Computerised Controls

Week 9

Derisa Govender
This material has been reproduced and communicated to you by or on behalf of the University of Cape
Town (“UCT”) for the educational purposes of the University. The material in this communication may
be subject to copyright under the Copyright Act (No. 98 of 1978) (the “Act”) and was specifically
commissioned and/or created during the course and scope of the various authors' employment with
UCT and was created for UCT's exclusive use. Its use is only for students of UCT enrolled for the relevant
particular course and any further reproduction or communication of this material by you may be the
subject of copyright protection under the Act. Please be aware that UCT has reserved all rights in the
Copyrighted Works

©2023 UCT, All Rights Reserved

 LEARNING OUTCOMES

In this module, you will:

• Assess the organisation's control framework and policies in a computerised environment and how it supports the
achievement of the entity's business objectives.
• IT general controls such as change management, access, computer operations, business continuity management
and disaster recovery planning, systems development life cycle, cyber security.
The above general controls must be understood in the context of financial and non-financial information systems
• Monitoring and improving the effectiveness of controls.
• Systems of internal controls, including the diagnosis (and recommendations for improvement) of weaknesses in
these systems in risk reduction.
• Describe possible IT and digital solutions to automate and improve existing processes and/or introduce new
technologies by considering different alternatives, key factors and cost-benefit implications.
• Understand the IT governance structures and practices of the organisation in a computerised environment.
• Apply cybersecurity processes, tools and techniques to mitigate cyber risks to the organisation
• Review the organisation’s overall IT and data strategy (e.g., data quality, accessibility, interoperability and
compliance with standards).
 Our
Plan for the two-week plan
week:
Your turn!

Application
Introduction to controls
Computerised
Controls

ITGCs and its

components
 IT Environment

Computerised Environment

General Application

Controls that allow us Controls that allow us to

to access the general IT access specific systems within
system the IT environment.
 IT
IT Environment
Infrastructure

PeopleSoft

MS
PowerPoint MS Word

Google
Amathuba
Chrome
 Application Controls
IT General Controls

Manual Manual Automated

controls dependent controls
Performed by controls Performed by
human only Performed by computer
human and system only
computer
system
Flow of Information – Manual system
Customer makes a
Initiate Transaction purchase

The salesperson writes

Record Source document
an invoice by hand

DR Bank
Process Accounting records
CR Revenue

Sales line item in the

Report Financial statements
financial statements
Flow of Information – Automated system

Initiate
Initiate Transaction transaction on
the system

Input any source

Record Source document documents into
system

Accounting records Process

Process transaction
Master file
amendment
and storage
Report Financial statements Output
Flow of Information – Automated system

Initiate
Initiate Transaction transaction on
the system

Input any source

Record Source document documents into
system

Accounting records Process

Process transaction
Master file
amendment
and storage
Report Financial statements Output
 Application Controls
IT General Controls
Input Who should be able to input information?
controls

Processing
controls
Masterfile
Amendment controls
Output
controls
 Creating an Account
IT General Controls

Why do we create an account?

Allows for Minimises

Ensures Allows
gathering of Safety and re- entering
human is enforcement
customer Privacy of
using service of standards
information information
 Application Controls
IT General Controls
Input
controls

Processing
controls
Masterfile
Amendment controls
Output
controls
 Input Controls
Controls designed to ensure that data entered is valid, accurate and complete.

Controls designed to ensure that data entered is

Unauthorised transactions being entered onto the

system.

Data in the system being manipulated without

Risks addressed: authorisation.

Data is inaccurately recorded.

Data not being fully captured by the system.

Input Controls – User-related controls
Controls designed to ensure that data entered is valid, accurate and complete.

Staff Segregation Access

training of duties profiles
 Input Controls – Screen aids
Controls designed to ensure that data entered is valid, accurate and complete.

User-friendly Minimum Help function Confirmation

layout input format screen
 Input Controls – Logical controls
Controls designed to ensure that data entered is valid, accurate and complete.

