer operations staff
Full records of program changes
Restricted access to central computer by locked doors, keypads
Use of anti-virus software
Policy prohibiting use of non-authorised programs or files
Back-up copies of programs being taken and stored in other locations
Examples of General Controls (Contd..)
3. Controls to prevent unauthorized amendments to data files
Password protection
Restricted access to authorised users only
Output controls
4. Master files and standing data controls- Wages master file could be
forwarded monthly to the personnel department to ensure employees
listed have personnel records.