ELECTRONIC DATA PROCESSING (EDP)

burpfancyElectronics - Devices

Nov 8, 2013 (3 years and 11 months ago)

284 views


1

ELECTRONIC DATA PROCESSING (EDP)


I.

EDP TERMINOLOGY




A.
Communicating with the Computer




Source code
---------
> Compiler
---------
> Object code



Human languages




Machine languages





B.

Data Organization




Data hierarchy


Definition



E
xample







Bit



a 0 or a 1




0 or 1




Byte



a group of related bits


A, B, 1, 2





Field



a group of related bytes


name




Record



a group of related fields


name, SS#, rate




File



a group of related rec
ords


payroll for all










employees




Data Base




a group of related files


payroll and personnel





Data Base

--

A centralized set of interrelated files combined to reduce data redundancy
and enhance data consistency. The data base is a
ccessible to multiple authorized
users who utilize it in performing various applications e.g. payroll, general ledger update,
billing etc.



Example:

A bank may maintain a data base system for customers’ savings accounts
that includes the customers’ names
, addresses, account numbers, and the activity in
and balances of the savings accounts. From this data base, a variety of users can
extract information for different purposes. Tellers can use the data base to determine
whether or not a customer has suffi
cient funds for a withdrawal. The accounting
function can use the data base to compute interest payments. The marketing function
can use the data base to gather names and addresses for a marketing survey.



Data bases

can be hierarchical or networked, bu
t
by far

the most popular structure of
databases relational. Relational databases resemble spreadsheets, but allow
tremendous flexibility in manipulating the data. The underlying basis of all major
accounting software packages is now a relational databas
e.



Data Base Management System (DBMS)

-

a set of software programs which manages
(creates, accesses and maintains) the database.


2


Access controls are very important
and typically include restrictions on which fields
can be accessed by which users and/or

which machine locations.
Special attention
must be paid to back up procedures. A database administer is also an important
control in a database environment.


Data Base Administrator (DBA)

-

Maintains the 1) DBMS 2) data dictionary
-

which
defines the
data 3) controls over the DB and 4) Utility programs. When a DBA exists
the auditor must be aware of the
inherent violation of separation of duties.
The DBA
serves an important control mechanism in


C

Data Storage Mechanisms
--

TAPE

-

sequential access

-

batch processing

-

use when large data files


infrequently accessed need data


for extended time period
--
BACKUP

-

advantages


cheaper updating doesn’t destroy


data

-

disadvantage


must read entire file


up to desired record


DISK

-

random (dir
ect) access

-

OLRT processing

-

use when frequent access or rapid


retrieval needed rapid update needed


-

advantages


fast access less cumbersome


-

disadvantages


more expensive destructive


update


D.

Data Processing Methods


1.

Batch Processing

-

data is accumulated by type of transaction

(e.g. payroll or sales) and then it is both entered and processed

in batches at one time. The advantages of batch processing are

hard copy documentation and batch control totals/reference

numbers.





Key Data


Errors for Correction




Old




to Tape


and Reentry





Master












File















Validated



Process




Transaction


Validate



Transactio
n



and




File






File



Update











Sorted






Updated




Sort


Transaction





Master







File






File


Master file=

Transaction file =

3


2.

On
-
line Entry/Batch Pr
ocessing

-

individual transactions are

entered directly into the computer via terminal which allows them

to be subjected to certain edit or validation checks. A validated

transaction file is accumulated as the transactions are entered

and is later use
d to update the master file. Batch controls are still

used.




Entry of data & Receive Error/


Validation Messages








Trans
-






Validate


action


Periodic Master



Terminal


Transactions Fil
e


Processing



File






(and store)


(Validated)



3.

On
-
line Entry/On
-
line Processing

-

similar to #2 except the

master files are updated concurrently with data entry and a

transaction log (or register) is produced that consists of a

chronologi
cal record of all transactions.




Entry of data & Receive Error/


Validation Messages; Receive



Master Files/


Transaction Results




Database





















Immediate



Transaction



Terminal





Validation,




Log








Update &








Process

E.

Data Processing Configurations


1.

Stand alone mainframe, mini or microcomputer

2.

Networks
--
computers linked together to enhance individual and
group productivity through “
transmission media”
. Each
computer has a n
etwork interface card (hardware) which allows it
to “hookup” to the other computers.


a.

Networks facilitate sharing of data, processing and
resources between different users e.g. files, databases,
application programs, printers, scanners, tape backup
devi
ces, etc. They are sometimes called
distributed
processing systems.

However distributed processing
systems can also imply a traditional mainframe computer
hooked up to a series of small computers. Regardless,
LANs and distributed systems reduce the loa
d on the main
computer by transferring certain edit and processing
functions to the users in remote sites. Networks can be
either Local Area Networks (LANs) or Wide Area Networks
(WANs). Both kinds of networks can carry either voice or
data.


4

i.

LOCAL ARE
A NETWORK

(LAN)

-

a configuration of
microcomputers located in a close physical relationship
which facilitates high speed communication and
information sharing between them. In a LAN, the
machines are connected by cables (typically coaxial,
copper or fib
er optic). A dedicated high
-
speed, high
-
capacity microcomputer (called a server) allows the
linked computers to access the same data, software,
and peripheral equipment simultaneously, as well as
communicate with each other.


ii.

WANs
--

cover larger geogr
aphical distances and can
be private (e.g. a particular company’s

called an
Intranet or Extranet) or public (e.g. the Internet). In a
WAN, the machines are typically connected by phone
lines, but satellites or microwaves can also be used.



The Internet a
nd Electronic Commerce


What is electronic commerce? Broadly defined, it is any business activity taking place using electronic
communication software. It describes all types of business transactions, including internal business
functions, business
-
to
-
bu
siness transactions, and business
-
to
-
consumer exchanges. Compared to
traditional methods of doing business, on
-
line, transaction
-
oriented communication offers numerous and
significant benefits. Enhanced productivity, better service, worldwide 24 hour av
ailability, fast access to a

wide range of useful information, and the ability of a small business to compete with a much larger business

are just a few.


The financial impact of continuing growth is significant



The popularity and functionality of

the Internet is growing daily. Depending on whose numbers you
believe, there are between 25 or 80 million people using the Internet. By the year 2000 it is predicted that
200 million users will be connected via the Internet. If the growth continues as
most Internet service
providers (ISPs) predict, by 2010 a billion people will be on
-
line.


The financial impact of this growth is significant. Analysts suggest that the entire Internet market will
swell to over $150 billion by the year 2000. While
consumer purchasing is expected to mushroom, business
user will account for the lion’s share of Web commerce. The forecast for Internet commerce by consumers is
projected to grow from $730 million in 1996 to $20 billion in 2000, while business sales on th
e Internet will
grow form $120 million to $134 billion.


The impact of electronic commerce extends well beyond the Internet. Simply put, electronic commerce
takes much of the complexity out of everyday business interactions. It reduces lead times,
enhances
productivity, and saves money, giving new meaning to the “faster, better, cheaper” model that has become
the underlying principle of today’s global business arena. The use of Internet
-
based applications also has
created a range of customer self
-
s
ervice activities that were not possible via traditional customer/supplier
interactions. Buyers can check product availability and inventory levels, place orders, and determine the
status of their orders any time of the day or night.


On
-
line security is
now at its highest level in history


One element keeping electronic commerce from being readily accepted is the concern over transaction and
information security. The issue of security has been extensively addressed through the application of new
technol
ogies, firewalls, decentralized systems, and encryption techniques. As a result, on
-
line security is at
its highest level in history. You’re probably safer placing a credit card transaction over the Internet than
handing your credit card to a complete st
ranger in a restaurant and asking the person to total your bill with it.


From: Strategies by Shenck & Associates




5

II.

COMMON FLOWCHARTING SYMBOLS


Document

This can be a manual form or a
computer prin
tout




Computer Operation

Computer process which transforms
input data into useful information



Manual Operation

Manual (human) process to prepare
documents, make entries, check
output, etc.




Decision

Determines which alternative path is
followed (I
F/THEN/ELSE
Conditions)


Input/Output

General input or output to a process.
Often used to represent accounting
journals and ledgers on document
flowcharts.


On
-
line Storage

Refers to direct access computer
storage connected directly to the
CPU. Data is

available on a random
access basis.


Off
-
line Storage

Refers to a file or indicates the
mailing of a document, i.e., invoices
or statements to customers. A letter
in the symbol below the line
indicated the order in which the file
is stored. (N
-
Numerical
,


C
-
Chronological, A
-
Alphabetical)




D=Date C/N Customer number



On
-
Page Connector

Connects parts of flowchart on the
same page.



Off
-
Page Connector

Connects parts of flowchart on
separate pages.



The greatest good you can do for another is not just to
share your riches, but to reveal to him his own.


Benj
amin Disraeli


6



Transmission line for


data to computer





Display

Visual display of data and/or output
on a terminal screen.




Batch Total Tape

Manually computed total before
processing (such as the number of
records to be processed). This total
is recomputed by the computer and
compared after processing is

completed.



Magnetic Tape

Used for reading, writing, or storage
on sequential storage media.



Magnetic Disk

Random access storage media used
for reading, writing, or storage.



Annotation

Provides additional description or
information connected to s
ymbol to
which it annotates by a dotted line
(not a flowline).



Flowline

Shows direction of data flow,
operations, and documents.



Manual Data Entry

Refers to data entered through a
terminal keyboard or key
-
to
-
tape or
key
-
to
-
disk device.
Sometimes
th
ey just use the manual
operation symbol.



Communication Link

Telecommunication line linking
computer system to remote
locations.



7

Items 1 through 3 are based on the following section of a system flowchart for a payroll

application.


BATCHED

TIME CARDS



A





TIME






BATCHED


CARD






TIME CARDS


DATA















B







TIME



VALID









CARD


TIME CARD


ERRORS



C





DATA



DATA













1.

Symbol A could represent


a. Computation of gross pay.

c.

Preparation of paychecks.


b. Input of payroll data.

d. Verification of pay rates.


2.

Symbol B could represent


a. Computation of net pay.


b. Separation of erroneous time cards.


c. Validation of payroll data.


d. Preparation of the payroll regist
er.


3.

Symbol C could represent


a. Batched time cards.

c. Erroneous time cards.


b. Unclaimed payroll checks.

d. An error report.

Nothing gives one person so much advantage over another as
to remain cool and unruffled under all circumstances.

Thomas Jefferson


8

4. Which of the following symbolic


representations indicates that new



payroll transactions and the old payroll


file have been used to prepare payroll


checks, prepare a printed payroll


journal, and generate a new payroll


file?


a.












b.













c.












d.

Item 5 is based on the following flowchart:



Sales Credit X


Invoices Memos





Input

Input


Data Data



Trans
-


actions


File




Master

Computer


File Update Run







Updated Transaction Exception


Master Register Reporting



File



5. In a credit sales and cash receipts system


flowchart symbol X could represent


a. Auditor’s test data.


b. Remittance advices.


c. Error reports.


d. Credit authorization forms.




9

Items 6 and 7 are based on the

following flowchart of a clients revenue cycle:




6.

Symbol A most likely represents

a.

remittance advice file.

b.

Receiving report file.

c.

Accounts receivable master file.

d.

Cash disbursements transaction file.


7.

Symbol B most likely represents

a.

Customer orders.

b.

Rec
eiving reports.

c.

Customer checks.

d.

Sales invoices.


BIG ROCKS

One day an expert was speaking to a group of business students and, to drive home a point, used an illustration
those students will never forget. As this man stood in front of the group of high
-
p
owered overachievers he said,
"Okay, time for a quiz." Then he pulled out a one
-
gallon, wide
-
mouthed mason jar and set it on a table in front of
him. Then he produced about a dozen fist
-
sized rocks and carefully placed them, one at a time, into the jar.
When
the jar was filled to the top and no more rocks would fit inside, he asked, "Is this jar full?" Everyone in the class
said, "Yes." Then he said, "Really?" He reached under the table and pulled out a bucket of gravel. Then he dumped
some gravel in an
d shook the jar causing pieces of gravel to work themselves down into the spaces between the big
rocks. Then he asked the group once more, "Is the jar full?" By this time the class was onto him. "Probably not,"
one of them answered. "Good!" he replied.
He reached under the table and brought out a bucket of sand. He
started dumping the sand in and it went into all the spaces left between the rocks and the gravel. Once more he
asked the question, "Is this jar full?" "No!" the class shouted. Once again he
said, "Good!" Then he grabbed a
pitcher of water and began to pour it in until the jar was filled to the brim. Then he looked up at the class and asked,

"What is the point of this illustration?" One eager beaver raised his hand and said, "The point is, no

matter how
full your schedule is, if you try really hard, you can always fit some more things into it!" "No," the speaker replied,
"that's not the point. The truth this illustration teaches us is: If you don't put the big rocks in first, you'll never get

them in at all." What are the 'big rocks' in your life? A project that YOU want to accomplish? Time with your loved
ones? Your faith, your education, your finances? A cause? Teaching or mentoring others? Remember to put these
BIG ROCKS in first or you'll

never get them in at all.
---

So, tonight or in the morning when you are reflecting on
this short story, ask yourself this question: What are the 'big rocks' in my life or business? Then, put those in your
jar first.




10

SOME ACCOUNTING JOKES


What's the d
efinition of an accountant? Someone who solves a problem you didn't know you had in a way
you don't understand.


What's the definition of a good tax accountant? Someone who has a loophole named after him.


What's an auditor? Someone who arrives after the

battle and bayonets all the wounded.


An accountant is having a hard time sleeping and goes to see his doctor. "Doctor, I just can't get to sleep
at night." "Have you tried counting sheep?" "That's the problem
-
I make a mistake and spend three hours
tryin
g to find it."

*****************************************************************************

A fellow has been learning to be a balloonist and takes his first solo flight. Unfortunately the wind gets
up, he is blown off course and forced to land. He is in

a paddock close to a road, but has no idea where
he is.


He sees a car coming along the road and hails it. The driver gets out and the balloonist says, "G'day
mate, can you tell me where I am?” "Yes, of course." says the motorist. "You have just landed y
our
balloon and with this wind you have obviously been blown off course. You are in the top paddock on John
Dawson's farm, 13.5 kilometers from Condobolin. John will be ploughing the paddock next week and
sowing wheat. There is a bull in the paddock. It's
behind you and about to attack you." At that moment
the bull reaches the balloonist and tosses him over the fence. Luckily he is unhurt. He gets up, dusts
himself off and says to the motorist, "I see you're an accountant!".


"Good grief", says the other m
an, "you're right. How did you know that?" "I employ accountants," says
the balloonist. "The information you gave me was detailed, precise and accurate. Most of all it was
useless and arrived far too late to be of any help."

******************************
************************************************

A business man was interviewing applicants for the position of divisional manager. He devised a simple
test to select the most suitable person for the job. He asked each applicant the question, "What is two
and two?"


The first interviewee was a journalist. He answered "Twenty
-
two".


The second applicant was an engineer. He pulled out a slide
-
rule and showed the answer to be between
3.999 and 4.001.


The next person was a lawyer. He stated that in the case

of Jenkins vs. Commissioner of Stamp Duties
(Qld), two and two was proven to be four.


The last applicant was an accountant. The business man asked him, "How much is two and two?" The
accountant got up from his chair, went over and closed the door, then
came back and sat down. He
leaned across the desk and said in a low voice, "How much do you want it to be?"


The accountant got the job.











Number 2 (Estimated time
-

15 to 25 minutes)



11


Required:

The flowchart on the following page depicts part o
f a revenue cycle. Some of the flowchart symbols are labeled to
indicate control procedures and records. For each symbol numbered 1 through 13, select one response from the
answer lists below. Each response in the lists may be selected once or
not
at a
ll.


Answer Lists


Operations and control procedures


A.

Enter shipping data

B.

Verify agreement of sales order and shipping document

C.

Write off accounts receivable

1.


D.

To warehouse and shipping department

2.


E.

Authorize account receivable write
-
off

3.


F.

Prepare aged trial balance

4.


G.

To sales department

5.


H.

Release goods for shipment

6.


I.

To accounts receivable department

7.


J.

Enter price data

8.


K.

Determine that customer exists

9.



L.

Match customer purchase order with sales order

10
.



M.

Perform customer credit check

11


N.

Prepare sales journal

12


O.

Prepare sales invoice

13



Documents, journals, ledgers, and files


P.

Shipping document

Q.

General ledger
master
file

R.

General journal

S.

Master price file

T.

Sales journal

U.

Sale
s invoice

V.

Cash receipts journal

W.

Uncollectible accounts file

X.

Shipping file

Y.

Aged trial balance

Z.

Open order file




You can’t stay mad at

somebody who makes you laugh.

Jay Leno


12

CPA FLOWCHART

Customer
Purchase
Order
Customer
Purchase
Order
#3
Customer P.O.
Sales Order
Sales Order
COMPUTERIZED
ORDER PROGRAM:
#1

and perform edi t
checks and prepare sal es
order
COMPUTERIZED
SHIPPING PROGRAM:
Retri eve Open Orders; Add
Shippi ng Data; Transfer to
Shippi ng Fi le; and Prepare
Shippi ng Documents
From
Computer
Processing
Dept.
Sales Order
Sales Order
Sales Order
Sales Order
COMPUTERIZED UPDATE
PROGRAM:
Update master fi les: Prepare
G/L Transacti on Summary,
Prepare Accounts Recei vable
Ledger, Prepare Aged T/B,
and
#11
COMPUTERIZED
BILLING PROGRAM:
Retri eve Shippi ng Data;
Enter Pri ce Data;
Prepare Sal es
Transaction Fil e; and
#7
To
Warehouse
and Shi pping
Dept.
Shipping Doc.
Shipping
Document
#4
#5
Sales Order
Shipping Doc.
Shipping
Document
From
Customer
Cust.
Credit
File
#2
1
2
3
3
1
2
Accounts
Rec.
Master
File
Shipping
File
#6
To
Customer
General Ledger
Transaction
Summary
#12
Accounts
Receivable
Ledger
#13
#8
1
2
To
Customer
#9
To
Accounting
To
Accounting
To
Accounts
Receivable
To Customer
Credit
1
2
3
To
Customer
with
Goods
Transmit
Shippi ng
Informati on to
Computer
Inventory
Master
File
#10
Sales
Trans-
action
File
Transmit
Customer
Data to
Computer
SALES DEPT.
COMPUTER
PROCESSING
DEPARTMENT
WAREHOUSE &
SHIPPING
DEPARTMENT
1
2
NOVEMBER
1993










If you want to lead the orchestra you must
be willing to turn your back on the crowd.




Max Lucado


13

DESCRIPTION OF BATCH PROCESSING SYSTEM FOR A PAYROLL APPLICATION


Preparing the Payroll.

Figure 1

illustrates typical controls in a basic system for preparing the payroll in the
payroll and EDP departments. On receipt of the clock cards and time tickets in the payroll department, the
documents are batched and a batch total is prepared of hours worked
. The documents and a batch transmittal form
are then sent to data control in the EDP department. Data control verifies the information on the batch transmittal
form, enters the batch totals in a control log, and forwards the data to data entry where it
is keyed to tape and
verified. The resulting payroll transactions tape is then used in preparing the payroll.

In run 1, the payroll transactions are sorted by employee number and the data are subjected to an edit check
routine. This includes a check for
valid employee number and a limit or reasonableness check on the hours worked.
The output of this run consists of a valid payroll transactions tape and an exceptions and control report that is sent to
data control. Data control compares the control total
s with the batch control log, informs the payroll department of
exceptions discovered by the edit routine, and follows up to see that payroll submits corrected data. These controls
over the data entry process preceding the calculation of the payroll contr
ibute to the existence or occurrence,
completeness, and valuation or allocation assertions for payroll transactions.

In the system shown in Figure 1, the calculation of the payroll and the preparation of the payroll register and
payroll checks occur in run

2. The program uses data from the valid payroll transactions tape and the personnel data
and employee earnings master files. This run also records the payroll as described in the next section.


Recording the Payroll.

As the gross pay, deductions, and ne
t pay are calculated in run 2 for each employee,
the program updates the employee earnings master file, and accumulates totals for the payroll journal entry that is
generated and entered in the general ledger master file at the conclusion of the run. The
following printed outputs of
this run are sent to data control:


*

An exceptions and control report that is reviewed by data control before distributing the other printed
output.

*

A copy of the payroll register that is returned along with the clock cards and
time tickets to the payroll
department for comparison with the original batch transmittal data.

*

A second copy of the payroll register and prenumbered payroll checks that are sent to the treasurer's office.

*

A general ledger summary that is sent to accountin
g showing the payroll entry generated by the payroll
program.



Remember one thing about democracy. We can have
anything we want and at the same time, we always end
up with exactly what we deserve.

Edward Albee


14

Time Tickets
Time Tickets
Assemble in
Batches and
Prepare Batch
Totals
Clock Cards
Batch Transmittal
Form
Receive,
Verify and
Log Batch
Totals
Clock Cards
Control Total Log
Log and
Compare
Totals
Distribute
Output
Time Tickets
Clock Cards
Batch Transmittal
Form
Payroll
Trans-
actions
Exceptions and
Control Report
Valid
Payroll
Trans-
actions
Process Personnel
Change Data
Enter
Personnel
Authorization
Changes
Auth. Change
Authorization
Change
Auth. Change
Authorization
Change
Gen. Ledger
Summary
Payroll Checks
Payroll Register
Payroll Register
Exception and
Control Report
Personnel Data
Change Log
Distribute
Change
Log
From
Time-
Keeping
Key to Tape
and Verify
Employee
Earnings
Master
File
General
Ledger
Master
File
Run 1
Sort and Edit
Run 2
Prepare and
Record Payroll
Personnel
Data
Master
File
1
2
1
2
A
To
Payroll
1
2
PAYROLL
DEPARTMENT
DATA CONTROL
DATA ENTRY
C
OMPUTER
OPERATIONS
PERSONNEL
DEPARTMENT
EDP
FIGURE 1
EXAMPLE OF BATCH PROCESSING SYSTEM FOR A PAYROLL
APPLICATION










15

CPA ESSAY QUESTIONS ON PAYROLL INPUT CONTROLS


Talbert Corporation hired an independent computer programmer to develop a simplified payroll application
for its
newly purchased computer. The programmer developed an on
-
line, data
-
based micro
-
computer system the
minimized the level of knowledge required by the operator. It was based upon typing answers to input cues that
appeared on the terminal's viewing
screen, examples of which follow.


A.

Access routine:


5.

Single or married?


1.

Operator access number to payroll file?


6.

Number of dependents?


2.

An there new employees?


7.

Account distribution?


B.

New employees routine:

C. Current payroll rout
ine:


1.

Employee name?


1. Employee number?


2.

Employee number?


2. Regular hours worked?


3.

Social/security/number?


3. Overtime hours worked?


4.

Rate per hour?


4. Total employee per payroll period?


The independent auditor is attemp
ting to verify that certain input validation (edit) checks exist to ensure that
errors resulting from omissions, invalid entries, or other inaccuracies will be detected during the typing of answers to
the input cues. Identify the various types of input va
lidation (edit) checks the independent auditor would expect to
find in the EDP system. Describe the assurances provided by each identified validation check. Do not discuss the
review and evaluation of these controls.


Answer
--

The following edit checks
might be used to detect errors during the typing of answers to the input cues:

*

Password
--

ensures that the operator is authorized to access computer programs and files.

*

Numeric check
--

ensures that numbers are entered into and accepted by the system whe
re only
numbers are required to be entered, e.g., numbers 0
-
9 in social security number.

*

Alphabetic check ensures that letters are entered into and accepted by the system where only letters
are required to be entered, e.g., letters A
-
Z in employee name.

*

Sp
ecial Character check ensures that only specific special characters are entered into and accepted
by the system where only these special characters are required to be entered e.g., dashes between numbers
in social security number.

*

Sign checks
--

ensures th
at positive or negative signs are entered into and accepted by the system
where only such signs are required to be entered, e.g., hours worked.

*

Arithmetic check
--

ensures the validity of the result of a mathematical computation, e.g., total
employees for
period equals number of employee numbers in system.

*

Validity checks
--

ensures that only authorized data codes will be entered into and accepted by the
system where only such authorized data codes are required. e.g., authorized employee account numbers.

*

Li
mit (reasonableness) checks
--

ensures that only data within predetermined limits will be entered
into and accepted by the system, e.g., rate per hour cannot be lower than the minimum set by law or higher
than the maximum set by management.

*

Self checking d
igit
--

ensures that only specific code numbers prepared by using a specific
arithmetic operation will be entered into and accepted by the system, e.g., employee numbers generated by
the modules method with prime number weighting.

*

Size check
--
ensures tha
t only data using fixed or defined field lengths will be entered into and
accepted by the systems e.g., number of dependents requires exactly two digits.

*

Data check
--
ensures that no blanks will be entered into and accepted by the system when data
should be

present e.g., an “S” or “M” is entered in response to single or married.

*

Overflow check ensures that no digits are dropped if a number becomes too large for a variable
during processing, e.g., hourly rate "on size errors" are detected.

*

Control Total chec
ks
--
ensures that no unauthorized changes are made to specified data or data
fields and all data have been entered.

Nothing increa
ses your golf score like witnesses.

