Application Controls

INPUT/ORIGINATION CONTROLS

Input Authorization

Signatures on batch forms or soure documents

Online access controls

Unique password

Terminal or client workstation identification

Source documents

Batch Controls and Balancing

Batch Controls

Total monetary amount

Total items

Total documents

Hash totals

Batch Balancing

Batch registers

Contro accounts

Computer agreement

Error Reporting and Handling

Rejecting only transactions with errors

Rejecting the whole batch of transactions

Holding the batch in suspense

Accepting the batch and flagging error transactions

Batch Integrity in Online Database Systems

PROCESSIING PROCEDURES AND CONTROLS

Data Validation and Editing Procedures

Sequence check

Limit check

Range check

Reasonableness check

Table lookups

Existence check

Key verification

Check digit

Completeness check

Duplicate check

Logical relationship check

Processing Controls

Manual recalculations

Editing

Run-to-run-totals

Programmed controls

Reasonableness verification of calculated amounts

Limit checks on amounts

Reconciliation of fle totals

Exception reports

Data File Control Procedure

Types of controls

Before and after image reporting

Maintenance error reporting and handling

Source documentation retention

Internal and external labeling

Version usage

Data file security

One-for-one checking

Prerecorded input

Transaction logs

File updating and maintenance authorization

Parity checking

Categories

System control parameters

Standing data

Master data/balance datta

Transaction files

OUTPUT CONTROLS

Logging and storage of negotiable, sensitive and critical forms in a secure place

Computer generation of regotiable instruments, forms and signatures

Report distribution

Balancing and reconciling

Output error handling

Output report retention

Verification of recept of reports

BUSINESS PROCESS CONTROL ASSURANCE

Process maps

Process controls

Assessing business risks within the process

Benchmarking with best practices

Roles and responsibilities

Activities and tasks

Data restrictions

CISA

AUDITING APPLICATION CONTROLS

Flow of transactions through the system

Risk assessment model to analyza application controls

Observing and testing user performing procedures

Separation of duties

Authorization of input

Balancing

Error control and correction

Distribution of reports

Review and testing of access authorizations and capabilities

Subtópico

Data Integrity Testing

Data Integrity in Online Transaction Processing Systems

Automicity

consistency

Isolation

Durability

Test Application Systems

Snapshot

Mapping

Tracing and tagging

Test data/deck

Base-case system evaluation

Parallel operation

Integrated testing facility

Parallel simulation

Transaction simulation programs

Embedded audit data collection

Extended records

Continuous Online Auditing

Online Auditing Techniques

Systems Control Audit Review File and Embedded Audit Modues

Snapshots

Audit hooks

Integrated test facility

Continuous and intermittent simuation

Auditing Systems Development, Acquisition and Maintenance

Project Management

Feasibility Study

Requirements Definition

Software Acquisition Process

Detailed Design and Development

Testing

Implementation Phase

Postimplementation Review

System Charge Procedures and the Program Migration Process