Information Technology.docx

7/27/2019 Information Technology.docx

1/6

Microcomputers

a. The proliferation of microcomputers (e.g., personal computers [PC], laptop

computers) has had a profound effect on both information systems and on auditors.

A small business client will probably use a PC to run a commercially purchased

general ledger package (off-the-shelf software). Segregation of duties becomes

especially difficult in such an environment because one individual may perform all

recordkeeping (processing) as well as maintain other nonrecordkeeping

responsibilities.

b. A larger client may use a network of PCs which may or may not be linked to

a large corporate mainframe computer. In all systems, management policies should

be in place regarding the development and modification of programs and data files.

c. Regardless of the system, the control objectives remain the same. When

small computers are involved, the following points need to be considered:

(1) SecuritySecurity over small computers, while still important, may not beas critical as security over the data and any in-house developed software. Most

companies can easily replace the hardware, but may suffer a severe setback if the

data and/or in-house developed software is lost.

Access to the software diskettes should be controlled and backup copies

should be made.

Access to the hard drive must be restricted since anyone turning on the power

switch can read the data stored on those files.

Also, a control problem may exist because the computer operator often understands

the system and also has access to the diskettes. The management of the companymay need to become more directly involved in supervision when a lack of

segregation of duties exists in data processing.

(2) Verification of processingPeriodically, an independent verification ofthe applications being processed on the small computer system should be made to

prevent the system from being used for personal projects.

Also, verification helps prevent errors in internally developed software from going

undetected. Controls should be in operation to assure the accuracy of in-house

created spreadsheets and databases.

(3) Personnel

Centralized authorization to purchase hardware and software should be

required to ensure that appropriate purchasing decisions are made, including

decisions that minimize software and hardware compatibility difficulties.

Software piracy and viruses may be controlled by prohibiting the loading of

unauthorized software and data on company-owned computers.


2/6

1. Segregation controls

a. Segregate functions between information systems department and user

departments

(1) User departments are the other departments of the company that utilize the

data prepared by the information systems department.

b. Do not allow the information systems department to initiate or authorize

transactions.

c. At a minimum, segregate programming, operations, and the library function

within the information systems department.

(1) Systems analysisThe systems analyst analyzes the present userenvironment and requirements and may (1) recommend specific changes, (2)

recommend the purchase of a new system, or (3) design a new information system.

The analyst is in constant contact with user departments and programming staff to

ensure the users actual and ongoing needs are being met. A system flowchart is atool used by the analyst to define the systems requirements.

(2) Systems programmingThe systems programmer is responsible forimplementing, modifying, and debugging the software necessary for making the

hardware work (such as the operating system, telecommunications monitor, and the

database management system). For some companies the term software engineeris viewed as similar or identical to that of systems programmer. For others, the

software engineer is involved with the creation of designs used by programmers.

(3) Applications programmingThe applications programmer is responsiblefor writing, testing, and debugging the application programs from the specifications

(whether general or specific) provided by the systems analyst. A program flowchart

is one tool used by the applications programmer to define the program logic.

(4) Database administrationIn a database environment, a database

administrator (DBA) is responsible for maintaining the database and restrictingaccess to the database to authorized personnel.

(5) Data preparationData may be prepared by user departments and inputby key to magnetic disk or magnetic tape.

(6) OperationsThe operator is responsible for the daily computer operationsof both the hardware and the software. The operator mounts magnetic tapes on the


3/6

tape drives, supervises operations on the operators console, accepts any requiredinput, and distributes any generated output. The operator should have adequate

documentation available to run the program (a run manual), but should not have

detailed program information.

a] Help desks are usually a responsibility of operations because of the

operational nature of their functions (for example, assisting users with systems

problems and obtaining technical support/vendor assistance).

(7) Data libraryThe librarian is responsible for custody of the removablemedia (i.e., magnetic tapes or disks) and for the maintenance of program and system

documentation. In many systems, much of the library function is maintained and

performed electronically by the computer.

(8) Data controlThe control group acts as liaison between users and theprocessing center. This group records input data in a control log, follows the

progress of processing, distributes output, and ensures compliance with control

totals.

Ideally, in a large system, all of the above key functions should be segregated; in a

small computer environment, many of the key functions are concentrated in a small

number of employees. For purposes of the CPA exam remember that, at a minimum,

an attempt should be made to segregate programming, operations, and the library

functions. Large organizations typically have a chief information officer (CIO) thatoversees all information technology and activities.

e. Electronic commerce has resulted in a number of new Web-related positions,

including

(1) Web administrator (Web manager)Responsible for overseeing thedevelopment, planning, and the implementation of a Web site. Ordinarily a

managerial position.

(2) Web masterResponsible for providing expertise and leadership in thedevelopment of a Web site, including the design, analysis, security, maintenance,

content development, and updates.

(3) Web designerResponsible for creating the visual content of the Web site

(4) Web coordinatorResponsible for the daily operations of the Web site


4/6

(5) Internet developerResponsible for writing programs for commercial use.Similar to a software engineer or systems programmer.

(6) Intranet/Extranet developerResponsible for writing programs based onthe needs of the company

a disaster recovery plan should include both backup and downtimecontrols.


5/6

Methods of Data Structure

a. Data organization for computer operations

(1) BitA binary digit (0 or 1) which is the smallest storage unit in a computer

(2) ByteA group of adjacent bits (usually 8) that is treated as a single unit bythe computer. Alphabetic, special and some numeric characters can be represented

by a bit. A numeric character that is used in computations may use more than one

byte.

(3) CharacterA letter, number, or other symbols; a character is ordinarilyprintable as a symbol (e.g., the character "a" or ";")

(4) AlphanumericAlphabetic, numeric, and special characters (specialcharacters are pluses, minuses, dollar signs, etc.)

(5) FieldA group of related characters (e.g., a social security number)

(6) RecordAn ordered set of logically related fields. For example, all payrolldata (including the social security number field and others) relating to a single

employee.

(7) ArrayIn a programming language, an aggregate that consists of dataobjects with attributes, each of which may be uniquely referenced by an index

(address). For example, an array may be used to request input of various payroll

information for a new employee in one step. Thus an array could include employee

name, social security number, withholdings, pay rate, etc.for example (John Jones,470-44-5044, 2, $18.32, ). Name would be indexed as 1 (or zero), with each

succeeding attribute receiving the next higher number as an address. Also arraysmay be multidimensional. They are often used with object-oriented programming

such as C++ and Java.

(8) FileA group of related records (e.g., all the weekly pay records year-to-date) which is usually arranged in sequence

(9) Master fileA file containing relatively permanent information used as asource of reference and periodically updated with a detail (transaction) file (e.g.,

permanent payroll records)

(10) Detail or transaction fileA file containing current transaction information

used to update the master file (e.g., hours worked by each employee during thecurrent period used to update the payroll master file)

Structured query language (SQL)The most common language used for creatingand querying relational databases (see (b)3] below), its commands may be classified

into three types


6/6

a] Data definition language (DDL)Used to define a database, including

creating, altering, and deleting tables and establishing various constraints.

The data definition language defines the database structure and content,especially the schema and subschema descriptions, including the names ofthe data elements contained in the database and their relationship to eachother.

b] Data manipulation language (DML)Commands used to maintain and

query a database, including updating, inserting in, modifying, and querying (asking

for data)

c] Data control language (DCL)Commands used to control a database,

including controlling which users have various privileges (e.g., who is able to read

from and write to various portions of the database).

Documents

Information Technology.docx