PURPOSE AND CONTROL TECHNIQUES IN APPLICATION CONTROLS


Completeness: Input

Purpose: All transactions are recorded, input and accepted by the computer (Control over the numbers of documents). Each document is processed only once.

Some control techniques which may be applied by the computer (programmed procedures) or by the user (Manual). All rejected data must be investigated and corrected. Control data, matching sequence, one for one.

Completeness: Processing

Purpose: All input and accepted data updates the master file. Output reports are complete.

Control techniques include Control totals, matching sequence, one for one, summary processing (all after updates)

Accuracy: Input

Purpose: Control over the data fields to ensure the accuracy of data transcribed from source to input-document (where applicable) and the data are accurately converted to machine-readable form.

Control techniques include Control totals matching, one for one, programmed checks (e.g. reasonableness).

Accuracy: Processing

Purpose: Accurate data are carried through processing to the master file. Computer generated data are accurate. Output reports are accurate.

Control techniques include Control (after update) one for one, summary processing, manual reconciliation of accepted items, totals with file totals.

Master Files and Standing Data: Validity

Purpose Only authorised data updates the master files. No changes to the data are made after authorisation.

Control techniques include Programmed checks (e.g authority limits), manual authorization and review

Master Files and Standing Data: Maintenance

Purpose: Data on master files cannot be changed without authority and there are no long outstanding or unusual items on file.

Control techniques include: Manual reconciliation of file totals with manual control account, exception reports.

Tests the auditor does and all these application controls are to be found in the Appendix.

Auditors are bound to investigate the system of internal control of their client's organization before the execution of detailed audit tests. The system produces the records, the records produce the final accounts on which the auditor has to report. In an EDP system the nature of internal controls is strikingly different and therefore it becomes necessary for the auditor to open his mind to changes which become necessary. In a conventional system, visual scrutiny of every function is possible at every stage of recording and the allocation of duties is relatively straightforward.