A medium size firm which has been your client for several years has changed from a manual accounting system to computerised one. State and explain the factors which you will take into account when planning the first audit under the new system.
Computer security is of vital importance not only to the accountant in industry but also to the accountant in practice who may be advising his client as to suitable security controls or who may be auditing a computer system. Security is the means by which losses are controlled and therefore involves the identification of risks and the institution of measures to either prevent such risks entirely or to reduce their impact.
(a) State four areas of risk which may arise in relation to a computer system and in each case explain one factor which could lead to the system being exposed to such risk.
(b) Describe the different forms of control which should be instituted to safeguard against computer security risks.
The auditor of a company with an Electronic Data Processing (CIS) based accounting system should remember that if the quality of the input is controlled, the output will “look after itself”
(a) Discuss the application of this statement, citing suitable examples. (4 marks)
(b) Describe six major procedural controls which the auditor would expect to find in operation, three relating to input and 3 to output. (12 marks)
The usual implication of on-line computer systems is that the user can have direct access to the master files within the system, through the medium of a terminal.
(a) Describe the potential control weaknesses, specific to on-line systems.
(b) Detail the methods that can be adopted to overcome these weaknesses.