Hernandez, Janna-Marie Nicole L.IA05410Prof. Gil SoritaOctober 5, 2012

1. What are the three broad categories of application controls? Input Controls – Are designed to ensure that transactions are valid, accurate, and

complete. Processing Controls – Include computerized procedures for file updating and

restricting access to data. Depending on the level of computer technology in place, processing controls may also include physical manual tasks.

Output Controls – Ensure the system output is not lost, misdirected, or corrupted and that privacy is not violated.

2. What are the three categories of processing control? Run-to-Run Controls – Use batch figures to monitor the batch as it moves from one

programmed procedure (run) to another. These controls ensure that each run in the system processes the batch correctly and completely.

Operator Intervention Controls – It helps the system to limit the operator intervention thus it makes the system less prone to processing errors.

Audit Trail Controls – Every transaction must be traceable through each stage of processing from its economic source to its presentation in financial statements.

3. Name input controls and describe what they test. Source Document Controls – Careful control must be exercised over physical

source documents in the systems that use them to initiate transactions. Data Coding Controls – Checks on the integrity of data codes used in processing. Batch Controls – Reconcile output produced by the system with the input originally

entered into the system. Validation Controls – Intended to detect errors in transaction data before the data

are processed. Input Error Correction – Ensures that errors are dealt with completely and

correctly. Generalized Data Input System – Employs high degree of control and

standardization over input validation procedures.

4. What is meant by auditing around the computer versus auditing through the computer? Why is this so important?

Auditing around the computer is used by the auditors to evaluate and test the computer controls instilled by the company. It involves choosing randomly the source documents then verifying the respective outputs with the inputs. Nevertheless, no attempts are being made to establish and evaluate the existence of the controls. This type of auditing method is relevant in situations where significant computer controls are not required.

Auditing through the computer pronounces several steps that the auditors taken to evaluate the company’s software and hardware to determine the efficiency of certain operations and to test the effectiveness of other computer related controls. Ignoring such computer controls will affect the auditor’s insight on the effectiveness and reasonableness of the implemented internal controls.

Both of the auditing methods are important in their own respective way. These audit methods ensure the adequacies of the computer-related internal controls of the company as well as the efficiency of the operation incorporated with such controls. Furthermore, it gives the company an advantage to seek the possible lapses and improve it afterwards. Conducting the said methods facilitates the general improvement and maintenance of the whole IT system.

5. Classify each of the following as a field, record, or file interrogation: a. Limit check – field interrogationb. Validity check – field interrogationc. Version check – file interrogationd. Missing data check – field interrogatione. Sign checks – record interrogationf. Expiration date check – file interrogationg. Numeric-alphabetic data check – field interrogationh. Sequence check – record interrogationi. Zero-value check – field interrogationj. Header label check – file interrogationk. Range check – field interrogationl. Reasonableness check – record interrogation

6. What are the five major components of a GDIS? Generalized Validation Module – performs standard validation routines that are

common to any different applications. These routines are customized to an individual application’s needs through parameters that specify program’s specific requirements.

Validated Data File – Temporary holding file through which validated transactions flow to their respective applications.

Error File – Plays the same role as a traditional error file. Error records detected during validation are stored in the file, corrected, and then resubmitted to the generalized validation module.

Error Reports – Are distributed to users to facilitate error correction. The report will also present the contents of the failed record, along with the acceptable range limits taken from the parameters.

Transaction Log – Is a permanent record of all validated transactions.