Bits ’n Pieces


16

FIGURE 2

REVENUE FLOWCHART

Customer's
Order
Enter
Order
Data
ORDER PROGRAM
Perform Edit and
Credit Checks;
Print Sales Orders
From
Warehouse
Customer Order
Sales Order
Sales Order
Sales Order
Sales
Orders
Release
Goods to
Shipping
Sales Order
Sales
Order
To
Shipping
with
Goods
MASTER FILE
UPDATE PROGRAM
Update Master Files;
Print Sales Journal and
General Ledger
Transaction Summary
SHIPPING PROGRAM
Retrieve Open Orders;
Add Shipping Data;
Transfer to Shipping File;
Print Shipping Documents
BILLING PROGRAM
Retrieve Shipped Order
Data;
Prepare Invoice;
Accumulate
and Compare Batch
Total;
Enter in Sales Transactions
File; Print Invoices
Sales Journal
General Ledger
Transaction
Summary
Sales Invoice
Sales
Invoice
Check Agreement
of Goods and
Sales Order
Enter
Shipping
Date
Shipping Doc.
Sales Order
Shipping Doc.
Shipping Doc.
Shipping
Document
Prepare
Batch
Total
Enter Batch
Total; Prepare
Billing
Sales Order
Shipping
Document
1
2
3
4
2
3
Accts.
Rec.
Master
File
Inventory
Master
File
General
Ledger
Master
File
Open
Order
File
Master
Price
File
Shipping
File
Sales
Trans.
File
1
2
1
2
3
2
4
3
2
To Customer
N
N
To Accounting
To Customer
N
N
SALES ORDER
EDP
SHIPPING
BILLING
WAREHOUSE
EXAMPLE OF ON-LINE ENTRY/BATCH PROCESSING FOR A REVENUE APPLICATION

17

DESCRIPTION OF ON
-
LINE ENTRY/BATCH PROCESSING FOR REVENUE APPLICATION


Figure 2

show
s a flowchart of an on
-
line batch entry processing system that incorporates most of the
controls discussed in the preceding sections.

In the illustrated system, as orders are received sales order clerks use on
-
line terminals and an order
program to determi
ne that the customer has been approved, and that the order will not cause the customer's
balance to exceed the customer's authorized credit limit. The program also checks the inventory master file to
determine that goods are on hand to fill the order. If

the order is accepted, the computer enters it into an open
order file and a multicopy sales order form is produced on a printer in the sales order department. When an
order is, not accepted, a message is displayed on the terminal indicating the reason fo
r rejection.

Copies of the approved sales order are forwarded to the warehouse as authorization to release goods
to shipping. In shipping, personnel first makes an independent check on agreement of the goods received
with the accompanying sales order form
. They then use their on
-
line terminals and a shipping program to
retrieve the corresponding sales order from the open order file and add appropriate shipping data. Next the
computer transfers the transaction from the open order file to a shipping file a
nd produces a shipping
document on the printer in the shipping department.

As matching shipping documents and sales order forms are received in the billing department, they are
batched and batch totals are manually compared. Using their on
-
line terminals
and a billing program, billing
department personnel first enter the manually prepared batch totals. Next the previously entered order and
shipping data for each transaction is retrieved from the shipping file and a sales invoice is generated using
prices
from the master price file. As each billing is completed, the computer enters it into a sales transactions
file. After all the transactions in a batch have been processed in this manner, the billing program compares a
computer generated batch total with
the manual batch total previously entered by the billing clerk.
Discrepancies are displayed on the terminal and corrected by the billing clerks before processing continues.
Finally, sales invoices for the batch are printed in the EDP department and distri
buted as shown in the
flowchart.

The recording of sales transactions is completed at the end of each day when the EDP department
runs the master file update program. As shown, this program updates three master files and produces a sales
journal and genera
l ledger transaction summary which are sent to accounting. The use of a separate program
to produce monthly customer statements is not shown in the flowchart.



Each of us is given a pocketful of time to spend
howeve
r we may. We use what we will. We waste
what we will. But we can never get back a day.

Roger Wilcox



18

DESCRIPTION OF AN ONLINE ENTRY/BATCH PROCESSING

SYSTEM FOR AN EXPENDITURE APPLICATION


A f
lowchart of a representative system for processing purchases transactions is shown in Figure 3. In
this system, purchase orders are prepared in the purchasing department using on
-
line terminals. Multicopy
purchase orders are printed and distributed as sh
own in the figure. In addition, an open purchase order file is
maintained on the computer.

When goods arrive in the receiving department, a copy of the matching purchase order is pulled from
the file. The goods are then counted, inspected and compared ag
ainst the copy of the purchase order. Next,
receiving clerks use their computer terminals to retrieve the computer record of the purchase order from the
open purchase order file. After a clerk keys in the quantities received on an order, the computer pro
duces a
multi
-
copy receiving report and transfers the record from the open purchase order file to the receiving report
file. The copies of the receiving report are distributed as shown in the flowchart.

Copies of the purchase order and receiving report fo
r each transaction are placed in a holding file in
the vouchers payable department pending arrival of the matching vendor’s invoice. Once the vendor’s invoice
arrives, a vouchers payable clerk checks the mathematical accuracy and compares it with the purc
hase order
and receiving report. Batches of approved matched documents are assembled and a batch total is calculated
manually. Data keyed in from the vendors’ invoices, together with matching data extracted by the computer
from the receiving report file,

are then used to create a record for each voucher in the purchases transactions
file. The vouchers and a voucher summary are then printed. The voucher summary is compared with the
manual batch total in vouchers payable and any differences are resolved.

The summary is then forwarded to
accounting . The vouchers are collated with the supporting documents and placed in a file by due date in the
vouchers payable department.

The purchases transactions file is subsequently used to update the accounts payabl
e, inventory and
general ledger master files. Outputs of that run include a voucher register listing the newly processed
vouchers, and a general ledger summary showing the totals posted to the general ledger accounts. These
printouts are forwarded to acc
ounting where they are reviewed on a daily basis and reconciled with the
voucher summaries received from vouchers payable.

On their due dates approved vouchers are manually pulled from the unpaid voucher file in the vouchers
payable department and a batch
total is prepared. In the system shown, as clerks key in each voucher
number, the cash disbursements program is used to prepare a check based on information in the accounts
payable master file. In addition, the program enters the payment data in a cash d
isbursement transaction file
and produces a check summary which is compared with the batch total prepared in V/P. The checks, check
summary, and vouchers are then forwarded to the treasurer’s department.

In the treasurer’s department, an independent check

is made to determine the existence of an
approved voucher for each check. Also the payee’s name and check amount are agreed with the voucher.
The supporting documents for each voucher are then stamped “paid”, and the check is signed and mailed with
the
remittance advice. A copy of the check is attached to the voucher and filed in the paid voucher file. The
check summary and copies of all the checks are sent to accounting. The cash disbursements update program
is then used to update the accounts payabl
e and general ledger master files based on data in the cash
disbursements transaction file. This program also produces the cash disbursement journal and a general
ledger summary showing the totals posted to general ledger accounts. These are forwarded fr
om EDP to the
accounting department where they are compared with the check summary received from the treasurer.



The perfection of the means and the confusion of the end

is the characteristic that marks our time.










--
Einstein








(Some things ne
ver change!!!)


19


FIGURE 3
--

EXPENDITURE CYCLE


Approved
Purchase
Requisition
Enter
Purchase
Order Data
Requisition
Purchase Order
Purchase Order
Purchase Order
Purchase Order
Purchase
Order
Enter
Receiving
Data
Inspect and
Count
Goods;
Compare to
P. O.
Purchase
Order
Purchase Order
Receiving Report
Receiving Report
Receiving
Report
From
Purchasing
Purchase Order
Receiving
Report
From
Receiving
Remittance Advice
Vendor's
Invoice
File Pending
Arrival of all
Documents
From
Stores
1
2
3
4
5
1
N
N
1
2
3
2
A
From
Vendor
Match
Documents;
Check Accuracy
of Invoice
;
Code;
Approve; Prepare
Batch Total
Enter Voucher
Data and Verif y
Batch Total
Purchase Order
Receiving
Report
Remittance Advice
Vendor's Invoice
1
3
Batch
Total
Voucher
Voucher
Summary
D
Voucher
Program
Receiving
Program
Purchase
Order
Program
Purchases
Trans-
actions
File
Receiving
Report
File
Open
Purchases
Order File
To Vendor
To
Receiv-
ing
To
Vouchers
Payable
To
Stores
N
From
Purchasing
To
Vouchers
Payable
To Stores with Goods
To Accounting
Accounts
Payable
Update
Program
General Ledger
Summary
Voucher
Register
Inventory
Master
File
Accounts
Payable
Master
File
General
Ledger
Master
File
To Accounting
2
EDP
3
1
PURCHASING
RECEIVING
VOUCHERS PAYABLE
Pull Approved
Vouchers on
Due Date and
Prepare Batch
Total
Enter Voucher
Data and Verif y
Agreement with
Batch Total
Review
Vouchers;
Verif y Accuracy
of Checks and
Summary
Stamp Docu-
ments Paid;
Sign and Mail
Checks
Remittance Advice
Check
Check
Check
Summary
Batch
Total
Purchase Order
Receiving Report
Remittance Advice
Vendor's Invoice
Approved
Voucher
Check
Check
Check
Check
Summary
Cash
Disbursements
Program
Cash
Disburse-
ments Update
Program
G/L Summary
Cash
Disbursements
Journal
Check
Voucher and
Supporting
Documents
D
Unpaid
Voucher
File
1
3
1
2
3
Cash
Disburs.
Trans. File
Accounts
Payable
Master
File
General
Ledger
Master
File
To Accounting
2
1
3
A
Paid
Voucher
File
To Vendor
To Accounting
EDP
VOUCHERS PAYABLE
TREASURER
File Pending
Arrival of
Goods
Copy Three Signed
and Returned; Filed
with P.O.
Unpaid
Voucher File
During our computer class, the teacher chastised one boy for talking to the girl sitting next to
him. “I was just asking her a question,” the boy said.

