ACCA P5考试：Application IT Controls
1. Application IT Controls
Application controls are specific to each such application. For example, controls over trade receivables will be very different from those over inventory of the payroll. The objectives of application controls, which may be manual or programmed, are to ensure that all transactions are valid, authorised, recorded and complete. There are four categories:
Master (standing data) file controls.
2. Input Controls
In evaluating input controls, it is necessary to consider how effective they are likely to be in minimising the following risks:
Entry of unauthorised data (e.g. "dummy" employees on the payroll or fictitious invoices).
Data entry that is not relevant to the application.
Incomplete data entry (e.g. not all cash sales are recorded, which enables dishonest staff to misappropriate cash).he cycle.
Input controls include:
Controls over access to the application typically using passwords.
Error reporting and batch handling
3. Processing Controls
Processing controls focus on the accurate processing of the data— what takes place "in the box". The processing controls should ensure that the following are avoided:
Inaccurate processing of transactions that may lead to wrong outputs or results (e.g. incorrect inventory balances or incorrect calculation of payroll taxes).
Incomplete processing of transactions.
Unauthorised changes to data.
Lack of audit trail.
Processing controls include data validation as well as controls over data processing:
Range or reasonableness checks
4. Output Controls
These controls are incorporated to ensure that computer output is complete, accurate and correctly distributed. It may be noted that weakness in processing may sometimes be compensated by strong controls over output. However, strong controls over input and processing can be completely undermined if output is uncontrolled. Reconciliations at the end of the output stage can provide very considerable assurance over the completeness and accuracy of input and processing.
5. Standing Data File Controls
Strong controls need to be put in place to ensure any changes to such data are valid.*
Controls will include:
Restricted access to the standing data.
Segregation of duties between those that process transactions and those that maintain standing data.
Documented authorisation of changes to standing data.
Periodic examination of the standing data and agreement to supporting records.