May 20, 2012

MF0013 [Internal Audit and Control] Set2 Q2

Q.2 Detail the specific problems of electronic data process relating to Internal control.

Ans:

Specific Problems of Electronic Data Process relating to Internal Control 
In an EDP system, the following problems arise in the implementation of internal control: 


(a) Separation of duties: In a manual system, separate individuals are responsible for initiating transactions, recording transactions, and custody of assets. As a basic control, separation of duties prevents or detects errors and irregularities. In a computer system, however, the traditional notion of separation of duties does not always apply. For example, a program may reconcile a vendor invoice against a receiving document and print a cheque for the amount owed to a creditor. Thus, this program is performing functions that in a manual systems would be considered incompatible. 

In a minicomputer and microcomputer environments, separation of incompatible functions may be even more difficult to achieve. Some minicomputers and microcomputers allow users to change programs and data easily; furthermore, they provide no record of these changes. If the minicomputer or micro computer does not have an inbuilt capability to provide a secure record of changes, it may be difficult to determine whether incompatible functions have been performed by system users.


(b) Delegation of authority and responsibility: A clear line of authority and responsibility is an essential control in both manual and computer systems. In a computer system, however, delegating authority and responsibility in an unambiguous way may be difficult because some resources are shared among multiple users. For example, one of the objectives of using a database management system is to provide multiple users with access to the same data, thereby reducing the control problems that arise with maintaining redundant data. When multiples users have access to the same data and integrity of the data is somehow violated, it is not always easy to trace who is responsible for corrupting the data and who is responsible for identifying and correcting the error. Some organizations have attempted to overcome these problems by designating a single user as the owner of data. This user assumes ultimate responsibility for the integrity of the data. 


(c) Competent and trustworthy personnel: The technology of data processing is now exceedingly complex much more complex than in the days of manual systems. Highly skilled personnel are needed to develop, modify, maintain and operate todays computer systems. Thus, the existence of competent and trustworthy personnel becomes even more important when computer systems are used to process an organizations data, since a relatively small number of individuals assume major responsibility for the integrity of the data.

Unfortunately, assuring that an organization has competent and trustworthy data processing personnel has been a difficult task. Historically, well trained and experienced data processing personnel have been in short supply. Therefore, organizations sometimes have been forced to compromise in their choice of staff. Moreover, it is not always easy for an organization to assess the competence and integrity of its EDP staff. High turnover in the data processing industry has been the norm, and the rapid evolution of technology inhibits managements ability to evaluate an employees skills. 


(d) System of authorizations: Management issues two types of authorizations to execute transactions. General authorizations establish policies for the organization to follow. For example, a fixed price list is issued for personnel to use when products are sold. Specific authorizations apply to individual transactions: for example, acquisitions of major capital assets may have to be approved by the board of directors. 

In a manual system, auditors evaluate the adequacy of procedures for authorization by examining the work of employees. In a computer system, authorization procedures often are embedded within a computer program. For example, the order entry module in a sales system may determine the price to be charged to a customer. Thus, when evaluating the adequacy of authorization procedures, auditors have to examine not only the work of employees but also the veracity of program processing. 


(e) Adequate documents and records: In a manual system, adequate documents and records are necessary to provide an audit trail of activities within the system. In computer systems, documents may not be used to support the initiation, execution and recording of some transactions. For example, in an online order entry system customers orders received by telephone may be entered directly into the system. Similarly, some transactions may be activated automatically by a computer system: for example, an inventory replenishment program may initiate purchase orders when stock levels fall below a set amount. Thus, no visible audit or management trail may be available to trace the transaction.

The absence of a visible audit trail is not a problem for the auditor provided that systems have been designed to maintain a record of all events and there is a means of accessing these records. In a well designed computer systems. Audit trails are often more extensive than those maintained in manual systems. Unfortunately, not all computer systems are well designed. Some minicomputer and microcomputer software packages for example, provide inadequate access controls and logging facilities to ensure preservation of an accurate and complete audit trail. When this situation is coupled with a decreased ability to separate incompatible functions, serious control problems can arise. 


(f) Physical control over assets and records: Physical control over access to assets and records is critical in both manual systems and computer systems. Computer systems differ from manual systems, however, in the way they concentrate the data processing assets and records of an organization. For example, in a manual system, a person wishing to perpetrate a fraud may be maintained at a single site the data processing installation. Thus, the perpetrator does not have to go to physically distance locations to execute the fraud. 

This concentration of data processing assets and records also increases the loss that can arise from computer abuse or a disaster. For example, a fire that destroys a computer room may result in the loss of all major master files in an organization. If the organization does not have suitable backup, it may be unable to continue operations. 


(g) Adequate management supervision: In a manual system, management supervision of employee activities is relatively straight forward because managers and employees are often at the same physical location. In computer systems, however, data communications may be used to enable employees to be closer to the customers they service. Thus, supervision of employees may have to be carried out remotely. Supervisory controls must be built into the computer system to compensate for the controls that usually can be exercised through observation and inquiry.


(h) Comparing recorded accountability with assets: Periodically, data and the assets that the data purports to represent should be compared to determine whether incompleteness or inaccuracies in the data exist or shortages in the assets have occurred. In a manual system, independent staff prepares the basic data used for comparison purposes. In a computer system, however, programs are used to prepare this data. For example, programs may sort an inventory file by warehouse location and prepare counts by inventory item at different warehouses. If unauthorized modifications occur to the programs or data files that the programs use, an irregularity may not be discovered.

No comments:

Post a Comment

Labels

1st Sem (common) Subjects (150) 1st Sem BBA (10) 2nd Sem (common) Subjects (70) 2nd Sem BBA (10) 3rd Sem Banking Management (30) 3rd Sem BBA (8) 3rd Sem core/common subjects (37) 3rd Sem Environmental Management (2) 3rd Sem Event Management (8) 3rd Sem Finance Management (113) 3rd Sem HEALTH SERVICE MANAGEMENT (HSM/HCS) (65) 3rd Sem Human Resource Management (98) 3rd Sem Information Systems Management (8) 3rd Sem International Business (34) 3rd Sem Marketing Management (129) 3rd Sem Operations Management (8) 3rd Sem Project Management (103) 3rd Sem Retail Operations Management (8) 3rd Sem Supply Chain Management (SCM) (16) 3rd Sem Total Quality Management (TQM) (16) 4th Sem Banking Management (38) 4th Sem core/common subjects (65) 4th Sem Event Management (8) 4th Sem Finance Management (8) 4th Sem HEALTH SERVICE MANAGEMENT (HSM/HCS) (21) 4th Sem Human Resource Management (104) 4th Sem Information Systems Management (8) 4th Sem International Business (12) 4th Sem Marketing Management (8) 4th Sem Operations Management (37) 4th Sem Project Management (56) 4th Sem Retail Operations Management (8) 4th Sem Supply Chain Management (SCM) (8) 4th Sem Total Quality Management (TQM) (8) BBA101 - Communication Skills (2) BBA101 Set1 (1) BBA101 Set2 (1) BBA102 - Organization Behaviour (2) BBA102 Set1 (1) BBA102 Set2 (1) BBA103 - Business Environment (2) BBA103 Set1 (1) BBA103 Set2 (1) BBA104 - Quantitative Techniques in Business (2) BBA104 Set1 (1) BBA104 Set2 (1) BBA105 - Computer Fundamentals (2) BBA105 Set1 (1) BBA105 Set2 (1) BBA201 - Research Methods (2) BBA201 Set1 (1) BBA201 Set2 (1) BBA202 - Business Strategy (2) BBA202 Set1 (1) BBA202 Set2 (1) BBA203 - Financial