Personal computer systems • •
These are economical yet powerful self-contained general purpose computer consisting typically of a CPU, memory, monitor, disk drives, printer cables, and modems They can be used to process accounting transactions and produce report that are essential in the preparation of financial statements
Personal computer configurations •
Stand-alone workstation o This can be operated by a single user or a number of users at different times accessing the same or different programs o The programs and data are stored in the personal computers or un close proximity o Data are entered manually through a keyboard o Programming may include the use of a third-party software package to develop electronic spreadsheets or database applications
•
Workstation which is a part of a local area network or personal computers o A local area network is an arrangement where two or more personal computers are linked together through the use of a special software and communications lines. o A local area network allows the sharing of resources such as storage facilities and printers
•
Workstation connected to a server
Characteristics of personal computers • • • • • • • • • •
It provides the user with substantial computing capabilities They are small enough to be transportable Relatively inexpensive Can be placed in operation quickly Can be operated easily Operating system software is less comprehensive than in larger environments Software cab be purchased from third-party vendors Users can develop other applications with the use of generic software packages The operating system software, application programs and data can be stored and retrieved from removable storage media Storage medias are susceptible to virus attacks A virus is a computer program (a block of executable code) that attaches itself to a legitimate program or data file and uses it as a transport mechanism to reproduce itself without the knowledge of the user PAPS 1001 Page 1 of 4
Internal control in personal computer environments • • • • •
CIS environment in which personal computers are used is less structured than a centrally-controlled CIS environment Application programs can be developed relatively quickly by users possessing basic data processing skills Controls over the system development process and operations may not be viewed by the developer, user or management may not be viewed as important or cost-effective in a personal computer environment Users may tend to place unwarranted reliance on the financial information stored or generated by a personal computer The degree of accuracy and dependability of financial information produced will depend upon the internal controls prescribed by management and adopted by the user
Management policy statement may include • • • • • • • • • • • •
Management responsibilities Instructions on personal computer use Training requirement Authorization for access to programs and data Policies to prevent unauthorized copying of program and data Security, back-up and storage requirements Applications development and documentation standards Standards of report format and report distribution controls Personal usage policies Data integrity standards Responsibility for programs, data and error corrections Appropriate segregation of duties
Physical security relating to equipment • • • •
Restrict access to personal computers by using door locks Fastening the computer to a table using security cables Locking personal computers in a protective cabinet or shell Using an alarm system that is activated when a personal computer is disconnected or moved from its location
Physical security relating to removable and non-removable media • • • •
Delegation of a software custodian or data librarian Use of program and data file check-in and check-out system Locking of designated data locations Storage medias should be stored in a fire-proof container either on-site, offsite or both
PAPS 1001 Page 2 of 4
Program and data security • • • • •
Segregate data files organized under separate file directories – this allows the user to segregate information on removable and non-removable storage media Using hidden files and secret file names Employing passwords Using cryptography – this is the process of transforming programs and information into an unintelligible form Using anti-virus programs
Software and data integrity • • •
Integration of format and range checks and cross checks of results Adequate written documentation of application that are processed on the personal computer Application programs developed and maintained at one place rather than by each user dispersed throughout the entity
The effect of personal computers on the accounting system and the associated risks will generally depend on • • •
The extent to which the personal computer is being used to process accounting applications The type and significance of financial transaction being processed The nature of files and programs utilized in the applications
Functions in an accounting system • • • • • •
Initiating and authorizing source documents Entering data into the system Operating the computer Changing programs and data files Using or distributing output Modifying the operating system
Lack of segregation of functions in a personal computer may • •
Allow errors to go undetected Permit the perpetration and concealment of fraud
CIS application controls •
A system of transaction logs and batch balancing
PAPS 1001 Page 3 of 4
• •
Direct supervision Reconciliation of record counts or harsh totals
Functions of CIS application controls • • • • •
Receive all data for processing Ensure that all data are authorized and recorded Follow up all errors detected during processing Verify the proper distribution of output Restrict physical access to application programs and data files
Effects of personal computer environment on audit procedures • •
The auditor often assumes that the control risk is high in such systems The auditor may find it cost effective not to make a review of general CIS controls or CIS application controls but to concentrate the efforts on substantive tests at or near the end of the year
PAPS 1001 Page 4 of 4