Chapter 7

Systems work: basic ideas 1
Chapter 7
Use with The Audit Process 4th Edition
By Iain Gray & Stuart Manson ISBN 9781844806782
2008 Cengage Learning
Use with The Audit Process: Principles, Practice and Cases
LEARNING OBJECTIVES
After studying this chapter you should be
able to:
Explain the significance of the layers of
regulation and control.
Define internal control and explain the
significance of the control environment and
related components, and accounting and
quality assurance/control systems.

LEARNING OBJECTIVES CONT'D
Explain the nature and role of systems

development/maintenance controls and
describe the main features of these controls.

KEY POINTS p.249

External auditors make a preliminary assessment
of control risk for material financial statement
assertions, and plan and perform tests of control
to support that assessment.
A major objective of company systems is the
reduction of risk.

KEY POINTS p.251

Controls are designed to prevent, detect or correct
events the company does not wish to happen, and
to ensure that data and information are as required.
Basic elements of control in the internal environment
are:
(a) control environment and related components;
(b) accounting and quality assurance/control
systems.

Figure 7.2
Example of a matrix organizational chart

KEY POINTS p.266

Auditors obtain an understanding of accounting
system sufficient to identify and understand:
(a) major classes of transactions;
(b) how transactions are initiated;
(c) significant accounting records, supporting
documents and accounts;
(d) the accounting and financial reporting process.

KEY POINTS p.266 CONT'D

There are two broad control classifications:
(1) general controls over the environment in which
the company operates extension of the control
environment;
(2) application controls, to ensure an individual
application runs smoothly and accurately.

KEY POINTS p.267 CONT'D

General controls include:
(a) systems development/maintenance controls;
(b) organizational controls;
(c) security;
(d) quality assurance.

ACTIVITY 7.1
If you were responsible for deciding what your

organization expected from new recruits, what
would you be looking for and what would help
you decide?

Figure 7.3
Raw data to information

KEY POINTS pp.268270

If systems development/maintenance controls are
strong, it is easier to control individual applications.
Important elements are:
organizational structure to ensure high standards
during development.
documentation of development process,
complete enough to allow informed persons to
understand how the system works;
testing at critical stages;
agreement in writing
at each
stage;
Use with The Audit
Process 4 Edition
By Iain Gray &Principles,
Stuart Manson ISBN Practice
9781844806782 and Cases
Use with The Audit Process:
th

parallel developments, including staff training,
preparation of forms and file conversions;
a reliable system for reporting system
malfunctions after implementation;
steps to ensure unauthorized changes are not
made to programs;
Note
user
agreement
critical development
that
the sameat
principles
apply also topoints,
smaller
particularly
of process
user interfaces.
systems
but the
is truncated.

Figure 7.4
Programme for the development of computer

application in a large-scale system

Figure 7.4 CONTD

ACTIVITY 7.2
Make a note of the kind of controls that might

make it more likely that credit customers will pay
for goods or services received. Remember that
outstanding balances for such customers will be
included in the figure for trade debtors, normally
a material figure in the financial statements.

KEY POINTS p.266

The information/audit trail should be maintained,
allowing transactions to be traced forwards and
backwards through the system.

Figure 7.5
Information trail/audit trail flowchart

Figure 7.5 CONTD

ACTIVITY 7.3
Suggest how the development programme

shown in Figure 7.4 might be modified for a small
system, using bought-in software. When you are
doing this, remember that a small company will
rarely have qualified computer personnel inhouse.

ACTIVITY 7.4
Read carefully the description of the system
Horton Limited uses for controlling and recording
cash received from debtors, referring to Figure
7.5 as you do so. When you have done this, ask
yourself the following questions:
Would it be possible in your opinion for anyone
involved with the operation of the system to
misappropriate cash?

