IT ENVIRONMENTS - ON-LINE COMPUTER SYSTEMS

avatar
Created by
Daniela S.

Cards (125)

  • Contents
    • Introduction
    • On-Line Computer Systems
    • Types of On-Line Computer Systems
    • Characteristics of On-Line Computer Systems
    • Internal Control in an On-Line Computer System
    • Effect of On-Line Computer Systems on the Accounting System and Related Internal Controls
    • Effect of On-Line Computer Systems on Audit Procedures
    • Compatibility with International Auditing Practice Statements
    View source
  • Special purpose terminals
    • Point-of-sale devices, Automated teller machines, Hand-held wireless devices, Voice response systems
    View source
  • On-line systems allow users to directly initiate various functions such as

    Entering transactions, making enquiries, requesting reports, updating master-files, electronic commerce activities
    View source
  • Terminal devices may be found either locally or at remote sites. Local terminal devices are connected directly to the computer through cables, whereas remote terminal devices are connected to the computer through telecommunications networks
    View source
  • Types of terminal devices
    • General purpose terminals
    • Special purpose terminals
    View source
  • This Practice Note (PN) describes the effects of an on-line computer system on the accounting system and related internal controls and on audit procedures
    View source
  • General purpose terminals
    • Basic keyboard and screen, Intelligent terminal, PCs
    View source
  • On-Line Computer Systems
    Computer systems that enable users to access data and programs directly through terminal devices
    View source
  • Users such as customers or suppliers may access terminal devices
    Application software and data are kept on-line to meet users' needs
    View source
  • Types of terminal devices
    • Local terminal devices
    • Remote terminal devices
    View source
  • In a client/server environment
    The processing of data takes place on the server and the desktop computer (client)
    View source
  • Classifications of on-line computer systems
    • On-line/real-time processing
    • On-line/batch processing
    • On-line/memo update (and subsequent processing)
    • On-line/inquiry
    • On-line downloading/uploading processing
    View source
  • Common applications of tone-generating devices
    • Telephone banking
    • Bill payment systems
    View source
  • Local terminal devices are connected directly to the computer through cables
    Remote terminal devices require the use of telecommunications to link them to the computer
    View source
  • Employees, business partners, customers, and other third parties may obtain access to an organization's on-line applications
    They may use the Internet or other remote access services
    View source
  • Software required for systems with terminal devices
    • Access control software
    • Software that monitors on-line terminal devices
    View source
  • On-line/real-time processing
    Individual transactions are entered at terminal devices, validated, and used to update related computer files immediately
    View source
  • On-line/inquiry
    Restricts users at terminal devices to making inquiries
    View source
  • On-line/memo update (and subsequent processing)
    Combines on-line/real-time processing and on-line/batch processing
    View source
  • Increased sharing of system resources through LANs and WANs has led to the growth of distributed on-line processing
    Client/Server systems have resulted in applications being split, so that processing can be performed across several machines
    View source
  • Even local terminals may be connected using telecommunications links or wireless communication links
    Terminal devices may be accessed by many users, for different purposes, in different locations, all at the same time
    View source
  • Terminal devices may be found either locally or at remote sites
    View source
  • External parties may access the organization's applications through electronic data interchange (EDI) or other electronic commerce applications
    Programmers may use the on-line capabilities to develop new programs and maintain existing programs
    View source
  • On-line/batch processing
    Individual transactions are entered at a terminal device, subjected to certain validation checks, and added to a transaction file that contains other transactions entered during the period
    View source
  • On-Line Downloading/Uploading Processing
    Data from a master-file is transferred to an intelligent terminal device for further processing by the user. Results of local processing may be uploaded back to the main computer
    View source
  • Programmers' on-line access to the system
    Enables them to develop new programs and modify existing ones. Unrestricted access could lead to unauthorized changes and access to other parts of the system
    View source
  • On-line access to the system
    Enables users to perform various functions like entering transactions, reading, changing, or deleting programs and data files through terminal devices
    View source
  • The entity may need to establish suitable general controls to mitigate risks of unauthorized access
    View source
  • Data entry on-line
    Subject to immediate validation checks. Data failing validation are not accepted, and users can correct and re-enter valid data immediately
    View source
  • An on-line computer system may not provide supporting documents for all transactions entered, but must be able to provide transaction details on request or through logs
    View source
  • On-Line Inquiry
    Users at terminal devices can make inquiries of master-files, which are updated by other systems on a batch basis
    View source
  • Auditors consider the security infrastructure before examining general and application controls
    View source
  • Characteristics of On-Line Computer Systems
    • On-line data entry and validation
    • On-line access to the system by users
    • Lack of visible transaction trail
    • Potential access to the system by non-users
    • Dependence on system design
    View source
  • On-Line/Real Time Processing
    Data entered are available immediately, but transactions have not been subjected to complete validation before the master-file update
    View source
  • Unlimited access to all functions in a particular application is undesirable as it may lead to unauthorized changes to data and programs
    View source
  • Applications in an on-line environment may have greater exposure to unauthorized access and update, requiring a strong security infrastructure for information integrity
    View source
  • The effect of an on-line computer system on the accounting system and the associated risks will generally depend on
    View source
  • Risks that the entity may need to mitigate
    • Viruses
    • Unauthorized access
    • Potential destruction of audit trails
    View source
  • Important aspects of control in an on-line computer system
    • Controls over passwords
    • System development and maintenance controls
    • Programming controls
    • Transaction logs
    • Firewalls
    View source
  • Entity's security infrastructure
    Plays an important part in ensuring the integrity of the information produced
    View source