Prepared by Paula Funkhouser University of Nevada, Reno Core Concepts of Accounting Information Systems, 13th Edition Mark G Simkin ● Jacob M Rose ● Carolyn S Norman Computer Controls for Organizations and Accounting Information Systems Chapter 14 Chapter 14: Computer Controls for Organizations and Accounting Information Systems • Introduction • Enterprise Level Controls • General Controls for Information Technology • Application Controls for Transaction Processing Copyright © 2015 John Wiley & Sons, Inc All rights reserved Enterprise Level Controls • Consistent policies and procedures • Management’s risk assessment process • Centralized processing and controls • Controls to monitor results of operations Copyright © 2015 John Wiley & Sons, Inc All rights reserved Enterprise Level Controls • Controls to monitor the internal audit function, the audit committee, and self-assessment programs • Period-end financial reporting process • Board-approved policies that address significant business control and risk management practices Copyright © 2015 John Wiley & Sons, Inc All rights reserved Risk Assessment and Security Policies Copyright © 2015 John Wiley & Sons, Inc All rights reserved Integrated Security for the Organization • Physical Security – Measures used to protect its facilities, resources, or proprietary data stored on physical media • Logical Security – Limit access to system and information to authorized individuals • Integrated Security – – Combines physical and logical elements Supported by comprehensive security policy Copyright © 2015 John Wiley & Sons, Inc All rights reserved Physical and Logical Security Copyright © 2015 John Wiley & Sons, Inc All rights reserved General Controls for Information Technology • Access to Data, Hardware, and Software • Protection of Systems and Data with Personnel Policies • Protection of Systems and Data with Technology and Facilities Copyright © 2015 John Wiley & Sons, Inc All rights reserved General Controls for Information Technology • IT general controls apply to all information systems • Major Objectives – Access to programs and data is limited to authorized users – Data and systems protected from change, theft, and loss – Computer programs are authorized, tested, and approved before usage Copyright © 2015 John Wiley & Sons, Inc All rights reserved Access to Data, Hardware, and Software • Utilization of strong passwords – or more characters in length… or longer – Different types of characters – Letters, numbers, symbols • Biometric identification – Distinctive user physical characteristics – Voice patterns, fingerprints, facial patterns, retina prints, body odor 10 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Input Controls • Purpose – Ensure validity – Ensure accuracy – Ensure completeness • Categories – Observation, recording, and transcription of data – Edit tests – Additional input controls 34 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Observation, Recording, and Transcription of Data • Confirmation mechanism • Dual observation • Point-of-sale devices (POS) • Preprinted recording forms 35 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Preprinted Recording Form 36 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Edit Tests • Input Validation Routines (Edit Programs) – Programs or subroutines – Check validity and accuracy of input data • Edit Tests – Examine selected fields of input data – Rejects data not meeting preestablished standards of quality 37 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Edit Tests 38 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Edit Tests 39 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Additional Input Controls • Validity Test – Transactions matched with master data files – Transactions lacking a match are rejected • Check-Digit Control Procedure 40 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Processing Controls • Purpose – Focus on manipulation of accounting data – Contribute to a good audit trail • Two Types – Control totals – Data manipulation controls 41 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Audit Trail 42 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Control Totals • Common Processing Control Procedures – Batch control total – Financial control total – Nonfinancial control total – Record count – Hash total 43 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Data Manipulation Controls • Data Processing – Following validation of input data – Data manipulated to produce decision-useful information • Processing Control Procedures – Software Documentation – Error-Testing Compiler – Utilization of Test Data 44 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Output Controls • Purpose – Ensure validity – Ensure accuracy – Ensure completeness • Major Types – Validating Processing Results – Regulating Distribution and Use of Printed Output 45 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Output Controls • Validating Processing Results – Preparation of activity listings – Provide detailed listings of changes to master files • Regulating Distribution and Use of Printed Output – Forms control – Pre-numbered forms – Authorized distribution list 46 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Study Break #4 A is a security appliance that runs behind a firewall and allows remote users to access entity resources by using wireless, handheld devices A Data encryption B WAN C Checkpoint D VPN 47 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Study Break #5 Organizations use controls to prevent, detect, and correct errors and irregularities in transactions that are processed A Specific B General C Application D Input 48 Copyright © 2015 John Wiley & Sons, Inc All rights reserved .. .Chapter 14: Computer Controls for Organizations and Accounting Information Systems • Introduction • Enterprise Level Controls • General Controls for Information Technology... reserved General Controls for Information Technology • Access to Data, Hardware, and Software • Protection of Systems and Data with Personnel Policies • Protection of Systems and Data with Technology... Policies to Protect Systems and Data • Separation of Duties – Separate Accounting and Information Processing from Other Subsystems – Separate Responsibilities within IT Environment • Use of Computer