Skip to Main Content
Idaho State University

Module 8 - Introduction to Accounting Controls and EDP Auditing

Module eight is an introduction to accounting and auditing controls concepts intended for a broad variety of students in courses where an appreciation of such concepts is needed. The module outlines key accounting and auditing concepts and describes the various played by management, information systems professionals, internal auditors, and external auditors. It deals with management control, application control, evidence gathering and evaluation, and management of the EDP audit function. The module may be used in junior or senior level information systems courses or integrated in other business courses. to management why other resources need protection; however, the information resource is frequently overlooked or is the ‘stepchild’.This section is under construction and will be updated soon with complete course content.

Topic Outline: Introduction To Accounting Controls And EDP Auditing

  1. Goals

    1 Hour
    1. Role Of The Accountant
    2. Asset Safety
      1. Organizational Asset
      2. Computer Resource Abuses
      3. Value Of Systems
        1. Hardware
        2. Software
        3. Personnel
        4. Operating Systems
        5. Application Systems
        6. Data
        7. Facilities
        8. Supplies
      4. Proprietary And Private Data
    3. Data Integrity
      1. Pervasiveness Of Errors
      2. Individual Decisions
    4. System Effectiveness
      1. Decision Making Value
      2. Timeliness
      3. Support For Competitive Advantage
    5. System Efficiency
      1. Proper Uses Of Systems And Components
      2. Misallocation Of Resources
        1. Theft
        2. Destruction
          1. Physical Acts Of Nature
          2. Physical Acts Of Persons
        3. Disruption Of Service
          1. Hardware
          2. Software
          3. Personnel
        4. Unauthorized Changes
  2. Roles

    1 Hour
    1. Management
      1. Top Management
      2. Middle Management
      3. Entry-Level Management
    2. Information Systems Professionals
      1. MIS Orientation
      2. Data Processing Orientation
    3. Internal Auditors
    4. External Auditors
    5. Management Controls
  3. Systems Cycle

    1 Hour
    1. Auditor's Involvement
      1. Concurrent Participation
      2. Ex Post Review
      3. Phases And Concerns
    2. Alternative Models
      1. Traditional
      2. Prototype
      3. Socio-technical
    3. Differences In Internal And External Auditors'
    4. End-User Developed Systems
  4. General Internal Controls

    2 Hours
    1. Segregation Of Duties
    2. Proper Delegation Of Authority
    3. Competent Personnel
    4. Authorization System
    5. Documentation
    6. Physical Controls
    7. Supervision
    8. Accountability
  5. Access Controls

    1 Hour
    1. Strengths And Weakness
    2. Encryption
    3. Personalized Access
      1. Cards And PINS
      2. Physical Identifiers
    4. Audit Trails
      1. Accounting
        1. User Identities
        2. Validation Routines Used
        3. Access And Usage Desired
        4. Physical Location Of Originating Site
        5. Session Times And Dates
        6. Access Methods And Number Of Tries
        7. Results Of Access: Authorized Or Rejected
      2. Operations
  6. Input Controls

    2 Hours
    1. Data
      1. Preparation
        1. Conversion To Machine-Readable
        2. Prepare Totals
        3. Human Scanning As Quality Control
        4. Verification
      2. Gathering
        1. Paper-Based
        2. Machine-Based
        3. Mixture
      3. Review
        1. Components
        2. Design
          1. What Data To Gather,
          2. How To Gather Data,
          3. Who Will Gather The Data,
          4. When Will The Data Be Gathered, And
          5. How The Data Will Be Handled, Retained, And Used
      4. Controls
        1. Hash Totals
        2. Financial
        3. Document Counts
    2. Validation
      1. Online
      2. Batch
      3. Lexical
      4. Semantic
      5. Syntactic
      6. Corrections
    3. Error Controls
      1. Error Report
      2. Field Checks
      3. Record Checks
      4. Batch Checks
      5. File Checks
  7. Communications Controls

    1 Hour
    1. Risks
      1. Reliability
      2. Unauthorized Uses And Abuses
      3. Errors
    2. Technical Failure
      1. Communications
      2. Hardware
      3. Software
      4. Personnel
    3. Terrorism And Other Overt Threats
      1. Aggressive
        1. Insertion
        2. Deletion
        3. Modification
        4. Intervention
      2. Non-Intrusive
        1. Note Or File Sending
        2. Monitoring Activities
      3. Controls
        1. Audit Trail
        2. Operations Audit Trail
  8. Processing Controls

