1 / 40

การควบคุมในระบบบัญชีที่ใช้คอมพิวเตอร์

การควบคุมในระบบบัญชีที่ใช้คอมพิวเตอร์. Control Activities - I. Control Activities as related to Financial Reporting may be classified according to their intended uses in a system: Preventive Controls block adverse events, such as errors or losses, from occurring

ralls
Download Presentation

การควบคุมในระบบบัญชีที่ใช้คอมพิวเตอร์

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. การควบคุมในระบบบัญชีที่ใช้คอมพิวเตอร์การควบคุมในระบบบัญชีที่ใช้คอมพิวเตอร์

  2. Control Activities - I • Control Activitiesas related toFinancial Reportingmay be classified according to their intended uses in a system: • Preventive Controlsblock adverse events, such as errors or losses, from occurring • Detective Controlsdiscover the occurrence of adverse events such as operational inefficiency • Corrective controlsare designed to remedy problems discovered through detective controls • Security Measuresare intended to provide adequate safeguards over access to and use of assets and data records

  3. Control Activities - II • Control Activitiesrelating to Information Processingmay also be classified according to where they will be applied within the system • General controlsare those controls that pertain to all activities involving a firm’s AIS and assets • Application controlsrelate to specific accounting tasks or transactions • The overall trend seems to be going from specific application controls to more global general controls

  4. Control Activities - III • Performance Reviews • Comparing Budgets to Actual Values • Relating Different Sets of Data-Operating or Financial-to one another, together with Analyses of the relationships and Investigative and Corrective Actions • Reviewing Functional Performance such as a bank’s consumer loan manager’s review of reports by branch, region, and loan type for loan approvals and collections

  5. General Controls and Application Controls

  6. Introduction to Controls • Controls may relate to manual AISs, to computer-based AISs, or both • Controls may be grouped into General controls,Application controls, and Security measures • Controls may also be grouped in terms of risk aversion: Corrective, Preventive, and Detective Controls • These categories are intertwined and an appropriate balance is needed for an effective internal control structure

  7. By Setting General Application Input Processing Output By Risk Aversion Corrective Preventive Detective Control Classifications }

  8. General Controls General Controlspertain to all activities involving a firm’s AIS and resources (assets). They can be grouped as follows: • Organizational or Personnel Controls • Documentation Controls • Asset Accountability Controls • Management Practice Controls • Information Center Operations Controls • Authorization Controls • Access Controls

  9. Organizational or Personnel Controls - I • Organizational independence, which separates incompatible functions, is a central control objective when designing a system • Diligence of independent reviewers, including BOD, managers, and auditors (both internal and external) • In a manual system, authorization, record-keeping, and custodial functions must be kept separate. e.g., purchases, sales, cash handling, etc

  10. Organizational or Personnel Controls - II • Incomputer-based AISsthe major segregation isbetween thesystems developmenttasks, whichcreate systems, and thedata processing tasks, which operate systems • Within data processing, one may find segregation between separatecontrol (receiving & logging), data preparation (converting to machine readable form), computer operations, anddata library- batch processing • Other personnel controls include the two-week vacation rule

  11. Data Library Section Data Preparation Section Computer Operations User Departments Control Section Files Convert to machine readable media Receive and Log Process Data Inputs Files Outputs Log and Distribute Outputs To users (exception and summary report) Errors to be corrected Flow of Batched Data in Computer-Based Processing

  12. Online Files (or data library for removable disks and backups User Departments Computer Operations Data Inputs Batch Files Process Displayed Outputs Online Files Printed or Plotted Outputs Segregation of Functions in a Direct/Immediate Processing System

  13. Documentation Controls • Documentationconsists of procedures manuals and other means of describing the AIS and its operations, such as program flowcharts and organizational charts • In large firms, a data librarianis responsible for the control, storage, retention and distribution of documentation • Storing a copy of documentation in a fireproof vault, and having proper checkout procedures are other examples of documentation controls. • Use of CASEs

