Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
GEAR 111 Test 2
Unit 5-6
| Term | Definition |
|---|---|
| Computer controls | General IT Controls & Application controls |
| General Controls | Overall control environment ensuring effective functioning of application controls In place irrespective of transactions |
| Application controls | Specific application control directly addressing risks to info Addresses specific assertations & business cycles Pocedures to initiate, recors, process & report on transactions |
| Dual purpose controls | Both general & application controls, ex. acess controls |
| General IT Controls | Controls over entity's IT processes that support continued proper operation of IT envionment |
| Classification of general IT controls | Organisational & personnel practices System development & implementation Change controls Business continuity Operating controls Access control |
| Organisational & personnel practices | How IT department is structured & activities managed. Culture & policies: Delegation, segregation of duties, supervision & review |
| System development & implementation | Control over new or significantly altered systems. |
| Change controls | Changes to existing program already used by entity |
| Business continuity | Operating environment & repairs after disaster |
| Operating controls | Scheduling & production runs, operating act & uses of assets. Logs & registers |
| Access Control | Controls to prevent unauthorised access & limit activities ofin unauth areas Security management, physical & logical AC. Logs & reviews |
| Risk of pooor organisational structure | Unauthorised transactions Collusion Undetected misstatements Untrostworthy / incompetent staff |
| Delegation of responsibility | As per King IV directors are responsible for ethical IT governance. Computer steering committee - overall responsibility CIO - responsibile for direction of IT IT manager - dayily operations & management of IT staff |
| Segregation of duties | No one staff shoud be able to perform incompatible tasks IT seperate from user departments IT shouldn't initiate transactions & should have no physical access |
| Reporting, supervision & review | IT's work originates from user department; user dep to review data used in IT IT's work is review by senior qualified IT staff Logs & registers reviewed regulary |
| Personell practices | Job functions & proper descriptions Employment polocies, procedures & practices (professional behaviour, leave policies) |
| System development vs system acquisitions | Development - in house Acquisition - bought from vendor |
| System development & change control process | 1. Request, needs assessment & selection 2. Planning & design 3. System development & testing 4. Implementation 5. Post-impl review & training |
| Request, assessment & selection | Business need identified, projects need to be feasible & approved |
| Feasibility study | - Needs assessment - Resources required - Alternative solutions - Cost-beefit analysis - Time planner |
| Planning & design | Project team, project plan, standards & contol frameworks and investigation of needs |
| Development & tetsing | Development area, test area, production area & final approval |
| Implementation | Conversion (data transfers) Stages (system close & clean-up, conversion & post-conversion review) Decoumentation & training |
| Post-implementation review | - Meets needs - Controls implemented - Misstatements detected & resolved - Effective - Sufficient docs & training |
| Physical vs Logical Access Control | Physical - Preventative control: Access to premesis, computer terminal Logical - Preventative & computerisedcontrol: Identification, Authentication & Authorisation |
| Password controls | Unique, Min length, Combinations, Changes regularly, Encrypted electronic password, Blocked if unseccessful, Breaches leads to shutdown |
| Detective & Corrective Controls | Activity registers & violation reports Encryption Firewalls Anti-virus malware |
| Application control objectives | Validity Completeness Accuracy To prevent detect & correct misstatements from when transaction is input or processed by application OR when output is generated by application |
| Electronic accounting stages | Input: Capturing transaction from source docs Processing: Creating fields and records and storing changes to accounting records Output: Report on captured data |
| Manual vs Computerised controls | Independent manual: Human/user control NOT requiring info from computer IT-dependant manual: Human.user control requiring info from computer Automated controls: ONLY performed by computer |
| Input controls definition | Ensures data entered (incl masterfile ammendments) are valid, accurate & complete |
| Risks if no input controls ae implemented | - Unauth transactions - Ammending data without auth - Uncorrected error |
| Input controls | User-related controls: Focus on users of info Screen aids: Features & procedures built into program Logical programmed controls: Testing of input against predetermined rules |
| User-related controls | Training, role dedicated employess, accountability, access profiles, segregation of duties |
| Screen aids | Screen layout, doc layout, minimum data required, closed loop verification(echo test), prompts, compulsory fields |
| Logical programmed controls | Validity test, limit test, field length test, completeness test, alpha numeric test, sign check |
| Business cycles / processes | Results in transactions that are ecorded, processed & repoted on, ensuring business operates as intended |
| Types on entities | Retailer Services Wholesaler Manufacturing Mining/ Resource generation Government |
| Functional areas | Stages within the cycle where related activities to transaction occurs Ex. receiving orders, sales auth, processing order, credit management, returns, receiving payment |
| Accuracy | Calculations are CORRECT |
| Completeness | Orders are executed & delivered timeously |
| Validity | Invoiced only if they WERE ORDERED |
| What to consider regarding functional areas | Activities People Records Risks Control objectives COntrol activities |
| Receiving customer order | Act: Receive, check invetory, create backorders People: Sales clerk Docs: Order form, Inventory list, ISO, Backorder note Risks: Late orders & order acceptance with insufficient stock Control obj: Timeously processed & backorder |
| Sales auth | Act: Auth orders for APPROVED customers People: Sales clerk, credit controller & fin manager Docs: Customers list, credit application form Risks: Order accepted from unauthcustomer, exceeding credit limit Control obj: Creditworthy & app customers only |
| Processing order | Act: Picking goods from warehouse People: Picker, warehouse clerk, order clerk, warehouse manager/foreman Docs: Picking slip, Delivery note Risks: Delays, incorrect quantity Control obj: Picked in terms of ISO & picking slip |
| Despatch & delivery | Act: Packing, loading, security check, delivery People: Despatch clerk, Security guards, delivery staff Docs: Delivery note Risks: Goods not recorded leaving premesis, customers deny receiving goods Control obj: Record despatch & proof of deliviery |
| Invoicing | Act: Creating & distributing invoices People: Invoicing clerk Docs: Invoice, ISO, Sales journal, Price list, Ledgers Risks: Despatched goods aren't invoiced, inaccurate invoice Control obj: Accurate, all deliveries should match to an invoice |
| Sales recording & debtor raising | Act: Posting sales to journals & ledgers People: Bookkeeper, fin accountant Docs: Journals, invoices, ledgers & statements Risks: Omitted invoices or inaccurate invoices posted Control obj: All invoices posted correctly |
| Receiving cash from customers | Act: Receive cash, issue receipt , deposit cash People: Cashier Docs: Receipt, bank deposit slip Risks: Cash not banked due to theft Control obj: All cash to be deposited |
| Receiving & recording receipts | Act: Post receipt to cash book, GL, bank recon People: Cash book clerk Docs: Cash receipt journal, ledgers, bank statemnts Risk: Fictitous receipts , receipts omitted Control obj: Record receipts correctly, matching to statement |
| Returns | Act: Receiving goods, auth return, discount People: Goods receiving clerk, Store clerk Docs: Credit note, ledgers, journals Risks: Incorrect description or quantity, Credit note for no returns Control obj: Return authorised ito company policy |
| Credit management | Act: Granting credit, collections & write-offs People: Credit controller, Financial manager Docs: Credit application, Statements, Credit bureau info Risks: Customers fail to pay debts Control obj: Only creditworthy customers retained, write-off |
| Weakness vs Recommendation | Weakness: Control act that are NOT in place or working as it should (negative format) Recommendation: Things that SHOULD be implemented to adess weakness |
| Rechnologies applicable to evenue & receipt cycle | POS & barcode scanning EFT Online sales |
Created by:
CARA.FAURIE
Popular Management sets