“If you have a question, ask me,” the teacher tersely replied. “Okay,” he answered. “ Do you
want to go out with me Friday night?”

-
Contributed by Tracy Maxwell


20

EXAMPLE OF A DATA BASE FOR THE EXPENDITURE CYCLE



Vendor Record

Vendor

number

Vendor

name

Vendor
address

Payment
terms

Current
balance

Quality
code

Reliability
code

Other vendor

history data





Purchase Order Record

PO

number

Vendor

number

Order

date

Buyer

code





Vendor Invoice Record

Invoice

number

Vendor

number

Invoice

date

PO

number

Payment

terms

Date

due

Invoice

subtotal

Freight

charges

Invoice

total





P
urchase Line Items

PO

number

Stock

number

Quantity

ordered

Quantity

received

Order

price





Invoice Line Items

Invoice

number

Stock

number

Quantity

ordered

Quantity

shipped

Unit

price

Item

total





Quotation Record

Vendor

number

Stock

number

Quote

date

Quoted

price





Receiving Report Record

Report

number

Vendor

number

PO

number

Receipt

date

Receiver

code

Shipper

code




Receiving Line Items

Report

number

Stock

number

Quantity

received

Description

and comments





Materials Inventory Record

Stock

number

Item

description

Location
code

Vendor
code

Reorder
point

Order
quantity

Quantity
on hand

Quantity
on order

Quantity
reserved

Unit
cost

Total
cost


21

III.

CHARACTERISTICS OF EDP SYSTEMS THAT DIFFER FROM
MANUAL SYSTEMS



Uniform Processing of Transactions



-

Computers process like transactions in a like manner; so subject to same controls



-

Therefore, computers virtually eliminate clerical error



-

Computers will only error systematically, unl
ike humans who error on a random

basis



Segregation of Functions



-

Many I/C procedures performed by separate individuals may be combined in EDP

systems



-

Special concern that individuals with access t
o the computer
not

have other

incompatible duties (e.g. ability to initiate or change transactions)



Potential For Errors & Irregularities



-

Decrease human involvement in handling transactions reduces the potential for

observing errors/irregularitie
s



-

The average computer fraud is ten times greater than the average manual fraud



Initiation or Subsequent Execution of Transactions by Computer



-

Computer authorization of “Automatic” transactions may not be well documented



-

Errors in POS

can have multiple effects



Transaction Trail



-

May be lost, partially obscured, or only exist on a temporary basis



-

Many control procedures in EDP systems do not leave documentary evidence of

performance




-

Files and records are in machi
ne readable form and can’t be read


Electronic Audit Trail


Elements of a Computer log


Unique identification of transaction
.

Examples include the assignment of a number by the
computer. The unique identifier could be assigned sequentially or could cons
ist of a
location identifier and a unique number for that location. Sales invoices, for example, are
sequentially numbered by the computer application.


Date and time of transaction
.
These could be assigned automatically by the computer
application.


Ind
ividual responsible for the transaction
.

When a party logs on to a computer terminal to
initiate or authorize a transaction there is evidence of who the party is and the location
from which the transaction was initiated. The log in used to gain access to

the computer
can identify the source of the transaction.

Procrastination is like a credit card: It’s a lot of
fun until you get the bill.



Christopher Parker


22


WAVE OF THE FUTURE
--
NO HARD COPY DOCUMENTS!!!!



In the not
-
too
-
distant future,
ELECTRONIC DATA INTERCHANGE (EDI)

is expected to
be common place. Already, about 75% of the Fortune 100 companies
and 39% of the
Fortune 500 use EDI to some extent. Examples include the following:



-

Computers at over 3,000 suppliers to Chrysler accept purchase orders transmitted

by computers at Chrysler assembly plants, and in turn electronically invoice

Chrysler
’s computers for parts shipped.



-

Wal
-
Mart, which operates the largest EDI program in the retail industry, processes

about 75% of its payments to suppliers with EDI.



Among other benefits, proponents claim that EDI can cut, in half, the currently estim
ated
7% of corporate spending that goes for processing orders, sending invoices, and other
administrative costs.




EDI is the electronic exchange of business transactions, in a standard format, from one
entity's computer to another entity's computer throu
gh an electronic communications
network. If a private communications network is being used it is called a VAN
--
Value
Added Network. But, an increasing number of EDI transactions are conducted over the
Internet. EDI is commonly used for purchasing, proce
ssing accounts payables,
invoicing, and financial applications. In EDI systems, documents such as purchase
orders, invoices, shipping forms, bills of lading, and checks are converted by “translation
software” into electronic transactions conforming to a s
tandard format. For example, in
electronic funds transfer systems, a form of EDI, electronic transactions replace checks
as a means of payment.


Computers are useless. They only give you answers.

Picasso



23

EDP CONTROLS


Among the objectives of inter
nal controls are to 1) provide reasonable, but not absolute,
assurance that assets are safeguarded from unauthorized use or disposition, and 2) that
financial records are reliable to permit the preparation of financial statements.
These
objectives remai
n the same in an EDP Environment.

However, there are certain
modifications we need to make in how we think of the internal control components
--


environment, information and communication, risk assessment, control activities
(procedures), and monitoring
--
when the computer is introduced into the accounting process.


I.

EFFECT OF COMPUTER ON CONTROL ENVIRONMENT



We use I B MACHO to remember the seven factors which reflects the overall attitude,
awareness and actions of the board of directors, management, ow
ners and others
concerning the importance of internal control and its emphasis in the entity:



I
Integrity

and ethical values


B Audit Committee and
Board

of Directors


M Philosophy of
Management

and operating style


A
Assign
ment

of authority and responsibility


C
Commitment

to competence


H
Human

resource policies and procedures


O
Organizational

structure





The
organizational

structure is particularly impacted when we have an EDP environment.
A company s
hould work to segregate functions to reduce the risk of error or fraud due to
the human element.



A.

Segregation of functions within the EDP department


1.

Systems design
--
overall design of systems; prepares systems flowcharts;
NO
access to equipment


2.

Programmer
--
designs application flowcharts, program coding and debugging,
record input and report output layouts; prepares program run manual;
access to
equipment only when debugging; no access to live input



3.

Operator
--
loads programs and inputs; superv
ises operations; receives output;
can intervene by console (be sure to keep a log);
allowed access only to
operator instructions
, not the entire program run manual


4.

Librarian
--
custody of programs, program documentation and data files; allows
access only

to authorized persons at authorized times; keeps a check
-
out log;
Today the librarian is generally a computer program.


5.

Control group
--
receives input and output; reconciles output with input control
totals; distributes output to only authorized persons
; control of error log and
reprocessing of errors; reviews console log for unauthorized access


24


B.

Segregation of functions between EDP and users



1.

EDP should not authorize or initiate transactions
or

have custody or access to



non
-
EDP assets.



2.

E
DP should not correct non
-
EDP errors.



3.

EDP should be organizationally separate from the departments it serves.



C.

General policies



1.

Bond

all key EDP employees.



2.

Rotate

operators within shifts and responsibilities.



3.

Enforce
mandatory

vacat
ions.



4.

Terminate

fired employees
immediately.



5.

Have
written

standard operating procedures.


II.

EFFECT OF THE COMPUTER ON THE CONTROL PROCEDURES


The computer has the most effect on a company’s control procedures. Recall that we
use DAASI to remind

us of the control procedures (activities) of a company. In an EDP
environment, control procedures are generally comprised of a combination of general,
application and user controls.



GENERAL CONTROLS
--
relate to the overall EDP environment and pertain to

all
applications. General controls relate to:




Operations

controls



Changes

to existing systems and programs



Access

to programs, data, equipment



Developing

new programs and systems



A weakness in general controls will have a pervasive effect and
consequently
makes it almost impossible to rely on the specific applications controls. Likewise,
good general controls increase the assurance that application procedures operate
effectively.



APPLICATION CONTROLS
--
relate to specific applications (e.g. re
venue, payroll,
expenditure) and consists of
programmed controls and related manual follow
-
up
procedures
.