  14. Systems Standard Documentation • Systems development policy statements • Program testing policy statements • Computer operations policy statements • Security and disaster policy statements

  15. System Application Documentation • Computer system flowcharts • DFDs • Narratives • Input/output descriptions, including filled-in source documents • Formats of journals, ledgers, reports, and other outputs • Details concerning audit trails • Charts of accounts • File descriptions, including record layouts and data dictionaries • Error messages and formats • Error correction procedures • Control procedures

  16. Program Documentation • Program flowcharts, decision tables, data structure diagrams • Source program listings • Inputs, formats, and sample filled-in forms • Printouts of reports, listings, and other outputs • Operating instructions • Test data and testing procedures • Program change procedures • Error listings

  17. Data Documentation • Descriptions of data elements • Relationships of specific data elements to other data elements

  18. Operating Documentation • Performance instructions for executing computer programs • Required input/output files for specific programs • Setup procedures for certain programs • List of programmed halts, including related messages, and required operator actions for specific programs • Recovery and restart procedures for specific programs • Estimated run times of specific programs • Distribution of reports generated by specific programs

  19. User Documentation • Procedures for entering data on source documents • Checks of input data for accuracy and completeness • Formats and uses of reports • Possible error messages and correction procedures

  20. Examples of Asset Accountability Controls • Subsidiary ledgersprovide a cross-check on the accuracy of a control account • Reconciliationscompare values that have been computed independently • Acknowledgment procedurestransfer accountability of goods to a certain person • Logs and Registers help account for the status and use of assets • Reviews & Reassessments are used to re-evaluate measured asset values

  21. Management Practice Controls • Since management is responsible and thus “over” the internal control structure, they pose risks to a firm • General controls include: • Human resource Policies and Practices • Commitment to Competence • Planning Practices • Audit Practices • Management & Operational Controls • In a computerized AIS, management should instigate a policy for: • Controls over Changes to Systems • New System Development Procedures

  22. Examples of Computer Facility/Information Center Controls • Proper Supervision over computer operators • Preventive Diagnostic Programsto monitor hardware and software functions • A Disaster Recovery Planin the event of a man-made or natural catastrophe • Hardware controls such as Duplicate Circuitry, Fault ToleranceandScheduled Preventive Maintenance • Software checks such as a Label Checkand a Read-Write Check

  23. Application Controls • Application controlspertain directly to the transaction processing systems • The objectives of application controls are to ensure that all transactions are legitimately authorized and accurately recorded, classified, processed, and reported • Application controls are subdivided intoinput, processingandoutputcontrols

  24. Authorization Controls - I • Authorizations enforce management’s policies with respect to transactions flowing into the general ledger system • They have the objectives of assuring that: • Transactions are valid and proper • Outputs are not incorrect due to invalid inputs • Assets are better protected • Authorizations may be classified as general or specific

  25. Authorization Controls - II • A General authorization establishes the standard conditions for transaction approval and execution • A Specific authorization establishes specific criteria for particular sums, events, occurrences, etc • In manual and computerized batch processing systems, authorization is manifest through signatures, initials, stamps, and transaction documents • In on-line computerized systems, authorization is usually verified by the system. e.g., validation of inventory pricing by code numbers in a general ledger package

  26. Input Controls • Input Controls attempt to ensure the validity, accuracy, and completeness of the data entered into an AIS. • Input controls may be subdivided into: • Data Observation and Recording • Data Transcription (Batching and Converting) • Edit tests of Transaction Data • Transmission of Transaction Data

  27. Controls for Data Observation and Recording • The use of pre-numbered documents • Keeping blank forms underlock and key • Online computer systems offer the following features: • Menu screens • Preformatted screens • Using scanners that read bar codes or other preprinted documents to reduce input errors • Using feedback mechanisms such as a confirmation slip to approve a transaction • Using echo routines

