Scribd
Upload
22 views21 pages

Study Unit 1 - Computer Auditing 2024 - Lecture 1

Auditing Notes

Uploaded by

tmagoeta
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
22 views21 pages

Study Unit 1 - Computer Auditing 2024 - Lecture 1

Auditing Notes

Uploaded by

tmagoeta
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 21

Unit 1

22-23 JULY 2024


Computer Auditing
In this lecture we will cover…

•General controls
1

•Application controls
2

2
CONTROL ENVIRONMENT

Communication and IT management’s


1 enforcement of integrity 4 philosophy and operating
and ethical values cycle

Organisational structure
Commitment to
2 competence 5 and assignment of authority
and responsibility

3
1. Controls that establish an overall framework of control
over computer activities?

2. Controls that are relevant to specific tasks?

3. Controls that relate to specific computer


software applications and the individual
transactions?

4. Any control that contribute to the accurate and


complete recording and processing of transactions that
have actually occurred?
?
5. Controls that should be in place before any
processing of transactions gets underway? 4
CATEGORIES OF GENERAL CONTROLS

Change
management
controls
Access
Controls Continuity of
operations

Documentation

System
development &
Implementation
Controls
End-user
computing
controls System
software &
operating
controls

5
ACCESS CONTROLS
Logging

Defense in depth
Security Physical
Fail safe
policy access

Least privilege

Other access
Access Passwords and control
consideration

6
SYSTEMS DEVELOPMENT AND IMPLEMENTATION CONTROLS

2 OPTIONS

Off the shelve


Customised (in-
(packaged)
house system)
system

7
SYSTEMS DEVELOPMENT AND IMPLEMENTATION CONTROLS

Standards Change standards


Project approval Requests
Project management Project management Program change by
User requirements Project approval programmers
Systems specifications and Approval Manage change
programming Change to a development
Training
Testing program
Conversion
Final approval Update all documentation
Post implementation review
Training Transfer to live operating
Documentation environment
Conversion
IT manager view log of
Post-implementation review program changes 8
Documentation
CONTINUITY OF OPERATIONS

 Natural disasters
 Attack or abuse by unauthorised people
 Crime
 Social unrests
 Pandemics

Physical security and Disaster recovery controls

9
SYSTEM DEVELOPMENT AND SOFTWARE

This relates to systems that are needed to support the accounting system.
Network connections, databases, system development software that can impact the
financial information indirectly.

 Operating system software


 Network management software
 Database management software
 System development software
 System support programmes

NOTE: IT department must ensure these programmes operate as they should.

10
DOCUMENTATION
Sound documentation policies are essential.

There are two objectives to documentation:


 All aspects should be clearly documented
 Documents only accessible by authorised staff

 Documentation standards:
 General system descriptions
 Detailed descriptions of large programmes
 Operator and user instructions
 Back-up and disaster recovery procedures
 Security procedure and policy
 User training

11
•Application controls

1.Description
2.Control activities – self study
-Access controls
• Batching
3.Control techniques •

Screen aids
Programme controls
• Output controls
• Logs and reports
• Masterfile amendments

12
DESCRIPTION
APPLICATION CONTROLS
Any control in an application that contribute to the accurate and complete
recording and processing of transactions that have actually occurred.

OBJECTIVE OF APPLICATION CONTROLS


 Occurrence and authorisation
 Accuracy
 Completeness

13
CONTROL TECHNIQUES – BATCHING
BATCHING

Name Surname Years employed Monthly Salary


Lesego Khumalo 13 R7500
$10.23
FINANCIAL
TOTAL

Segopotje Malatji 21 R10 000


Caroline Koto
HASH TOTAL
2 R3 700 RECORD
COUNT = 4

14
CONTROL TECHNIQUES – BATCHING
 BATCHING

1) Batch entry, batch processing/update


2) On-line entry, batch processing/update
3) On-line entry, real-time processing/update

15
CONTROL TECHNIQUES – SCREEN AIDS
SCREEN AIDS AND RELATED FEATURES

 Minimum keying in of information


 Screen dialogue and prompts
 Mandatory fields
 Shading/greying of fields

16
PROCCESSING OF TRANSACTIONS

Programme controls
Output controls

 Input
 Processing Stages through which transactions flow
 Output through the system

17
CONTROL TECHNIQUES – PROGRAMME CONTROLS
PROGRAMME CONTROLS – INPUT AND PROCESSING
 Input

 Existence/validity checks  Format checks


 Reasonableness and limit checks  Check digits
 Dependency checks  Sequence checks

 Processing

 Programme edit check


 Programme reconciliation checks

18
CONTROL TECHNIQUES

 OUTPUT CONTROLS
 Preventive controls
 Detective controls

 LOGS AND REPORTS


1)Audit trails 2)Run to run balancing reports
3)Override reports 4)Exception reports
5)Activity reports 6)Access/access violation reports

19
CONTROL TECHNIQUES - MASTERFILE AMENDMENTS

 PROCEDURE
 Record all Masterfile amendments on a source document
 Authorise MAF
 Only authorised amendments onto the system (Accurate and complete)
 Review Masterfile amendments (occurrence, authorisation, accuracy and
completeness)

NOTE: FOR EVERY PROCEDURE THERE IS AN APPLICATION CONTROL(S)

20
21

You might also like