Programmed controls

are actually embedded in the program, e.g. in the revenue

cycle, the computer would match sales orders to shipping documents a
nd print a

report of all unfilled sales orders.




Related manual follow
-
up procedures

involve employee follow
-
up of items listed

on computer exception reports. For the example above, it would be an employee

checking the status of back
-
ordered goods.



USER CONTROL PROCEDURES
--
represent manual checks of the completeness and
accuracy of computer processing through comparing computer output against source
documents or other input. For example, assume you sent 20 timecards to EDP for
processing. A user c
ontrol procedure would be to make sure that 20 paychecks came
back from EDP (these totals are called control totals).


25


III.

GENERAL CONTROLS



A.

OPERATIONS CONTROLS

are intended to ensure that application programs are

used properly and that the proper da
ta files are used during processing. They

involve management review of regular and unscheduled job lists, restricting

operator’s access to only the operations manual (not program documentation)

and adequate procedures for managing and backing up data a
nd program files.


1.

Framework for controlling operations in the event of physical disaster or
computer failure.




a.

Contingency procedures and back
-
up facilities plans for fires, floods, etc.






Hot site vs. Cold site




b.

Duplicate (back
-
up)
files
-
stored
off premise





Disk = dump Database = daily “snap shot”




Note
: Daily snapshots are retained until a weekly is create; weeklys are




retained until a monthly is created; monthlys are retained until the




yearly is created.





Tape = G
randfather
-
Father
-
Son












Master File =











Transaction File=

















2.

Controls to make sure the proper files are used.




a.

Labels
--
external and internal





i. external labels should be coded





ii. internal labels (he
ader and trailer labels)






--
Header: file serial #, volume serial #, file name, creation date and






retention date







--
Trailer: number of blocks, record count, control totals, end of



volume, and end of reel




b.

File protection rings
-

“no ring, no write”; read only switch for disks




3.

Maintain an equipment failure (downtime) log



B.

CHANGES OVER EXISTING PROGRAMS AND SYSTEMS

includes controls

int
ended to ensure that modifications to application programs are suitably

approved, designed, tested and implemented.




1.

A change request log should be kept.


26



2.

Any changes should be approved by supervisor.



3.

All changes should be made by programmer
s and tested before





implementation.



4.

Users should approve the tested changes.



5.

All changes should be documented.



6.

SOURCE CODE COMPARISONS
.



C.

ACCESS CONTROLS TO PROGRAMS AND DATA

are intended to prevent or

detect unauthorized changes to

programs and files. Access is controlled both

through restrictive physical controls and software controls that limit a) programmer

access to production programs, live data files, and job control language; b)

operator access to source code and individu
al elements of data files; and c) user

access to defined programs and data files.




1.

Restrict access to programs, program documentation and data files




a. Password and passkeys




b. External and internal labels




c. Librarian
-
storage in a strong
ly constructed vault





i. Store programs and data in strong vault





ii. Keeps usage log and maintains authorization list




d. Software packages are available to monitor authorized and unauthorized




changes made to the files, programs

or the operating system




2.

Restrict access to computer equipment to only authorized personnel




a.

Passwords and passkeys, sign
-
in sheets




b.

Guards, locks, badges




c.

Don’t allow terminated personnel or disgruntled employees near the




computer
!!!!!





d.

Log of computer utilization
-
EDP control group should check for





unauthorized use




3.

Special consideration for restricting access in on
-
line real
-
time (OLRT) systems




a.

Restrict terminal to certain programs and data files




b.

Author
ization tables
--
list the programs and data that each terminal and




user is permitted to use, and identifies the activities each user is





authorized to perform with each program and data set




c.

Locks on data records
-
restricts access to certain fie
lds, records or files,




e.g. number of hours and hourly rate, executive payroll




4.

Special considerations regarding restricting access when using



telecommunications (electronic transmission of data) (remember telephone



wires can be tapped!)




a.

Call back units
-
prevent unauthorized users access to system




b.

Encryption
-
encode data to disguise it




c.

FIREWALL
--
security measure companies adopt to prevent outside users




(particularly from the Internet) from accessing the company’s system


A BUSINESSMAN taking a seminar on efficiency completed a case study of his wife’s routine for fixing b
reakfast,
and presented the results to the class. “After a few days of observation, I quickly determined the practices that were
robbing her of precious time and energy,” the man reported. “Taking note of how may trips she made from the
kitchen to the di
ning room carrying just one item, I suggested that in the future she carry several items at a time.”

“Did it work?” the teacher asked. “It sure did,” replied the businessman. “Instead of taking her 20 minutes to fix
my breakfast, it now takes me just se
ven.”



27


D.

DEVELOPMENT OF NEW PROGRAMS AND SYSTEMS

controls are intended to

ensure that new application systems are suitably authorized, designed and

tested.

1.

Reviewing, testing and approval of new systems




a.

Companies need to use the
Systems Development Life

Cycle

when




implementing new computer systems. SDLC phases are:

--

Analysis
-
determining whether the current systems is meeting users’
needs. In the event it is not, a feasibility study is conducted to
examine potential solutions to the problem.

--

De
sign
-
this phase involves developing specifications regarding input,
processing, internal controls and security measures, programs,
procedures, output and databases.

--

Implementation
-
involves the actual programming for the new system
including debugging &
testing AND conversion from the old system to
the new system.
Common implementation methods include running
parallel systems which is very expensive but safe; the cold turkey
method which is less expensive but very risky or a phased in approach
which make
s the most sense.

--

Operation
-
this phase includes post
-
implementation review to
determine if the system is meeting its objectives and is being utilized.
Also systems maintenance (monitoring, evaluating and modifying the
system) is an ongoing part of this

phase.

2.

BE SURE TO involve users, internal auditors, and external auditors at the
systems design and development stage
-

designing controls into an already
implemented system is very difficult and costly.

3.

Involve users and EDP in the systems testing,

and be sure to test the system
through the entire cycle (e.g. include testing procedures only done at year
-
end).

4.

Get management and user approval of the new system to avoid problems like
system not being used because it doesn’t provide the data on a ti
mely enough
basis.

5.

Documentation procedures

-

the
Program Run Manual

should include:

a.

Systems descriptions and flowcharts

b.

Program descriptions and flowcharts

c.

Program listing (in source code)

d.

Record layouts (input documents and output reports)

e.

Control procedures

f.

Operating instructions.

g.

Good documentation is important to:

i.

The company

for training of new personnel and maintenance.

ii.

The auditors

to aid in understanding the system and designing the
audit tests.

A man went into a fort
une teller's shop and waited for a reading. The fortune teller
gazed into the crystal ball and said " You will be poor and unhappy until you are 45
year old." "Then what will happen?" asked the man. The fortune teller replied,
"Then you'll get used to i
t."



From Dear Abby


28

6.

Hardware controls
--
ensure that the computer system will not be a cause of
inaccurate application processing. Automatic (built
-
in) error detection features


a.

Parity check
--
an extra bit used to check that all data has been

transferred
without loss
--
odd or even parity.


b.

Dual circuitry
--
a computation is made twice by the computer in different
parts of the CPU and the results are compared.


c.

Echo check
--
a signal sent to the CPU verifying that a command has been
received &

complied with.


d.

Dual read
--
input data are read twice and compared.


e.

Read after write
--
data is read after it is recorded in storage and verified for
accuracy.


f.

Boundary protection
--
prevents the intermixing or overlapping of data among
the many fil
es in the computer.



IV.

APPLICATION CONTROLS
--
relate to specific applications (e.g. revenue, payroll
expenditure) and consists of programmed controls and related manual follow
-
up
procedures.



Programmed controls

are actually embedded in the program, e.g
. in the expenditure
cycle, the computer would be programmed to accept only vendors from an approved
vendor list and would print a report of any purchases made from unauthorized vendors.



Related manual follow
-
up procedures

involve employee follow
-
up of i
tems listed on
computer exception reports. For the example above, it would be an employee reviewing
the purchases from unauthorized vendors to determine if specific management approval
had been given for the purchase.



Examples of Application Controls:



A.

Batch control totals
establish the accuracy of processing



record counts

number of documents, e.g.



control totals

a total that has some meaning, e.g.



hash totals

an inherently meaningless total, e.g.



B.

Self
-
checking digit
--
a check number is created f
rom the original


number and becomes part of the number itself


Experience enables you to recognize a

mistake when you make it again.


Franklin P. Jon
es

29

C.

Programmed edit checks
--
checks written into the application programs to


reject incomplete, inaccurate, or unreasonable
DATA
DURING

THE INPUT


STAGE
. These edit checks prevent the user from progressing further until


resolved.


a.

Field check
-
preven
ts invalid characters
--
e.g. alphabetic character in a
numeric field

b.

Invalid codes
--
e.g. store codes from 01
-
22 code 53 would be invalid

c.

