Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
A plan of organization for data processing includes provision for segregation of duties
within data processing and the organizational segregation of data processing from other
operations. General operating procedures include written manuals and other
documentation that specify procedures to be followed. Equipment control features are
those that are installed in computers to identify incorrect data handling or erroneous
operation of the equipment. Equipment and data-access controls involve procedures
related to physical access to the computer system and data. There should be adequate
procedures to protect equipment and data files from damage or theft.
b. Application Control
The application Application controls are specific to individual applications. Application
controls are categorized into input, processing, and output controls. These categories
correspond to the basic steps in the data processing cycle.
1. Input controls are designed to prevent or detect errors in the input stage of data
processing. When computers are used for processing, the input stage involves the
conversion of data into a machine-readable format.
2. Processing Control are designed to provide assurances that processing has occurred
according to intended specification and that no transactions have been lost or
incorrectly inserted into processing systems.
3. Output Control are designed to check that input and processing resulted in valid
output and that output are distributed properly.
Internal control is human. An internal control process is a process of checking someone else's
work. The principle function of internal control is to influence the behavior of everyone
involved in a business system. The objectives of internal control must be seen as relevant to
the individuals who will comprise the control system. The system must be designed such that
each employee is convinced that controls are meant to prevent difficulties or crises in the
otherwise could affect him or her very personally.
Information systems have several purposes; one of the main goals is productivity. Reliability
of information and the safeguarding of assets are also important goals. These goals are at
times contradictory. Behavior caused by a conflict of interest is the abolition of internal
control tasks (such as document counting) with it’s aim to increasing productivity. The goals
of an internal control system are achieved through the actions of the people in the system.
The reliance on a formal plan of organization and related methods and measure to attain
these goals entails important assumptions concerning collusion, reporting of irregularities,
power relationships, and other behavior patterns within the organization. Organizational
independence and segregation of duties are consistent with good internal control only if the
probability of collusion between two or more duly segregated employees is low.
Internal control process analysis requires an understanding of the process at the time the
process is designed as well as when the process has been executed. The internal control
process routinely gathers information on the execution of tasks, transfer of authority,
approval, and verification. This internal control duties documentation should be evaluated to
determine the reliability of the system operation. Internal control processes routinely collect
information concerning fulfillment of duties, transfer of authority, approval, and verification.
This documentation of internal control duties must be examined to evaluate the reliability of
the system’s operation. There are several reasons why internal control duties may not be
administered. New employees or perhaps even experienced employees may not understand
their duties. More common is the omission of an internal control duty (such as counting
documents) in order to increase production.
Analytical Techniques
Internal control questionnaire is one of the commonly used analytical techniques for
analyzing internal controls. These questionnaires often become standard forms in public
accounting firms, internal audit departments, and other organizations that are routinely
involved with internal control reviews. Analytic flowcharts can also be used in internal
control analysis, especially if the analysis involves the application of a computer system.
Application control matrices are useful as analytical forms relevant to internal information
systems internal control reviews.
F. Internal Control and Compliance in Small Business and Small Public Companies
The small business has no independent IT or internal audit department, and in many cases
it is run by managers with no accounting education or financial expertise. Finally, there may
be little or no separation between the owners and managers, generating increased opportunity
for management override of internal control. The COSO report, “Internal Control over
Financial Reporting—Guidance for Smaller Public Companies,” suggests various ways small
public companies can compensate for their small size. The suggestions in this report apply to
private small businesses as well:
Leadership Involvement. Many small businesses are run by a single leader. This
individual is typically familiar with all aspects of the business. The result is that the
leader can actively oversee and be involved in all operations and the financial
reporting process.
Effective Boards of Directors. Smaller businesses are often relatively simple. This
means that the members of the Board of Directors can develop substantial expertise in
all areas of the business, effecting better oversight. Also, the informal nature of small
businesses often facilitates better communications between members of the board
and management.
Limited Segregation of Duties and Increased Focus on Monitoring. Large
companies can easily have separate departments for purchasing, inventory, billing,
general accounting, receiving, sales, and so on. Such is typically not possible in the
small business, where many functions often get collapsed into single individuals.
Managers can compensate for the relative lack of segregation of duties by placing
increased emphasis on monitoring. This can be accomplished by management’s
focusing more on observing employees, reviewing reports, investigating unusual
transactions, and so on.
Compensating for Limitations in Information Technology. Businesses without an
IT department or IT expertise can rely on outside application service providers (ASPs)
for the accounting, software, and IT needs. For example, a business might use the
Web-based Microsoft Dynamics for their accounting system.
Another challenge facing small business is how to develop their internal control processes
within limited budgets. Both small and large companies can gain cost efficiencies by using
the following approaches: