Upload
jklein2588
View
213
Download
0
Embed Size (px)
Citation preview
7/27/2019 Information Technology.docx
1/6
Microcomputers
a. The proliferation of microcomputers (e.g., personal computers [PC], laptop
computers) has had a profound effect on both information systems and on auditors.
A small business client will probably use a PC to run a commercially purchased
general ledger package (off-the-shelf software). Segregation of duties becomes
especially difficult in such an environment because one individual may perform all
recordkeeping (processing) as well as maintain other nonrecordkeeping
responsibilities.
b. A larger client may use a network of PCs which may or may not be linked to
a large corporate mainframe computer. In all systems, management policies should
be in place regarding the development and modification of programs and data files.
c. Regardless of the system, the control objectives remain the same. When
small computers are involved, the following points need to be considered:
(1) SecuritySecurity over small computers, while still important, may not beas critical as security over the data and any in-house developed software. Most
companies can easily replace the hardware, but may suffer a severe setback if the
data and/or in-house developed software is lost.
Access to the software diskettes should be controlled and backup copies
should be made.
Access to the hard drive must be restricted since anyone turning on the power
switch can read the data stored on those files.
Also, a control problem may exist because the computer operator often understands
the system and also has access to the diskettes. The management of the companymay need to become more directly involved in supervision when a lack of
segregation of duties exists in data processing.
(2) Verification of processingPeriodically, an independent verification ofthe applications being processed on the small computer system should be made to
prevent the system from being used for personal projects.
Also, verification helps prevent errors in internally developed software from going
undetected. Controls should be in operation to assure the accuracy of in-house
created spreadsheets and databases.
(3) Personnel
Centralized authorization to purchase hardware and software should be
required to ensure that appropriate purchasing decisions are made, including
decisions that minimize software and hardware compatibility difficulties.
Software piracy and viruses may be controlled by prohibiting the loading of
unauthorized software and data on company-owned computers.
7/27/2019 Information Technology.docx
2/6
1. Segregation controls
a. Segregate functions between information systems department and user
departments
(1) User departments are the other departments of the company that utilize the
data prepared by the information systems department.
b. Do not allow the information systems department to initiate or authorize
transactions.
c. At a minimum, segregate programming, operations, and the library function
within the information systems department.
(1) Systems analysisThe systems analyst analyzes the present userenvironment and requirements and may (1) recommend specific changes, (2)
recommend the purchase of a new system, or (3) design a new information system.
The analyst is in constant contact with user departments and programming staff to
ensure the users actual and ongoing needs are being met. A system flowchart is atool used by the analyst to define the systems requirements.
(2) Systems programmingThe systems programmer is responsible forimplementing, modifying, and debugging the software necessary for making the
hardware work (such as the operating system, telecommunications monitor, and the
database management system). For some companies the term software engineeris viewed as similar or identical to that of systems programmer. For others, the
software engineer is involved with the creation of designs used by programmers.
(3) Applications programmingThe applications programmer is responsiblefor writing, testing, and debugging the application programs from the specifications
(whether general or specific) provided by the systems analyst. A program flowchart
is one tool used by the applications programmer to define the program logic.
(4) Database administrationIn a database environment, a database
administrator (DBA) is responsible for maintaining the database and restrictingaccess to the database to authorized personnel.
(5) Data preparationData may be prepared by user departments and inputby key to magnetic disk or magnetic tape.
(6) OperationsThe operator is responsible for the daily computer operationsof both the hardware and the software. The operator mounts magnetic tapes on the
7/27/2019 Information Technology.docx
3/6
tape drives, supervises operations on the operators console, accepts any requiredinput, and distributes any generated output. The operator should have adequate
documentation available to run the program (a run manual), but should not have
detailed program information.
a] Help desks are usually a responsibility of operations because of the
operational nature of their functions (for example, assisting users with systems
problems and obtaining technical support/vendor assistance).