Limit test Related data Alphanumeric Field length

Validity test
(Range check) test test test
• Confirms • Tests data • Matches • Restricts • Places a limit
data entered entered data entered numbers or
against a • against a to another entered to prescription
database pre- set of data alphabets on the
determined entered by and/or number of
benchmark the user numbers characters
that can be
entered
 Input Controls – Logical controls
Controls designed to ensure that data entered is valid, accurate and complete.

Completeness Reasonability Drop-down

Format check Sign test
test test arrows
• Checks if • Requires a • Tests inputs • Requires • A function
data entered field to be against a inputs to that allows
conforms to completed reasonable either be user to
a specific before range positive or select
format continuing negative options from
a list
 Processing Controls
Controls designed to ensure that data entered is valid, accurate and complete.

Controls designed to ensure that data that is being processed is valid, accurate
and complete.

Data being lost, corrupted or changed during

processing.

Calculation or accounting errors.

Risks addressed:

Invalid/duplicate data during processing.

Data not being fully processed by the system.

 Processing Controls – Totals
Controls designed to ensure that data entered is valid, accurate and complete.

Totals can be calculated and reconciled, with differences investigated.

Financial fields Hash totals

• Checks if data entered • Sum of data for verification

conforms to a specific purposes
format
 Processing Controls – Totals
Controls designed to ensure that data entered is valid, accurate and complete.

Totals can be calculated and reconciled, with differences investigated.

Financial fields Hash totals Record counts

• Checks if data • Sum of data for • Tests inputs

entered verification against a
conforms to a purposes reasonable
specific format range
 Processing Controls – Sequencing
Controls designed to ensure that data entered is valid, accurate and complete.

Processed data can be checked to ensure all data has been processed.

Sequence check Completeness test

• A check to determine if • A test to identify missing

transactions/documents reference numbers.
being processed follow a
sequence.
 Output Controls
Controls designed to ensure that data entered is valid, accurate and complete.

Controls designed to ensure that data is valid, is prepared accurately, is

complete and is only distributed to authorised persons.

Output being distributed to

unauthorised persons.

Risks addressed:
Output being incomplete or
inaccurate.

Output not agreeing with underlying

data from the system.
 Output Controls
Controls designed to ensure that data entered is valid, accurate and complete.

Check Access
page controls/
numbers approved
& table of distribution
contents list

Isolation of
responsibility Clear structure

Sequence checks Reconciliations

 Masterfile Amendment Controls
Controls designed to ensure that data entered is valid, accurate and complete.

Controls designed to ensure that masterfile amendments are authorised, and

captured accurately and completely.

Unauthorised amendments being

made.

Risks addressed:
Errors in capturing the
amendments.

Not all amendments being captured.

 Masterfile Amendment Controls
What is a masterfile?

A collection of information that the computer needs in order to run programs

effectively.

Why would a masterfile need to be changed?

If the underlying information changes.

What is the process for making a Masterfile amendment?

Masterfile Amendment Controls
Controls designed to ensure that data entered is valid, accurate and complete.

Validity (Preventing fictitious or

unapproved changes)
Review and
Only certain One approved
authorise
One approved approved terminal used
amendments
person to employees to make
and sign the
make should have changes to
MAF as
changes. access to the the
evidence of
masterfiles. masterfile.
review.
 Masterfile Amendment Controls
Controls designed to ensure that data entered is valid, accurate and complete.

Accuracy (Preventing capturing errors

during changes)
Extract a report
of all
Review all
amendments
amendments One approved
captured and All INPUT
and agree this person to make
reconcile to the controls
to supporting changes.
authorised
documentation.
amendments
document.
Masterfile Amendment Controls
Controls designed to ensure that data entered is valid, accurate and complete.

Completeness (Preventing not all changes

being captured)
Extract a report of
all amendments
captured and Maintain a
Sequence checks reconcile to the masterfile request
authorised register.
amendments
document.
 Our
Plan for the two-week plan
week:
Your turn!

Application
Introduction to controls
Computerised
Controls

ITGCs and its

components