Information Technology Reference
In-Depth Information
into the system. These documents could contain control information such as receipt num-
bers, account numbers, and cost centre codes.
The IS auditor should have detailed information of these manual methods so that he is able
to assess what controls are used. Often errors might originate from these manual source
documents, and the IS auditor can recommend that changes be made to the source docu-
ments in order to eliminate persistent errors.
The IS auditor can interview managers and various users in order to ascertain what manual
methods exist in addition to performing walk-throughs, observations, and reviewing pro-
cedure documentation.
b) How does the application system ensure that input data is complete?
Input data can be captured from source documents which have similar data requirements
as on-screen forms. The application system input form can be designed in such a way that
it will only accept input data if all fields are filled in. If the form is submitted with some
fields not completed, the system will reject the form and send an error report or highlight
fields which are not complete.
The auditor can test such controls by performing a walk-through on a test server. Control
documentation can also be reviewed to determine how the controls operate. Where such
input controls do not exist, the IS auditor can recommend to management that appropriate
controls are designed and implemented.
c) How does the system ensure data accuracy?
Application systems use input controls such as validation checks to ensure that data being
captured is accurate. An example would be the use of date validation which will have an
embedded control with a date format such as dd/mm/yyyy. This control will ensure that
only data which is in date format is accepted. An additional control can be included which
will be used to check the input data for a specified range such as a date which falls in a
particular range like a year or month.
The IS auditor can collect evidence on data accuracy by performing data analytics on cap-
tured data. The IS auditor can extract data from the system and compare with data on source
documents. The IS auditor can also perform walk-throughs to test input controls.
d) What control procedures does the enterprise have in place for input authoriza-
tion?
The enterprise can use access controls to authorize users to input data into the system.
Authorisation can be granted based on particular types of input forms or data. For example
a user may be authorised to input cash transactions but cannot input invoices from suppli-
ers. Access control procedures are normally written for reference by users and administrat-
Search WWH ::




Custom Search