  28. Data Transcription - I • Data Transcriptionrefers to the preparation of data for computerized processing and includes: • Carefully structured source documents and input screens • Batch control totalsthat help prevent the loss of transactions and the erroneous posting of transaction data • The use of Batch control logs in the batch control section • Amount control total totals the values in an amount or quantity field • Hash total totals the values in an identification field • Record count totals the number of source documents (transactions) in a batch

  29. Data Transcription - II(Conversion of Transaction Data) • Key Verification which consists of re-keying data and comparing the results of the two-keying operations • Visual Verification which consists of comparing data from original source documents against converted data.

  30. Examples of Batch Control Totals • Financial Control Total- totals up dollar amounts (e.g., total of sales invoices) • Non-financial Control Total- computes non-dollar sums (e.g., number of hours worked by employees) • Record Count- totals the number of source documents once when batching transactions and then again when performing the data processing • Hash Total- a sum that is meaningless except for internal control purposes (e.g., sum of customer account numbers)

  31. Definition and Purpose of Edit Tests • Edit Tests (programmed checks)are most often validation routines built into application software • The purpose of edit tests is to examine selected fields of input data and to reject those transactions whose data fields do not meet the pre-established standards of data quality

  32. Examples of Edit Tests (Programmed Checks) • Validity Check(e.g., M = male, F = female) • Limit Check(e.g., hours worked do not exceed 40 hours) • Reasonableness Check(e.g., increase in salary is reasonable compared to base salary) • Field Check(e.g., numbers do not appear in fields reserved for words) • Sequence Check(e.g., successive input data are in some prescribed order) • Range Check (e.g., particular fields fall within specified ranges - pay rates for hourly employees in a firm should fall between $8 and $20) • Relationship Check (logically related data elements are compatible - employee rated as “hourly” gets paid at a rate within the range of $8 and $20)

  33. Transmission of Transaction Data When data must be transmitted from the point of origin to the processing center and data communications facilities are used, the following checks should also be considered: • Echo Check- transmitting data back to the originating terminal for comparison with the transmitted data • Redundancy Data Check- transmitting additional data to aid in the verification process • Completeness Check- verifying that all required data have been entered and transmitted.

  34. Objectives of Processing Controls • Processing Controlshelp assure that data are processed accurately and completely, that no unauthorized transactions are included, that the proper files and programs are included, and that all transactions can be easily traced • Categories of processing controls include Manual Cross-checks, ProcessingLogic Checks, Run-to-Run Controls,File and Program Checks, and AuditTrail Linkages

  35. Examples of Processing Controls • Manual Cross-Checks- include checking the work of another employee, reconciliations and acknowledgments • Processing Logic Checks- many of the programmed edit checks, such as sequence checks and reasonableness checks (e.g., payroll records) used in the input stage, may also be employed during processing

  36. Examples of Processing Controls • Run-to-Run Totals- batched data should be controlled during processing runs so that no records are omitted or incorrectly inserted into a transaction file • File and Program Changes- to ensure that transactions are posted to the proper account, master files should be checked for correctness, and programs should be validated • Audit Trail Linkages- a clear audit trail is needed to enable individual transactions to be traced, to provide support in general ledger balances, to prepare financial reports and to correct transaction errors or lost data

  37. Output Controls • Outputs should be complete and reliable and should be distributed to the proper recipients • Two major types of output controls are: • validating processing results • regulating the distribution and use of printed output

  38. Validating/Reviewing Processing Results • Activity (or proof account)listings document processing activity and reflect changes made to master files • Because of the high volume of transactions, large companies may elect to reviewexception reportsthat highlight material changes in master files

  39. Regulating/Controlling Distribution of Printed Output • Reports should only be distributed to appropriate users by reference to an authorized distribution list • Sensitive reports should be shredded after use instead of discarding

  40. Control Purpose Control Stage Input Processing Output Application Controls Arranged by Two Classification Plans

More Related