    1 Hour
    1. CPU Controls
      1. Instruction Set Check
      2. Status Check
        1. Kernel
        2. Supervisor
        3. Problem
    2. Memory Controls
      1. Physical
      2. Access
      3. Virtual
    3. Systems
      1. Operating
        1. Protected From Users
        2. Insulated From Its Environment
        3. Users Isolated From Each Other
        4. Examples
      2. Application
        1. Validation Reviews
        2. Programming Reviews
        3. Interfaces Among Programs/Routines
      3. Audit Controls
  9. Database Controls

    2 Hours
    1. Access To Levels
      1. Name
      2. Content
      3. Context
      4. History
    2. Application Oversight
      1. Update Policy
      2. Reporting Procedures
    3. Concurrency
      1. Replication
      2. Partitioning
      3. Priorities
    4. Encryption
      1. Transportability
      2. Personalized
      3. Multiple Levels Of Access
    5. Physical Security
      1. Access
      2. File Protection
      3. Data Base Administrator (DBA)
      4. Backup
    6. Audit Controls
  10. Output Controls

    1 Hour
    1. Production
      1. Online
      2. Off-line
      3. Ad Hoc
    2. Distribution
      1. Physical Requirements
      2. Control
    3. Presentation
      1. Content
      2. Physical Form
      3. Format
      4. Layout
      5. Time Aspects
    4. Interpretation
      1. Availability
      2. Warning System For Further Information
  11. Evidence

    3 Hours
    1. Needs
      1. Assess Quality Of Data
      2. Evaluate Processes
      3. Review Existence Of Processes And Data
      4. Initial Review
        1. Analytical Review
        2. Statistical Analysis
        3. Spreadsheet
        4. Expert Systems Or Decision Support Systems
    2. Limitations
      1. Often After The Fact
      2. Constrained To Extent Of Generalized Audit Software (Gas)
    3. Generalized Audit Software
      1. Parallel Simulation
      2. Integrated Test Facility
      3. File And Record Extraction
    4. Specialized Audit Software
      1. Industry Specific
      2. Configuration Specific
      3. Potential To Be More Efficient
      4. Less Flexible Than Gas
    5. Concurrent Techniques
      1. Concurrent Integrated Test Facility
      2. Simulations
        1. Continuous
        2. Intermittent
      3. System Control Audit Review File (Scarf)
    6. Human Techniques
      1. Interviews
        1. Preparation
        2. Observation
        3. Evaluation
      2. Questionnaires
        1. Determine Objectives
        2. Plan Questions
        3. Test
        4. Deliver
        5. Analyze
      3. Observation
        1. Work As Participant
        2. Unobtrusive
    7. Flowcharts
      1. Document
      2. Data Flow
      3. Systems
      4. Programs
    8. Machine Techniques
      1. Hardware Monitors
        1. Tracks Activity
        2. Analyzes Activity
      2. Software Monitors
        1. Internal To System
        2. Particular Transaction Versus Sampling
        3. Analyzes Activity
  12. Integration

    2 Hours
    1. Asset Safety
      1. Measurement
        1. Qualitative
          1. Questionnaires
          2. Risk Matrix
        2. Quantitative
          1. Expected Dollar Loss Versus Cost Of Controls
          2. Expected Time Loss
      2. Cost-Benefit
    2. Data Integrity
      1. Measurement
        1. Qualitative
        2. Quantitative
      2. Cost-Benefit
    3. System Effectiveness
      1. Objectives
        1. Goals Of Firm
        2. Usage
        3. Types Of Usage
        4. User Satisfaction
        5. Technical
          1. Hardware
          2. Software
          3. Degree Of Independence Of Components Of System
      2. Judgment
      3. Overall Evaluation
    4. System Efficiency
      1. Objectives
      2. Indicators
        1. Workload Monitors
        2. Systems Checks
      3. Overall Evaluation
    5. Summary
      1. Qualitative
        1. Collect All Items
        2. Think
      2. Quantitative
        1. Financial Or Business Terms
        2. Sensitivity To Assumptions
      3. Judgment Group Decision Making and Experience Transfer