ACTIVITY 7.4 CONT'D

Consider arrangements for:
receipt of cash
banking of cash
the entry in the cash book
the preparation of the bank reconciliation
statement
the entry in the sales ledger account
the sending of the statement to the debtor (the
statement is a reminder of the amount due to
the company).

ACTIVITY 7.4 CONT'D
List the reasons why you think it would or would

not be possible for misappropriation to take
place.
Are there any further questions you would like to
ask as auditor?

Organizational controls include:

(a) organization charts;
(b) segregation of duties;
(c) authorization and approval;
(d) supervision controls.

ACTIVITY 7.5
How long do you think that the information/audit

trail should be maintained by the organization?

Figure 7.6
Organization chart

KEY POINTS p.278

Segregation of duties includes the segregation of:
(a) authorization of transactions;
(b) execution of transactions;
(c) custody of assets;
(d) recording of transactions and assets.

KEY POINTS pp.278279 CONT'D

In modern computer systems, segregation includes:
(a) operation of programs segregated from ability to
change them;
(b) alteration of master file data by responsible
officials;
Finally, where control is dependent on segregation
of duties within a particular function, management
allocates duties appropriately and instigates rotation
of duties within departments.
KEY POINTS p.280

Authorization and approval is closely linked to
segregation of duties to responsible persons, the
limitations on whose authority is specified.
Allocation of authority and responsibility is difficult
in modern computer systems, particularly where
many users share a single database.


Supervision controls are direct controls by
authorized officials over day-to-day transactions
and their recording, distinguished from
management controls, concerned with global or
overall supervision of the control environment.
If people work together collude segregation of
duties may be ineffective, making fraud difficult to
detect. Measures to ensure that directors and other
employees act with integrity are important.


Security of information system assets is vital,
whether physical assets or software and data. The
company should have a security policy and identify
assets at risk and the likelihood of risks occurring.
Potential threats may be accidental or deliberate.
Security controls include:
(a) physical controls;
(b) controls over data.

KEY POINTS p.282

Physical controls include controls to reduce the
impact of:
(a) fire damage;
(b) water damage;
(c) energy variations or power failure;
(d) pollution;
(e) intrusion by unauthorized personnel.
KEY POINTS p.283

Controls over security of data include:
(a) restriction of access to data;
(b) information/audit trails;
(c) file and program libraries;
(d) holding data and programs in secure places
outside of the computer complex;
(e) use of grandfather, father, son (GFS) or file
dumping systems.
Figure 7.7
Organization chart

ACTIVITY 7.6
Would you consider that a companys sales

ledger would be vital to the continued existence
of the company?

ACTIVITY 7.7
Troston plc manufactures high quality specialist

equipment for use in dental hospitals and
practices. It maintains data for all personnel
employed on a master file held on hard disk. This
master file forms important input to the
companys payroll routine. The master file update
run is shown on the computer systems flowchart
in Figure 7.8.

ACTIVITY 7.7 CONT'D

The input to the run is as follows:
existing master file
new contracts of employment for joiners
termination notifications for leavers
agreed wage rate listings
agreed bonus rate listings (the bonus is
calculated on the difference between standard
and actual time for batches of components or
equipment assembled).

ACTIVITY 7.7 CONT'D

Output from the run is:
updated master file
hard copy of personnel files
hard copy of changes.
Suggest controls to ensure that the master file is
and remains complete and accurate.

Figure 7.8
Troston payroll master file update

Figure 7.8 CONTD

KEY POINTS p.287

Quality of information systems is often critical to an
organizations survival. Poor information systems
and inadequate user interfaces have an adverse
effect on staff morale and on the general
effectiveness of systems. The quality assurance
function is to ensure developed software meets
user needs, is reliable, easy to use, and efficient
in terms of resources and ease of maintenance.

ACTIVITY 7.8
Suggest general factors that might make a

quality assurance function effective.
How do you think that auditors should satisfy
themselves that the function is effective?


