Cis Environment
1. Distinguish between internal control in a CIS environment and in non-CIS environment.
A CIS environment exists when a computer of any type or size is involved in the processing by the entity of financial information of significance to the audit; whether that computer is operated by the entity or by a third party. Many of the control procedures used in manual processing also apply in a CIS environment. Examples of such control procedures include authorization of transaction, proper segregation of duties, and independent checking. The elements of internal control are the same; the computer just changes the methods by which these elements are implemented.
2. What is meant by “general controls” in relation to CIS environment?
General controls are those control policies and procedures that relate to the overall computer information system. The purpose of general CIS controls is to establish a framework of overall controls over the CIS activities and to provide a reasonable assurance that the overall objectives of internal control are achieved. These may include:
-organization and management controls
-application systems development and maintenance controls
-computer operation controls
-system software controls
-data entry and program controls
3. Enumerate and describe each of the five (5) general controls in a CIS environment.
a. Organizational Controls – just as in a manual system, there should be a written plan of the organization, with clear assignment of authority and responsibility. In a CIS environment, the plan of an organization for an entity’s computer system should include segregation between the user and CIS department, and segregation of duties within the CIS department.
b. Systems development and documentation controls – software development as well as changes thereof must be approved by the appropriate level of management and the user department. To ensure that computer programs are functioning as designed, the program must be tested
A CIS environment exists when a computer of any type or size is involved in the processing by the entity of financial information of significance to the audit; whether that computer is operated by the entity or by a third party. Many of the control procedures used in manual processing also apply in a CIS environment. Examples of such control procedures include authorization of transaction, proper segregation of duties, and independent checking. The elements of internal control are the same; the computer just changes the methods by which these elements are implemented.
2. What is meant by “general controls” in relation to CIS environment?
General controls are those control policies and procedures that relate to the overall computer information system. The purpose of general CIS controls is to establish a framework of overall controls over the CIS activities and to provide a reasonable assurance that the overall objectives of internal control are achieved. These may include:
-organization and management controls
-application systems development and maintenance controls
-computer operation controls
-system software controls
-data entry and program controls
3. Enumerate and describe each of the five (5) general controls in a CIS environment.
a. Organizational Controls – just as in a manual system, there should be a written plan of the organization, with clear assignment of authority and responsibility. In a CIS environment, the plan of an organization for an entity’s computer system should include segregation between the user and CIS department, and segregation of duties within the CIS department.
b. Systems development and documentation controls – software development as well as changes thereof must be approved by the appropriate level of management and the user department. To ensure that computer programs are functioning as designed, the program must be tested