Objectives: Introduction Over View of System Analysis and Design
Download 0.94 Mb. View original pdf
|
- Navigate this page:
- 8.11 Audit Trails
| 8.10.1 Processing controls Several methods have been devised to control processing activities 1. Data record maybe combined into small groups to control totals. If in batch processing, error is encountered, the batch maybe held and reviewed to correct the error. 2. Completeness check ensures that all fields in a record are present and are read in the proper sequence. Ina multiple record check, the program verifies the self-checking number of the records that makeup the transaction. If an error is detected, the entire group of records is rejected. 3. Consistency check refers to the relevance of one type of data to another. Data being accepted through various means need to be checked for its uniformity. All critical paths need to be checked for its proper path selection. 4. Reasonableness check evaluates a transaction against a standard or maximum / minimum value to determine its validity. For example an employee may not have ageless than 21 and not more than 60 years. 5. Sequence check verifies that data records are in sequence prior to processing. Duplicate records need to be checked. 8.11 Audit Trails An important function of system controls is providing for an audit trail. An audit trail is a routine designed to allow the analyst, user or auditor to verify a processor an area in the new system. 8.11.1 Definition of Audit trail A feature of data processing systems that allows for the study of data as processed from step to step, an auditor may then trace all transactions that affect an account. Ina manual system, the audit trail includes journals, ledgers and other documents used by auditor to trace transactions. Ina computerized system, record content and format frequently make it difficult to trace a transaction completely. Some reasons are the following 1. Files stored on the tape or disk can be read only by a computer, which limits the auditing function. A data dump is possible, though, to compare the data against a data map. 2. Direct data entry eliminates the physical documentation for an audit program. 3. Data processing activities are difficult to observe, since they take place within the computer system. For the audit trail to show its impact a detailed file of the transactions need to be maintained. During evaluation of a system following steps should be considered. 1. Define the control objectives as separate design and test requirements. Input preparation and transmission by the user are important control areas that are viewed with an emphasis on audit trails and adequate documentation during testing. 2. Examine budget costs to see whether system testing is within the limits. 3. Review specifications. The auditor should evaluate program acceptance test specifications and assist the programmer in developing test standards, levels of testing and actual test conditions. It is the auditor’s responsibility to build controls into candidate systems to ensure reliability, integrity and confidence of the users at all levels. The auditor should be called in during design as well as testing so that suggestion can be considered before implementation. Including the auditor in the system development team makes it easy for monitoring testing procedures and considers the acceptance of new controls to replace those changed by the new design. Download 0.94 Mb. Share with your friends:
|