Information Technology.docx

Embed Size (px)

Citation preview

  • 7/27/2019 Information Technology.docx

    1/6

    Microcomputers

    a. The proliferation of microcomputers (e.g., personal computers [PC], laptop

    computers) has had a profound effect on both information systems and on auditors.

    A small business client will probably use a PC to run a commercially purchased

    general ledger package (off-the-shelf software). Segregation of duties becomes

    especially difficult in such an environment because one individual may perform all

    recordkeeping (processing) as well as maintain other nonrecordkeeping

    responsibilities.

    b. A larger client may use a network of PCs which may or may not be linked to

    a large corporate mainframe computer. In all systems, management policies should

    be in place regarding the development and modification of programs and data files.

    c. Regardless of the system, the control objectives remain the same. When

    small computers are involved, the following points need to be considered:

    (1) SecuritySecurity over small computers, while still important, may not beas critical as security over the data and any in-house developed software. Most

    companies can easily replace the hardware, but may suffer a severe setback if the

    data and/or in-house developed software is lost.

    Access to the software diskettes should be controlled and backup copies

    should be made.

    Access to the hard drive must be restricted since anyone turning on the power

    switch can read the data stored on those files.

    Also, a control problem may exist because the computer operator often understands

    the system and also has access to the diskettes. The management of the companymay need to become more directly involved in supervision when a lack of

    segregation of duties exists in data processing.

    (2) Verification of processingPeriodically, an independent verification ofthe applications being processed on the small computer system should be made to

    prevent the system from being used for personal projects.

    Also, verification helps prevent errors in internally developed software from going

    undetected. Controls should be in operation to assure the accuracy of in-house

    created spreadsheets and databases.

    (3) Personnel

    Centralized authorization to purchase hardware and software should be

    required to ensure that appropriate purchasing decisions are made, including

    decisions that minimize software and hardware compatibility difficulties.

    Software piracy and viruses may be controlled by prohibiting the loading of

    unauthorized software and data on company-owned computers.

  • 7/27/2019 Information Technology.docx

    2/6

    1. Segregation controls

    a. Segregate functions between information systems department and user

    departments

    (1) User departments are the other departments of the company that utilize the

    data prepared by the information systems department.

    b. Do not allow the information systems department to initiate or authorize

    transactions.

    c. At a minimum, segregate programming, operations, and the library function

    within the information systems department.

    (1) Systems analysisThe systems analyst analyzes the present userenvironment and requirements and may (1) recommend specific changes, (2)

    recommend the purchase of a new system, or (3) design a new information system.

    The analyst is in constant contact with user departments and programming staff to

    ensure the users actual and ongoing needs are being met. A system flowchart is atool used by the analyst to define the systems requirements.

    (2) Systems programmingThe systems programmer is responsible forimplementing, modifying, and debugging the software necessary for making the

    hardware work (such as the operating system, telecommunications monitor, and the

    database management system). For some companies the term software engineeris viewed as similar or identical to that of systems programmer. For others, the

    software engineer is involved with the creation of designs used by programmers.

    (3) Applications programmingThe applications programmer is responsiblefor writing, testing, and debugging the application programs from the specifications

    (whether general or specific) provided by the systems analyst. A program flowchart

    is one tool used by the applications programmer to define the program logic.

    (4) Database administrationIn a database environment, a database

    administrator (DBA) is responsible for maintaining the database and restrictingaccess to the database to authorized personnel.

    (5) Data preparationData may be prepared by user departments and inputby key to magnetic disk or magnetic tape.

    (6) OperationsThe operator is responsible for the daily computer operationsof both the hardware and the software. The operator mounts magnetic tapes on the

  • 7/27/2019 Information Technology.docx

    3/6

    tape drives, supervises operations on the operators console, accepts any requiredinput, and distributes any generated output. The operator should have adequate

    documentation available to run the program (a run manual), but should not have

    detailed program information.

    a] Help desks are usually a responsibility of operations because of the

    operational nature of their functions (for example, assisting users with systems

    problems and obtaining technical support/vendor assistance).