Accounting (2) BBA203 Set1 (1) BBA203 Set2 (1) BBA204 - Marketing Management (2) BBA204 Set1 (1) BBA204 Set2 (1) BBA205 - Management Information Systems (2) BBA205 Set1 (1) BBA205 Set2 (1) BBA301 - Legal and Regulatory Framework (2) BBA301 Set1 (1) BBA301 Set2 (1) BBA302 - Human Resource Management (2) BBA302 Set1 (1) BBA302 Set2 (1) BBA303 - Quality Management (2) BBA303 Set1 (1) BBA303 Set2 (1) BBA304 - Advertising and sales (2) BBA304 Set1 (1) BBA304 Set2 (1) Differences between Managers and Leaders (1) EM0001 - Fundamentals of Environment (2) EM0001 Set1 (1) EM0001 Set2 (1) ET0001 - Human resource management for events (2) ET0001 Set1 (1) ET0001 Set2 (1) ET0002 - Corporate Event Project Management (2) ET0002 Set1 (1) ET0002 Set2 (1) ET0003 - Event marketing and management (2) ET0003 Set1 (1) ET0003 Set2 (1) ET0004 - Event Finance Management (2) ET0004 Set1 (1) ET0004 Set2 (1) ET0006 - Event Risk Management (2) ET0006 Set1 (1) ET0006 Set2 (1) ET0007 - Entrepreneurship (2) ET0007 Set1 (1) ET0007 Set2 (1) ET0008 - Special Events (2) ET0008 Set1 (1) ET0008 Set2 (1) ET0009 - Event Management for Tourism (2) ET0009 Set1 (1) ET0009 Set2 (1) IB0010 - International Financial Management (9) IB0010 Set1 (7) IB0010 Set2 (2) IB0011 - International Marketing (9) IB0011 Set1 (2) IB0011 Set2 (7) IB0012 - Management of Multinational Corporations (8) IB0012 Set1 (7) IB0012 Set2 (1) IB0013 - Export-Import Management (8) IB0013 Set1 (7) IB0013 Set2 (1) IB0015 - Foreign Trade of India (6) IB0015 Set1 (3) IB0015 Set2 (3) IB0016 - International Logistics and Distribution Management (2) IB0016 Set1 (1) IB0016 Set2 (1) IB0017 - International Business Environment and International Law (2) IB0017 Set1 (1) IB0017 Set2 (1) IB0018 - Export Import Finance (2) IB0018 Set1 (1) IB0018 Set2 (1) MA0036 - Financial Systems and Commercial Banking (14) MA0036 Set1 (7) MA0036 Set2 (7) MA0037 - Banking Related Laws and Practices (12) MA0037 Set1 (6) MA0037 Set2 (6) MA0038 - Banking Operations (2) MA0038 Set1 (1) MA0038 Set2 (1) MA0039 - Retail Banking (2) MA0039 Set1 (1) MA0039 Set2 (1) MA0040 (1) MA0041 - Merchant Banking and Financial Services (5) MA0041 Set1 (3) MA0041 Set2 (2) MA0042 - Treasury Management (14) MA0042 Set1 (7) MA0042 Set2 (7) MA0043 - Corporate Banking (9) MA0043 Set1 (5) MA0043 Set2 (4) MA0044 - Institutional Banking (10) MA0044 Set1 (8) MA0044 Set2 (2) MB0038 - Management Process and Organization Behavior (24) MB0038 Set1 (16) MB0038 Set2 (9) MB0039 - Business Communication (24) MB0039 Set1 (15) MB0039 Set2 (9) MB0040 - STATISTICS FOR MANAGEMENT (24) MB0040 Set1 (15) MB0040 Set2 (9) MB0041 - Financial Management and Accounting (24) MB0041 Set1 (15) MB0041 Set2 (9) MB0042 - Managerial Economics (30) MB0042 Set1 (15) MB0042 Set2 (15) MB0043 - Human Resource Management (24) MB0043 Set1 (15) MB0043 Set2 (9) MB0044 - PRODUCTION and OPERATIONS MANAGEMENT (16) MB0044 Set1 (8) MB0044 Set2 (8) MB0045 - Financial Management (9) MB0045 Set1 (7) MB0045 Set2 (2) MB0046 - Marketing Management (10) MB0046 Set1 (8) MB0046 Set2 (2) MB0047 - MANAGEMENT INFORMATION SYSTEMS (15) MB0047 Set1 (8) MB0047 Set2 (7) MB0048 - OPERATIONS RESEARCH (10) MB0048 Set1 (8) MB0048 Set2 (2) MB0049 - Project Management (10) MB0049 Set1 (8) MB0049 Set2 (2) MB0050 - Research Methodology (20) MB0050 Set1 (10) MB0050 Set2 (10) MB0051 - Legal Aspects of Business (17) MB0051 Set1 (13) MB0051 Set2 (4) MB0052 - Strategic Management and Business Policy (30) MB0052 Set1 (15) MB0052 Set2 (15) MB0053 - International Business Management (35) MB0053 Set1 (19) MB0053 Set2 (16) MF0010 - Security Analysis and Portfolio Management (39) MF0010 Set1 (21) MF0010 Set2 (18) MF0011 - Mergers and Acquisitions (24) MF0011 Set1 (14) MF0011 Set2 (10) MF0012 - Taxation Management (25) MF0012 Set1 (16) MF0012 Set2 (9) MF0013 - Internal Audit and Control (25) MF0013 Set1 (16) MF0013 Set2 (9) MF0014 (1) MF0015 - International Financial Management (2) MF0015 Set1 (1) MF0015 Set2 (1) MF0016 - Treasury Management (2) MF0016 Set1 (1) MF0016 Set2 (1) MF0017 - Merchant Banking and Financial Services (2) MF0017 Set1 (1) MF0017 Set2 (1) MF0018 - Insurance and Risk Management (2) MF0018 Set1 (1) MF0018 Set2 (1) MH0051 - Health Administration (15) MH0051 Set1 (5) MH0051 Set2 (10) MH0052 - Hospital Organisation Operations and Planning (26) MH0052 Set1 (12) MH0052 Set2 (14) MH0053 - Hospital and Healthcare Information Management (11) MH0053 Set1 (3) MH0053 Set2 (8) MH0054 - Finance Economics and Planning in HCS (13) MH0054 Set1 (10) MH0054 Set2 (3) MH0055 (1) MH0056 - Public Relations and Marketing for Healthcare Organisation (6) MH0056 Set1 (3) MH0056 Set2 (3) MH0057 - Management of Healthcare Human Resources (5) MH0057 Set1 (2) MH0057 Set2 (3) MH0058 - Legal Aspects in Healthcare Administration (5) MH0058 Set1 (3) MH0058 Set2 (2) MH0059 - Quality Management in HCS (5) MH0059 Set1 (3) MH0059 Set2 (2) MI0014 (1) MI0033 - Software Engineering (2) MI0033 Set1 (1) MI0033 Set2 (1) MI0034 - Database Management System (2) MI0034 Set1 (1) MI0034 Set2 (1) MI0035 - Computer Network (2) MI0035 Set1 (1) MI0035 Set2 (1) MI0036 - BUSINESS INTELLIGENCE TOOLS (2) MI0036 Set1 (1) MI0036 Set2 (1) MI0038 - Enterprise Resource Planning (2) MI0038 Set1 (1) MI0038 Set2 (1) MI0039 - eCommerce (2) MI0039 Set1 (1) MI0039 Set2 (1) MI0040 - Technology Management (2) MI0040 Set1 (1) MI0040 Set2 (1) MI0041 - Java and Web Design (2) MI0041 Set1 (1) MI0041 Set2 (1) MK0010 - Sales Distribution and Supply Chain Management (33) MK0010 Set1 (17) MK0010 Set2 (16) MK0011 - Consumer Behaviour (31) MK0011 Set1 (16) MK0011 Set2 (15) MK0012 - Retail Marketing (42) MK0012 Set1 (20) MK0012 Set2 (22) MK0013 - Market Research (23) MK0013 Set1 (12) MK0013 Set2 (11) MK0014 (1) MK0015 - Service Marketing And Customer Relationship Management (2) MK0015 Set1 (1) MK0015 Set2 (1) MK0016 - Advertising Management and Sales Promotion (2) MK0016 Set1 (1) MK0016 Set2 (1) MK0017 - eMarketing (2) MK0017 Set1 (1) MK0017 Set2 (1) MK0018 - International Marketing (2) MK0018 Set1 (1) MK0018 Set2 (1) ML0010 - Warehousing and Supply Chain Management (2) ML0010 Set1 (1) ML0010 Set2 (1) ML0011 - Buying and Merchandising (2) ML0011 Set1 (1) ML0011 Set2 (1) ML0012 - Store Operations (2) ML0012 Set1 (1) ML0012 Set2 (1) ML0013 - Retail IT Management (2) ML0013 Set1 (1) ML0013 Set2 (1) ML0014 (1) ML0015 - Services Marketing and Customer Relationship Management (2) ML0015 Set1 (1) ML0015 Set2 (1) ML0016 - Advertising Management and Sales Promotion (2) ML0016 Set1 (1) ML0016 Set2 (1) ML0017 - Mall Management (2) ML0017 Set1 (1) ML0017 