INTERNAL CONTROLS SEGREGATION OF DUTIES SEGREGATION OF DUTIES
When apparently incompatible functions are combined
in the computer system, compensating controls are necessary to prevent improper human intervention with computer processing
A person with opportunity to make
unauthorized charges in computer programs or data files is in a position to exploit the concentration of data processing functions in computer system. DELEGATION OF AUTHORITY AND RESPONSIBILITY DELEGATION OF AUTHORITY AND RESPONSIBILITY
A clear line of responsibility is an essential control in
both manual and computer system.
In computer system, however delegating
authority and responsibility in an ambiguous way might be difficult because some resources are shared among multiple users. COMPETENT AND TRUSTWORTHY PERSONNEL COMPETENT AND TRUSTWORTHY PERSONNEL Substantial power is often vested in the persons responsible for the computer-based information systems developed, implemented, operated, and maintained within organizations.
Ensuring that an organization has competent
and trustworthy information systems personnel is a difficult task. ADEQUATE DOCUMENTS AND RECORDS ADEQUATE DOCUMENTS AND RECORDS
In computer systems, documents might not be used to
support the initiation, execution, and recording of some transactions.
Audit trails are often more extensive than
those maintained in manual systems. PHYSICAL CONTROL over ASSETS AND RECORDS PHYSICAL CONTROL over ASSETS AND RECORDS
Purpose is to ensure that only authorized personnel
have access to the firm’s assets.
In a computer system, however, all the necessary
records can be maintained at a single site-namely, the site where the computer is located.
In a computer system, however, data communications
facilities can be used to enable employees to be closer to the customers they serve. Supervisory controls must be built into the computer system to compensate for the controls that usually can be exercised through observation and inquiry
Make the activities of employees less visible to management.
Because many activities are performed electronically, managers must periodically access the audit trail of employee activities and examine it for unauthorized actions. INDEPENDENT CHECKS ON PERFORMANCE INDEPENDENT CHECKS ON PERFORMANCE
If the program code in a computer system is authorized,
accurate, and complete, the system always follow the designated procedures in the absence of some other types of failure .
Independent check on the performance of programs often
have a little value.
Insofar, as many independent checks on performance
are no longer appropriate, auditors must now evaluate the controls established from program development, modification, operation, and maintenance.