Académique Documents
Professionnel Documents
Culture Documents
Module H
Auditing in a Computerized Environment
"To err is human, but to really foul things up you need a computer. Paul Ehrlich, Technology commentator
Mod H-2
Consider controls over computerized processing in understanding, assessment, and testing phases of evaluation of internal control
Mod H-3
Mod H-4
Mod H-6
Examples include passwords, automatic terminal logoff, and reviewing access rights and comparing to usage
Mod H-7
Mod H-8
Input Controls
Provide reasonable assurance that
All transactions input Transactions input once and only once Transactions input accurately
Examples
Data entry and formatting Check digits Record counts Batch totals Hash totals
Mod H-9
Processing Controls
Provide reasonable assurance that
Transactions are processed accurately All transactions are processed Transactions are processed once and only once
Examples
Test processing accuracy of programs File and operator controls Run-to-run totals Control total reports Limit and reasonableness tests Error correction and resubmission
Mod H-10
Output Controls
Provide reasonable assurance that
Output reflects accurate processing Only authorized persons receive output or have access to files generated from processing
Examples
Review of output for reasonableness Control total reports Master file changes Output distribution limited to appropriate person(s)
Mod H-11
Mod H-13
Parallel simulation
Mod H-14
Test data: Tested in a separate processing run by client Integrated test facility: Simulated data processed along with actual data
Mod H-15
Benchmarking
Audit team tests operating effectiveness of automated application controls to establish baseline Can continue to rely on automated application controls if:
Test general controls related to program changes, access to programs and data, and computer operations General controls continue to operate effectively Automated application controls have not changed since the baseline
Mod H-16