(7) Data libraryThe librarian is responsible for custody of the removablemedia (i.e., magnetic tapes or disks) and for the maintenance of program and system
documentation. In many systems, much of the library function is maintained and
performed electronically by the computer.
(8) Data controlThe control group acts as liaison between users and theprocessing center. This group records input data in a control log, follows the
progress of processing, distributes output, and ensures compliance with control
totals.
Ideally, in a large system, all of the above key functions should be segregated; in a
small computer environment, many of the key functions are concentrated in a small
number of employees. For purposes of the CPA exam remember that, at a minimum,
an attempt should be made to segregate programming, operations, and the library
functions. Large organizations typically have a chief information officer (CIO) thatoversees all information technology and activities.
e. Electronic commerce has resulted in a number of new Web-related positions,
including
(1) Web administrator (Web manager)Responsible for overseeing thedevelopment, planning, and the implementation of a Web site. Ordinarily a
managerial position.
(2) Web masterResponsible for providing expertise and leadership in thedevelopment of a Web site, including the design, analysis, security, maintenance,
content development, and updates.
(3) Web designerResponsible for creating the visual content of the Web site
(4) Web coordinatorResponsible for the daily operations of the Web site
7/27/2019 Information Technology.docx
4/6
(5) Internet developerResponsible for writing programs for commercial use.Similar to a software engineer or systems programmer.
(6) Intranet/Extranet developerResponsible for writing programs based onthe needs of the company
a disaster recovery plan should include both backup and downtimecontrols.
7/27/2019 Information Technology.docx
5/6
Methods of Data Structure
a. Data organization for computer operations
(1) BitA binary digit (0 or 1) which is the smallest storage unit in a computer
(2) ByteA group of adjacent bits (usually 8) that is treated as a single unit bythe computer. Alphabetic, special and some numeric characters can be represented
by a bit. A numeric character that is used in computations may use more than one
byte.
(3) CharacterA letter, number, or other symbols; a character is ordinarilyprintable as a symbol (e.g., the character "a" or ";")
(4) AlphanumericAlphabetic, numeric, and special characters (specialcharacters are pluses, minuses, dollar signs, etc.)
(5) FieldA group of related characters (e.g., a social security number)
(6) RecordAn ordered set of logically related fields. For example, all payrolldata (including the social security number field and others) relating to a single
employee.
(7) ArrayIn a programming language, an aggregate that consists of dataobjects with attributes, each of which may be uniquely referenced by an index
(address). For example, an array may be used to request input of various payroll
information for a new employee in one step. Thus an array could include employee
name, social security number, withholdings, pay rate, etc.for example (John Jones,470-44-5044, 2, $18.32, ). Name would be indexed as 1 (or zero), with each
succeeding attribute receiving the next higher number as an address. Also arraysmay be multidimensional. They are often used with object-oriented programming
such as C++ and Java.
(8) FileA group of related records (e.g., all the weekly pay records year-to-date) which is usually arranged in sequence
(9) Master fileA file containing relatively permanent information used as asource of reference and periodically updated with a detail (transaction) file (e.g.,
permanent payroll records)
(10) Detail or transaction fileA file containing current transaction information
used to update the master file (e.g., hours worked by each employee during thecurrent period used to update the payroll master file)
Structured query language (SQL)The most common language used for creatingand querying relational databases (see (b)3] below), its commands may be classified
into three types
7/27/2019 Information Technology.docx
6/6
a] Data definition language (DDL)Used to define a database, including
creating, altering, and deleting tables and establishing various constraints.
The data definition language defines the database structure and content,especially the schema and subschema descriptions, including the names ofthe data elements contained in the database and their relationship to eachother.
b] Data manipulation language (DML)Commands used to maintain and
query a database, including updating, inserting in, modifying, and querying (asking
for data)
c] Data control language (DCL)Commands used to control a database,
including controlling which users have various privileges (e.g., who is able to read
from and write to various portions of the database).