Set2 (1) ML0018 - Project Management in Retail (2) ML0018 Set1 (1) ML0018 Set2 (1) MU0010 - Manpower Planning and Resourcing (31) MU0010 Set1 (16) MU0010 Set2 (15) MU0011 - Management and Organizational Development (20) MU0011 Set1 (10) MU0011 Set2 (10) MU0012 - Employee Relations Management (22) MU0012 Set1 (11) MU0012 Set2 (11) MU0013 - Human Resource Audit (25) MU0013 Set1 (15) MU0013 Set2 (10) MU0014 (1) MU0015 - Compensation Benefits (24) MU0015 Set1 (14) MU0015 Set2 (10) MU0016 - Performance Management and Appraisal (27) MU0016 Set1 (12) MU0016 Set2 (15) MU0017 - Talent Management and Employee Retention (24) MU0017 Set1 (12) MU0017 Set2 (12) MU0018 - Change Management (29) MU0018 Set1 (9) MU0018 Set2 (20) OM0010 - Operations Management (2) OM0010 Set1 (1) OM0010 Set2 (1) OM0011 - Enterprise Resource Planning (2) OM0011 Set1 (1) OM0011 Set2 (1) OM0012 - Supply Chain Management (2) OM0012 Set1 (1) OM0012 Set2 (1) OM0013 - Advanced Production and Operations Management (2) OM0013 Set1 (1) OM0013 Set2 (1) OM0014 (1) OM0015 - Maintenance Management (6) OM0015 Set1 (3) OM0015 Set2 (3) OM0016 - Quality Management (11) OM0016 Set1 (8) OM0016 Set2 (3) OM0017 - Advanced Production and Planning Control (11) OM0017 Set1 (3) OM0017 Set2 (8) OM0018 - Technology Management (9) OM0018 Set1 (7) OM0018 Set2 (2) PM0010 - Introduction to Project Management (26) PM0010 Set1 (14) PM0010 Set2 (12) PM0011 - Project Planning and Scheduling (25) PM0011 Set1 (14) PM0011 Set2 (11) PM0012 - Project Financing and Budgeting (26) PM0012 Set1 (14) PM0012 Set2 (12) PM0013 - Managing Human Resources in Projects (26) PM0013 Set1 (13) PM0013 Set2 (14) PM0014 (1) PM0015 - Quantitative Methods in Project Management (14) PM0015 Set1 (8) PM0015 Set2 (6) PM0016 - Project Risk Management (14) PM0016 Set1 (7) PM0016 Set2 (7) PM0017 - Project Quality Management (14) PM0017 Set1 (7) PM0017 Set2 (7) PM0018 - Contracts Management in Projects (14) PM0018 Set1 (7) PM0018 Set2 (7) Project (1) QM0010 - Foundations of Quality Management (4) QM0010 Set1 (2) QM0010 Set2 (2) QM0011 - Principles and Philosophies of Quality Management (4) QM0011 Set1 (2) QM0011 Set2 (2) QM0012 - Statistical Process Control and Process Capability (4) QM0012 Set1 (2) QM0012 Set2 (2) QM0013 - Quality Management Tools (4) QM0013 Set1 (2) QM0013 Set2 (2) QM0014 (1) QM0015 - ISO/QS 9000 Elements (2) QM0015 Set1 (1) QM0015 Set2 (1) QM0016 - Managing Quality in the Organization (2) QM0016 Set1 (1) QM0016 Set2 (1) QM0017 - Quality Management System (2) QM0017 Set1 (1) QM0017 Set2 (1) QM0018 - Quality Development Methods (2) QM0018 Set1 (1) QM0018 Set2 (1) SC0001 - Supply Chain Management (4) SC0001 Set1 (2) SC0001 Set2 (2) SC0002 - Outsourcing (4) SC0002 Set1 (2) SC0002 Set2 (2) SC0003 - Food Supply Chain Management (4) SC0003 Set1 (2) SC0003 Set2 (2) SC0004 - Inventory Management (4) SC0004 Set1 (2) SC0004 Set2 (2) SC0006 - Global Logistics and Supply Chain Management (2) SC0006 Set1 (1) SC0006 Set2 (1) SC0007 - Category Management in Purchasing (2) SC0007 Set1 (1) SC0007 Set2 (1) SC0008 - Purchasing and Contracting for Projects (2) SC0008 Set1 (1) SC0008 Set2 (1) SC0009 - Supply Chain Cost Management (2) SC0009 Set1 (1) SC0009 Set2 (1) SMU BBA Subjects (1) SMU MBA/PGDBA Subjects (1)

Visitor Count (since Jan 2019)