IT Application controls:
IT submission
Manage classically function at a business course rank and be valid to the dispensation
of the announcement in personality submission (e.g. sales or buy or operating cost).
Application
Manage helps to make sure that dealings are properly official, precisely process, and time spread.
Examples
of IT submission Manage:
Following
are the main categories of IT submission Manage:
Manage over
Input
Manage over
Processing
Manage over
Output
Manage over
Master folder/reputation Data
Examples
of IT Application Controls:
Manage over
Input
Use of
Log-in identification and code word for the worker.
Approval of
source credentials (used for input)
Basis Data mechanization
(e.g. Use of Bar Codes)
Data
Validation Control
Boundary Experiment
(A confirmation to make sure that a numerical worth does not surpass some prearranged
worth).
Series/sensibleness
Examination (A check to make sure that a geometric rate does not go down outside
the prearranged variety of standards e.g. pay of workers drop within 10,000 to
25,000)
Sequence Examination
(A make sure to ensure that all entrances in a batch of input information are inappropriate
algebraic succession e.g. there is no absent obtain demand)
Survival examination
(A check to make sure that a code/number survives by looking up the code in the applicable
documentation e.g. whether a dealer survives.)
Arrangement/Field
examination (A check to guarantee that format of facts in a countryside is moreover
alphabet or numeric or alphanumeric e.g. that there are no alphabets in a sales
demand number countryside).
Make sure-digit
(A make sure-digit is a digit that is intended in an arithmetical way from the unique
code and then is extra to the end of the code as additional-digit e.g. to notice
transposition fault.
Manage over dispensation
Control
Totals:
It may be a figure of the Number of dealings or assessment
of dealings on a consignment/folder.
A physically
intended number/value of proceedings is in contrast with the number/worth of confirmation
procedure by PC to guarantee that they agree”
Limit examination.
Range examination.
On-Screen
Prompts:
On-screen punctual
are used to make sure that a deal is not left partly processed.
Scratch a folder
as interpret only.
Checkpoint
and upturn measures.
Manage over productivity.
Constraint
on the produce of confidential reports.
Delivery of
report limited to pertinent/authorized employees only.
An allocation log should be reserved (i.e. when a report was equipped, list of its proposed beneficiary, and acknowledgment of receiver)
Audit pursue
Exemption cleverness
presentation data that does not obey the rules to particular principle.
Manage over
Master folder/status data
Record-calculate
in a master folder
Regular inform
to master archive.
Appraisal of the master folder by the organization.
CONTROLS OVER DATA TRANSMISSION
Data
Encryption:
Encryption
is the process of convert
There
are two methods of encryption:
1. Symmetric
(in which some keys are worn to encrypt and decrypt facts.)
2.
Asymmetric (in which dissimilar keys are used to encrypt and decrypt statistics
this is occasionally known as a community-personal key)
There are
two types of symmetric encryption i.e. Block nobody (in which a flat length slab
is encrypted)
Stream secret
message (in which the facts are encrypted one 'information unit'. classically 1
byte, at a time in the same order it was gain in.
AUDITING
AROUND COMPUTERS VS.AUDITING THROUGH COMPUTERS
Auditing
About Computers:
“Auditing about Computers” means that the customer’s
‘interior’ software is not audited.
Auditor agrees with inputs of the scheme with productivity and contrasts real production with predictable
production.
This scheme
of auditing boosts audit danger because:
The actual records
and agenda of the computer scheme are not experienced.
The auditor
has no straight confirmation that the agenda is working as documented.
Where faults
are found in integration contribution to production, it may be hard or even unfeasible
to decide how those mistakes happen.
Auditing
Through Computers:
“Auditing from
first to last on Computers” means that the auditor uses a variety of methods.
(e.g. CAATs)
to assess customer’s mechanized in order scheme to decide dependability of its process
(along with its production).”
COMPUTER-ASSISTED AUDIT TECHNIQUES (CAATs)
Computer support
Audit methods (CAATs): CAATs are the use of workstation methods by auditors to execute
measures and attain audit-proof.
1. Examination
Data (used as Management of Examination).
2. Inspection
Software’s (used as Substantive events)
Uses
of CAATs by Auditor:
CAATs are frequently executing by auditors where adequate audit track is not obtainable, or auditor wants
to confirm the accurateness and wholeness of dispensation e.g.
1. In the
theater experiment of Manage e.g. to make sure wholeness of auction/obtain demand.
2. To make
sure exactness and wholeness of agenda supplied by customer (e.g. earnings, decrease)
3. In logical
events (e.g. in discrepancy study, wages ratios).
4. In exampling
(e.g. stratification, taster choice).
5. In the discovery
of strange items.
 |
| Automated application controls examples |
Advantages of CAAT:
1. Enables auditor to examination agenda
controls (i.e. “reviewer through computers”) and not just duplicate or
printouts.
2. Enable
auditors to examine a large quantity of data truthfully and totally.
3. Reduce the Rank of human mistakes in executing audit measures.
4. Reduces hard work on routine work and gives chance to focus on the condemnatory region.
Disadvantages of CAAT:
1. Luxurious
to set up (High speculation needed for communications and preparation of staff).
2. Need collaboration of the customer.