Limit test
--
e.g. data which falls outside pre
-
established limits

d.

Sequence checks
--
e.g. file arranged in ascendi
ng order

e.

Sign test
--
e.g. negative number in a positive field

f.

Missing data
--
e.g. blank field

g.

Anticipation test
--
e.g. anticipate receipt of particular data

h.

Field size check
-

won’t allow more than certain numbers

i.

Logic check
-

prevents illogica
l combinations of input

j.

Closed loop verification

sometimes called “redundant data check” uses
two identifiers for a transaction such as name and customer ID before
allowing data entry to occur

k.

Verification of self
-
checking digit


D.

Limit and Reasonablenes
s tests
--
logical tests performed
DURING
PROCESSING

to verify the contents and relationships of records. These errors
show up on exception (error) reports.




Comparison to a limit
--
e.g. did customer exceed credit limit



Comparison to a range of values
--
e.g.
paychecks should not be less

than $150 or greater that $3,000



Test for proper mathematical sign
--
e.g. negative rate of pay



Test for a zero value
--
e.g. social security number



Test for non
-
numeric data in a numeric field
--
e.g. #*.80 for a pay rate



Comparison

of field value or code against a table of allowed values or

codes
--
e.g. codes for authorized vendors



Test for logical relationship between fields
--
e.g. Match master file account

# with transaction file account #




E.

Computer generated log of input error
s



Error log
--
invalid data, file programs



Console log
--
time run, files and programs used, interventions & machine halts


F.

Footing and Crossfooting tests


G.

The EDP Control group does the following:




Balancing of all control totals



Visual scanning
--
for unusual
errors



Distribution of output to authorized persons



Review of error logs



Procedures for follow up of exceptions and errors


30

Payroll Cycle Application Control Procedure Examples


Completeness test
. Program verifies existence of EMPLOYEE
-
NUMBER, EMPLOYEE
-
NA
ME, HOURS
WORKED.

Control total
. Program verifies that the total number of hours on batch transmittal form = total number of hours on
valid payroll transactions + total number of hours on erroneous payroll transactions.

Record count
. Program verifies tha
t the number of lines on the register = the number of payroll transaction records.

Limit test
. Program flags those transactions with amounts > $10,000 for review by the data control group.

Record count
. Program verifies that the number of paychecks = num
ber of payroll transaction records.

Control total
. Program verifies that total amount of paychecks = total debit to payroll general ledger account and
total credit to cash general ledger account.

Control total
. Data control group compares control totals
taken on paycheck amounts and disclosed on control report
and payroll register.


Expenditure Cycle Application Control Procedure Examples


Completeness test
. Program verifies existence of REQUISITION NUMBER, INVENTORY ITEM NUMBER,
ITEM DESCRIPTION, ITEM Q
UANTITY, DELIVERY DUE DATE.

Record count
. Program verifies that the number of new records in purchase order detail file = number of line items
on purchase orders.

Control total
. In a batch system the data control group compares hash totals of purchase or
der numbers disclosed on
control reports and purchase order register.

Completeness test
. Program verifies that purchasing agent enters VENDOR NUMBER, PURCHASING AGENT
NAME, VENDOR PRODUCT NUMBER, ITEM UNIT PRICE.

Validity test
. Program computes check dig
it on VENDOR NUMBER.

Record count
. Number of lines on check register = number of cash disbursement transaction records.

Limit test
. Program flags those transactions with amount > $100,000 for review by data control group.

Control total
. Data control gro
up verifies that total amount of checks = total amounts of vouchers disclosed on
control reports and check register.

Control total
. In a batch system the data control group compares totals of purchase order numbers disclosed on the
control report and the
receipts register.

Completeness test
. Program verifies existence of PURCHASE ORDER NUMBER, VENDOR INVOICE NUMBER,
VENDOR INVOICE DATE, GROSS AMOUNT, DISCOUNT DATE, NET AMOUNT, PAYMENT DUE
DATE, GENERAL LEDGER ACCOUNT, GENERAL LEDGER AMOUNT.

Validity test
.

Program verifies that dates are of the form AA
-
BB
-
CCCC, where AA<13, BB<32, and CCCC is
numeric.

Record count
. Program verifies that the decrease in the number of open purchase order records = increase in the
number of pending invoice records.






Many executives seem to be infatuated with the limitless information potential of
computers
--
sometimes at the real expense of the human thinking that ought to be at the
base of any analysis. When playing the enticing "what if" games that computers ma
ke
available, beware of contracting spreadsheetitis." And remember, machines cannot think
(not yet)
--
they can only rearrange what was furnished them previously.


Philip Kropatkin




31

HOW BIG WAS IT OR COULD YOU DO ONE FOR, SAY

The Transaction

The wire tran
sfer unit of a large West Coast bank received a phone call from one of the bank's international officers requesting a $10
million transfer from the bank to an account at a New York City bank. The calling officer provided the correct secret codes
for the d
ay
and satisfied the criteria for initiating a wire transfer. The wireroom processed the request and transferred the funds. La
ter the New
York City bank received instruction from it account holder to transfer the funds to a bank account in Geneva, Switze
rland.


Discovery of the Fraud


The FBI received information that a person had purchased a large quantity of diamonds with funds stolen from a named West Coa
st
bank. The FBI determined that the tip was accurate and notified the West Coast bank of the mult
imillion dollar fraud that had be
committed against it.


The Investigation

The investigation revealed:


The West coast bank had been installing new computer hardware and software in its wire transfer room. A computer consultant
hired
by the bank was activ
ely involved in this renovation. While working in the wireroom, the consultant was:


Placed on the authorized list for admittance to the wireroom; given a valid password for gaining access to the electronic fu
nds transfer
processing system; and allowed u
se of terminals connected to this system;


Able to observe the process for ordering wire transfers, including how to obtain the daily secret codes used to authorize ele
ctronic
funds transfers; and able to listen to the conversational style and format used

by bank officers in ordering fund transfer.


One day after his assignment had been completed, the consultant requested permission to enter the wireroom. Because his name

had
not been deleted from the authorized list, the consultant was allowed to enter t
he area and t use a terminal. Using a wireroom terminal
and his own password, which had not been deleted from the system, the consultant obtained the secret funds transfer codes fo
r that
day. He left the wireroom and called the wireroom from a phone bo
oth. Pretending to be an international office of the bank, he
requested a $10 million funds transfer from the bank to an account at a New York City bank. The wireroom employee, believing

that
he was speaking with an international officer of his bank beca
use of the style and format of the conversation and the use of the correct
secret codes for the day, accepted the order and transferred the funds.


The consultant flew to Geneva, Switzerland, where he had the stolen funds transferred from his account t the

East Coast bank into an
account at a Swiss bank. He purchased over $8 million in diamonds from a Russian diamond wholesaling company. He flew back
to
the West Coast with the diamonds and moved in with a friend. While the consultant tried to decide what

to do with his ill
-
gotten gains,
his "friend" made a critical tip to the FBI.


How to Prevent this Fraud

When it is necessary to hire a consultant who will have access to very sensitive data, the consultant should undergo a specia
l clearance
process befor
e being allowed
access

to the data. Another control should be used to record all passwords and
accesses

given to the
consultant and to promptly terminate all passwords and accesses on the consultants last day of employment. Additionally, a
consistently
followed, call
-
back verification process would have simply and quickly detected and prevented the multimillion dollar
fraud.


Epilogue

As might be expected, the news media reported this fraud extensively in every country in the Western world. The prestige

and
reputation of the West Coast bank were harmed. The bank now has one of the largest computer security staffs of any bank in t
he
world.


Following his indictment, and while free on $200,000 bond prior to the trial, the consultant teamed with an employe
e of another West
Coast bank to commit a $50 million wire transfer fraud. The employee alerted the FBI of the planned EFT fraud and it was abo
rted.
The consultant the agreed to a guilty plea and was sentenced to eight years imprisonment on the first wire

fraud to avoid prosecution on
the second, attempted wire fraud. Following his release from prison in less than three years, the consultant was hired to ru
n the
computer system of a national science association in Washington, D.C.




32


EDP MULTIPLE CHOICE
QUESTIONS


I.

EDP TERMINOLOGY QUESTIONS





1.

More than one file may be stored on a single magnetic memory disc. Several




programs may be in the core storage unit simultaneously. In both cases it is




important to prevent the mixing of data.
One way to do this is to use



a.

File integrity control.


c.

Interleaving.



b.

Boundary protection.


d.

Paging.




2.

In a computerized system, procedure or problem
-
oriented language is converted to



machine language through a (an)



a.

Interpre
ter.



c.

Compiler.



b.

Verifier.




d.

Converter.




3.

Which of the following is not a characteristic of a batch processed computer system?



a.