    (7) Data libraryThe librarian is responsible for custody of the removablemedia (i.e., magnetic tapes or disks) and for the maintenance of program and system

    documentation. In many systems, much of the library function is maintained and

    performed electronically by the computer.

    (8) Data controlThe control group acts as liaison between users and theprocessing center. This group records input data in a control log, follows the

    progress of processing, distributes output, and ensures compliance with control

    totals.

    Ideally, in a large system, all of the above key functions should be segregated; in a

    small computer environment, many of the key functions are concentrated in a small

    number of employees. For purposes of the CPA exam remember that, at a minimum,

    an attempt should be made to segregate programming, operations, and the library

    functions. Large organizations typically have a chief information officer (CIO) thatoversees all information technology and activities.

    e. Electronic commerce has resulted in a number of new Web-related positions,

    including

    (1) Web administrator (Web manager)Responsible for overseeing thedevelopment, planning, and the implementation of a Web site. Ordinarily a

    managerial position.

    (2) Web masterResponsible for providing expertise and leadership in thedevelopment of a Web site, including the design, analysis, security, maintenance,

    content development, and updates.

    (3) Web designerResponsible for creating the visual content of the Web site

    (4) Web coordinatorResponsible for the daily operations of the Web site

  • 7/27/2019 Information Technology.docx

    4/6

    (5) Internet developerResponsible for writing programs for commercial use.Similar to a software engineer or systems programmer.

    (6) Intranet/Extranet developerResponsible for writing programs based onthe needs of the company

    a disaster recovery plan should include both backup and downtimecontrols.

  • 7/27/2019 Information Technology.docx

    5/6

    Methods of Data Structure

    a. Data organization for computer operations

    (1) BitA binary digit (0 or 1) which is the smallest storage unit in a computer

    (2) ByteA group of adjacent bits (usually 8) that is treated as a single unit bythe computer. Alphabetic, special and some numeric characters can be represented

    by a bit. A numeric character that is used in computations may use more than one

    byte.

    (3) CharacterA letter, number, or other symbols; a character is ordinarilyprintable as a symbol (e.g., the character "a" or ";")

    (4) AlphanumericAlphabetic, numeric, and special characters (specialcharacters are pluses, minuses, dollar signs, etc.)

    (5) FieldA group of related characters (e.g., a social security number)

    (6) RecordAn ordered set of logically related fields. For example, all payrolldata (including the social security number field and others) relating to a single

    employee.

    (7) ArrayIn a programming language, an aggregate that consists of dataobjects with attributes, each of which may be uniquely referenced by an index

    (address). For example, an array may be used to request input of various payroll

    information for a new employee in one step. Thus an array could include employee

    name, social security number, withholdings, pay rate, etc.for example (John Jones,470-44-5044, 2, $18.32, ). Name would be indexed as 1 (or zero), with each

    succeeding attribute receiving the next higher number as an address. Also arraysmay be multidimensional. They are often used with object-oriented programming

    such as C++ and Java.

    (8) FileA group of related records (e.g., all the weekly pay records year-to-date) which is usually arranged in sequence

    (9) Master fileA file containing relatively permanent information used as asource of reference and periodically updated with a detail (transaction) file (e.g.,

    permanent payroll records)

    (10) Detail or transaction fileA file containing current transaction information

    used to update the master file (e.g., hours worked by each employee during thecurrent period used to update the payroll master file)

    Structured query language (SQL)The most common language used for creatingand querying relational databases (see (b)3] below), its commands may be classified

    into three types

  • 7/27/2019 Information Technology.docx

    6/6

    a] Data definition language (DDL)Used to define a database, including

    creating, altering, and deleting tables and establishing various constraints.

    The data definition language defines the database structure and content,especially the schema and subschema descriptions, including the names ofthe data elements contained in the database and their relationship to eachother.

    b] Data manipulation language (DML)Commands used to maintain and

    query a database, including updating, inserting in, modifying, and querying (asking

    for data)

    c] Data control language (DCL)Commands used to control a database,

    including controlling which users have various privileges (e.g., who is able to read

    from and write to various portions of the database).