The function is also concerned that documentation
is clear and complete and that staff are effective.
Auditors consider effectiveness factors, including:
(a) support of top management;
(b) high status within the organization;
(c) adequate resources to perform the function
properly.
Auditors examine reports of the function, discuss its
work with major users and consider quality of staff.

CHAPTER SUMMARY
This chapter has concerned itself with:
The control environment and general aspects of
accounting and control systems internal to
organizations;
The struggle to achieve business objectives in the
face of an external environment that is often of
high risk;

CHAPTER SUMMARY CONT'D

Those general controls that have to be in place if
applications are to be, within reason, error-free;
The control environment and its components;
The importance of information/audit trails,
segregation of duties and other important control
features;
General controls over the internal environment.

FURTHER READING
The important ISA in the area is ISA 315,
Understanding the entity and its environment and
assessing the risks of material misstatement. You
may also refer to ISA 330 The auditors procedures
in response to assessed risks.
You may also refer to the revised Turnbull guidance
on internal control: www.frc.org.uk/documents/pagemanager.frc/Revised%20Turnbull%20Guidance
%20October%202005.pdf.


Chapter 7

Diunggah oleh

Informasi Dokumen

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Chapter 7

Diunggah oleh

Hak Cipta:

Format Tersedia

Systems work: basic ideas 1

Use with The Audit Process: Principles, Practice and Cases

Use with The Audit Process 4th Edition

Use with The Audit Process: Principles, Practice and Cases

LEARNING OBJECTIVES CONT'D

Explain the nature and role of systems

Use with The Audit Process 4th Edition

Use with The Audit Process: Principles, Practice and Cases

KEY POINTS p.249

Use with The Audit Process 4th Edition

Use with The Audit Process: Principles, Practice and Cases

KEY POINTS p.251

Use with The Audit Process 4th Edition

Use with The Audit Process: Principles, Practice and Cases

Example of a matrix organizational chart

Use with The Audit Process 4th Edition

Use with The Audit Process: Principles, Practice and Cases

KEY POINTS p.266

Use with The Audit Process 4th Edition

Use with The Audit Process: Principles, Practice and Cases

KEY POINTS p.266 CONT'D

Use with The Audit Process 4th Edition

Use with The Audit Process: Principles, Practice and Cases

KEY POINTS p.267 CONT'D

Use with The Audit Process 4th Edition

Use with The Audit Process: Principles, Practice and Cases

If you were responsible for deciding what your

Use with The Audit Process 4th Edition

Use with The Audit Process: Principles, Practice and Cases

Raw data to information

Use with The Audit Process 4th Edition

Use with The Audit Process: Principles, Practice and Cases

KEY POINTS pp.268270

KEY POINTS pp.268270

Use with The Audit Process 4th Edition

Use with The Audit Process: Principles, Practice and Cases

Programme for the development of computer

Use with The Audit Process 4th Edition

Use with The Audit Process: Principles, Practice and Cases

Figure 7.4 CONTD

Use with The Audit Process 4th Edition

Use with The Audit Process: Principles, Practice and Cases

Make a note of the kind of controls that might

Use with The Audit Process 4th Edition

Use with The Audit Process: Principles, Practice and Cases

KEY POINTS p.266

Use with The Audit Process 4th Edition

Use with The Audit Process: Principles, Practice and Cases

Information trail/audit trail flowchart

Use with The Audit Process 4th Edition

Use with The Audit Process: Principles, Practice and Cases

Figure 7.5 CONTD

Use with The Audit Process 4th Edition

Use with The Audit Process: Principles, Practice and Cases

Suggest how the development programme

Use with The Audit Process 4th Edition

Use with The Audit Process: Principles, Practice and Cases

Use with The Audit Process 4th Edition

Use with The Audit Process: Principles, Practice and Cases

ACTIVITY 7.4 CONT'D

Use with The Audit Process 4th Edition

Use with The Audit Process: Principles, Practice and Cases

ACTIVITY 7.4 CONT'D

List the reasons why you think it would or would