The collection of like transactions which are sorted and processed sequentially




against a master fi
le.



b.

Keypunching of transactions, followed by machine processing.



c.

The production of numerous printouts.



d.

The posting of a transaction, as it occurs, to several files, without intermediate




printouts.




4.

Which of the following symboli
c representations indicate that a file has been




consulted?



a.







c.







b.







d.








5.

The machine language for a specific computer



a.

May be changed by the programmer.



b.

Is the same as all other computer languages.



c.

Is

determined by the engineers who designed the computer.



d.

Is always alphabetic.




6.

A well prepared flowchart should make it easier for the auditor to



a.

Prepare audit procedure manuals.



b.

Prepare detailed job descriptions.



c.

Trace the or
igin and disposition of documents.



d.

Assess the degree of accuracy of financial data.





33



7.

When a data base administrator's position exists within a client organization, the



auditor must be aware of the



a.

Output effectiveness/efficiency co
nsiderations.



b.

Need for coded program files.



c.

Use of encrypted dialog in a two
-
way

authentication process.



d.

Inherent violation of the principle separation of duties.




8.

What type of EDP system is characterized by data that are assemb
led from more



than

one location and records that are updated immediately?



a.

Microcomputer system.


c.

Batch processing system.



b.

Minicomputer system.



d.

On
-
line real
-
time system.




9.

Which of the following symbolic representations indica
tes that a sales invoice has



been filed?



a.







b.







c.







d.






10.

Which of the following flowchart symbols represents on
-
line storage?



a.




c.






b.




d.







11.

The computer system most likely

to be use
d by a large

savings bank for customers'



accounts would be



a.

An on
-
line, real
-
time

system.

c.

A

generalized utility system.



b.

A

batch processing system.

d.

A direct access data base system.


34

II.

EDP INTERNAL CONTROL QUESTIONS




1.

One of the major problems in an EDP system is that incompatible functions may be



performed by the same individual. One compensating control for this is use of



a.

A tape library.




c.

Computer generated hash totals.



b.

A self
-
checking digit system
.


d.

A computer log.








2.

Which of the following would lessen internal control in an electronic data processing



system?



a.

The computer librarian maintains custody of computer program instructions and




detailed program listing.



b.

Com
puter operators have access to operator instructions and detailed program




listings.



c.

The control group maintains sole custody of all computer output.



d.

Computer programmers write and debug programs which perform routines




designed by the syst
ems analyst.




3.

When an on
-
line, real
-
time (OLRT) electronic data processing system is in use,



internal control can be strengthened by



a.

Providing for the separation of duties between keypunching and error listing




operations.



b.

Attachi
ng plastic file protection rings to reel of magnetic tape before new data




can be entered on the file.



c.

Making a validity check of an identification number before a user can obtain




access to the computer files.



d.

Preparing batch totals to pro
vide assurance that file updates are made for the




entire input.




4.

If a control total were to be computed on each of the following data items, which



would best be identified as a hash total for a payroll EDP application?



a.

Net pay.





c.

Hours worked.



b.

Department numbers.



d.

Total debits and total credits.




5.

For good internal control, which of the following functions should not be the




responsibility of the treasurer's department?



a.

Data processing.



c.

Custody of s
ecurities.



b.

Handling of cash.



d.

Establishing credit policies.




6.

Which of the following constitutes a weakness in the I/C of an EDP system?



a.

One generation of backup files is stored in an off
-
premises location.



b.

Machine operators dis
tribute error messages to the control group.



c.

Machine operators do not have access to the complete systems manual.



d.

Machine operators are supervised by the programmer.




7.

Totals of amounts in computer
-
record data fields which are not usuall
y added for



other purposes but are used only for data processing control purposes are called



a.

Record totals.




c.

Processing data totals.



b.

Hash totals.




d.

Field totals.


35



8.

Carmela Department Stores has a fully integrated EDP account
ing system and is



planning to issue credit cards to credit
-
worthy customers. To strengthen internal



control by making it difficult for one to create a valid customer account number, the



company's independent auditor has suggested the inclusion of

a check digit which



should be placed



a.

At the beginning of a valid account number, only.



b.

In the middle of a valid account number, only.



c.

At the end of a valid account number, only.



d.

Consistently in any position.




9.

Which of the
following is an example of a check digit?



a.

An agreement of the total number of employees to the total number of checks




printed by the computer.



b.

An algebraically determined number produced by the other digits of the





employee number.



c.

A

logic test that ensures all employee numbers are nine digits.



d.

A limit check that an employee's hours do not exceed 50 hours per work week.




10.

Which of the following activities would most likely be performed in the EDP




department?



a.

In
itiation of changes to master records.



b.

Conversion of information to machine
-
readable form.



c.

Correction of transactional errors.



d.

Initiation of changes to existing applications.




11.

For control purposes, which of the following should be

organizationally segregated



from the computer operations functions?



a.

Data conversion.



b.

Surveillance of CRT messages.



c.

Systems development.



d.

Minor maintenance according to a schedule.




12.


Where computer processing is used in sig
nificant accounting applications, internal



control procedures may be defined by classifying control procedures into two types:



general and



a.

Administrative.



c.

Application.



b.

Specific.





d.

Authorization.






13.

Which of the follow
ing most likely constitutes a weakness in the internal control of an



EDP system?



a.

The control clerk establishes control over data received by the EDP department




and reconciles control totals after processing.



b.

The application programmer iden
tifies programs required by the systems design




and flowcharts the logic of these programs.



c.

The systems analyst reviews output and controls the distribution of output from




the EDP department.



d.

The accounts payable clerk prepares data for co
mputer processing and enters




the data into the computer.



36



14.

Which of the following is
not

a major reason why an accounting audit trail should be



maintained for a computer system?



a.

Query answering.



c.

Monitoring purposes.



b.

Deterre
nt to irregularities.


d.

Analytical procedures.






15.

A procedure control used in the management of a computer center to minimize the



possibility of data or program file destruction through operator error includes



a.

Control figures.



c.

L
imit checks.



b
.

Crossfooting tests.



d.

External labels.








16.

The use of a header label in conjunction with magnetic tape is most likely to prevent



errors by the



a.

Computer operator.



c.

Computer programmer.



b.

Keypunch operator.



d.

Maintenance technician.








17.

Where disc files are used, the grandfather
-
father
-
son update backup concept is



relatively difficult to implement because the



a.

Location of information points on discs is an extremely time consuming task.



b.

Magnetic fields and other environmental factors cause off
-
site storage to be




impractical.



c.

Information must be dumped in the form of hard copy if it is to be reviewed




before used in updating.



d.

Process of updating old records is destruct
ive.




18. Which of the following is an application control?



a.

Dual read.




c.

Systems flowchart.



b.

Hash total.




d.

Control over program changes.




19.


Where computers are used, the effectiveness of internal control depe
nds, in part,



upon whether the organizational structure includes any incompatible combinations.



Such a combination would exist when there is
no

separation of the duties between



a.

Documentation librarian and manager of programming.



b.

Programmer

and console operator.



c.

Systems analyst and programmer.



d.

Processing control clerk and key punch supervisor.




20.

Which of the following employees in a company's electronic data processing




department should be responsible for designing ne
w or improved data processing



procedures?



a.

Flowchart editor.



c.

Systems analyst.



b.

Programmer.




d.

Control group supervisor.




21.

Responsibility for initial testing (debugging) of the program should be assigned to the



a.

EDP departm
ent control group.

c.

Programmer.



b.

Internal audit control group.


d.

Machine operator.



37



22.

Parity checks, read
-
after
-
write checks, and duplicate circuitry are electronic data



processing controls that are designed to detect



a.

Erroneous i
nternal handling of data.



b.

Lack of sufficient documentation for computer processes.



c.

Illogical programming commands.



d.

Illogical uses of hardware.




23.

A control feature in an electronic data processing system requires the central




pro
cessing unit (CPU) to send signals to the printer to activate the print mechanism



for each character. The print mechanism, just prior to printing, sends a signal back to



the CPU verifying that the proper print position has been activated. This type

of



hardware control is referred to as



a.

Echo

control.

c.

Signal control.




b.

Validity control.

d.

Check digit control.




24.

An advantage of manual processing is that human processors may note data errors
and irregularities. To replace the
human element of error detection associated with
manual processing, a well
-
designed electronic data processing system should
introduce



a.

Programmed limits.

c

Echo checks.





b.

Dual circuitry.

d.

Read
-
after
-
write.





25.

An internal administrativ
e control that is sometimes used in connection with




procedures to detect unauthorized or unexplained computer usage is



a.

Maintenance of a computer tape library.



b.

Use of file controls.



c.

Maintenance of a computer console log.



d.

Control over

program tapes.




Anyone with money to burn will always find
himself surrounded by people with matches.

Joe Ryan