Chapter 20

The Computer
Environment
Data processing is simply the collecting, processing, and distributing
of information t achieve a desired result.

Data processing system constitutes the equipment and procedures

through which the result is achieved.

When a machine performs most of the procedures, the system is

described an electronic data processing system.

When a machine performs most of the procedures, the system is

known as an automatic data processing system.

More especially, when the machine is an electronic digital computer,

the system is described as an electronic data processing (EDP)
system or computer system.
 Components of a Computer
1. Computer Hardware
-the physical components of the system. The principal hardware component is the
Central Processing Unit (CPU). The CPU consists of the ff:
Main storage unit Arithmetic and logic unit Control unit
-used to temporarily -accomplishes the arithmetic -regulates the activities of the other
store programs and tasks (addition, subtraction, units and devices by retrieving
multiplication, and division), machine language instructions from
data for processing.
comparisons, and other types the main storage units and then
of data transformations. interpreting the instructions.

Input device - permits the computer to receive Output device - returns the information from
both data and instructions for processing. the computer to the user.

2. Computer Software
-the computer programs. Software is a series of routines that provide instructions for
operating the computer. The two broad categories of computer software are:

Application programs Systems software

-sometimes referred to as user of problem -operate the computer system and perform
programs are designed to accomplish routine tasks for users. Important elements of
specific objectives for users, such as systems software are:
processing payroll or pricing the inventory. 1. Operating system
2. Utilities
 COMPUTER INSTALLATIONS
Computer installations are the facilities where the computer hardware and
personnel are located. Computer installations are generally organized into one of
the following categories:

1. In-house or captive computer.

The organization owns or leases the equipment and hires the necessary trained personnel to
program, operate, and control the various applications processed with the equipment.

2. Service bureau computer

The computer is used by an independent agency which rents computer time and provides
programming, key punching, and other services.

3. Time-sharing
Under this system, the organization acquires a keyboard device capable of transmitting and
receiving data and, by agreement, the right to use a central computer facility.

4. Facilities management
This is the latest type of computer service arrangement to be developed. It falls somewhere between
the captive computer and the service bureau computer categories.
UNIQUE CHARACTERISTICS OF SPECIFIC EDP SYSTEMS
1. Batch Processing
It is a common EDP system. If the question does not specify the EDP system, then it may be assumed
that batch processing is used.

2. Direct Random Access Processing

Instead of processing transactions in batches, the data is processed as the transactions occur and are
entered into the system.

3. Data Base Processing

It is the most difficult EDP system to understand. A data base is a set of interconnected files that users
can access to obtain specific information. A data base eliminates the need for separate, and often
repetitive, application-specific files.

4. Small Computer Environment

With the proliferation of micro- and minicomputers, controls over these environments (often termed “end-
user computing”) tend to be “forgotten” or considered unnecessary.

5. Service Bureau/Center
Service bureaus are independent computer centers from which companies rent computer time. These
bureaus allow companies (users) to do away with most of their data processing departments and /or
computer hardware.

6. Distributed Systems
These represent a network of remote computer sites each having a small computer connected to the
main computer system.
 BATCH PROCESSING
Three key points in a batch processing:
a. Transactions flow through the system in batches (groups of
like transactions). In any particular batch, transactions may
add, change, or delete information in the master file.

b. If CRTs are used in batch processing, it may appear to the

user that changes are occurring immediately to the master
file. Often a temporary batch file is set up and the
transactions are processed later in the day (on-line system
but not real-time)

c. Batch processing normally leaves a relatively easy to follow

audit trail.
 DIRECT RANDOM ACCESS
PROCCESSING
a. Transaction data is entered through on-line terminals and stored on direct
access, disk storage.
b. Edit routines immediately check the data for errors. Messages on the
display prompt the user to correct and re-enter the data.
c. Master files and programs are stored on-line so that updating can take
place as the edited data flows to the application.
d. Output comes in the form of CRT displays and hardcopy reports produced
periodically.
e. Direct access processing is often referred to as on-line real-time (OLRT)
because the response by the system to data input can arrive back to the
user in time to affect the user’s decision process and files are updated
immediately (i.e., an airline reservation system).
f. System security must be in place to restrict access to programs and data to
authorized persons only.
 DATA BASE PROCESSING
The emphasis on controls shifts from batch-type controls to OLRT-type
controls, which include the following:
a. User-department – controls in this EDP system must start at the user
department, with strict controls over who is authorized to read and/or
change the data base.
b. Access controls – in addition to the usual controls over terminals and
access of the system, data base processing also maintains controls within
the data base itself.
c. Backup and recovery – because the data base is being updated on
continuous basis during the day, a magnetic tape backup of the data base
should be made at the end of each day.
d. Database administrator – a database administrator is responsible for
maintaining the database and restricting access to the database to
authorized personnel.
e. Audit software – audit software usually tests a backup copy of a database
that has been stored on magnetic tape.
 SMALL COMPUTER ENVIRONMENT
The emphasis in this environment should center around the following points:

a. Security – In a small computer environment, security over the hardware is

not as critical as security over the software and data. Most companies can
easily replace the hardware, but may suffer a severe setback if the software
and/or data are lost.

b. Verification of processing – Periodically, an independent verification of

the applications being processed on the small computer system should be
made to prevent the system from being used for personal projects.

c. Personnel – Centralized authorization to purchase hardware and software

should be required to ensure that “fly-by-night” equipment and “garage-
developed” software are not purchased and that corporate-wide discounts
can be obtained.
 SERVICE BUREAU / CENTER
Certain controls should be maintained at both the user and the service bureau
locations.
a. Contract – In the service bureau contract, ownership for data files and records
by the user should be explicitly stated.
b. Processing verification – Either batch controls or on-line controls (depending
upon the particular system being rented) should be maintained at the user’s
location. This includes data transmitted, information received, and data base
information.
c. Backup and recovery – Backup files should be under the control of the user, not
the service bureau. Likewise, documented recovery procedures should be
maintained at the user’s location in the event the service bureau abruptly closes
or is unable to process data.
d. Timesharing systems – If the service bureau has on-line access, many users
may access and use the computer simultaneously. Data protection controls
include the following features:
1) Boundary protection – reserves a set of addresses for use by a particular job.
2) Passwords on header labels – access is not allowed without the correct password.
3) Physical security of library storage safeguards the files.
4) Access control – unique identification and confidential passwords.
 DISTRIBUTED SYSTEMS
Controls in this system include:
a. Audit unit – Each remote location should be well controlled
and audited as a separate unit to verify the integrity of the
data processed.

b. Segregation – Compensating controls over each location

should exist as users may have both authorization and
recording functions.

c. Uniform standards – A set of uniform standards should be

established. The auditor should review the document and
perform compliance tests on it.
Impact of Computers on Accounting Systems

1. Documents are not maintained in readable form.

2. Processing of transactions is more consistent.

3. Duties are consolidated.

4. Reports can be generated easily.

 MAJOR TYPES OF COMPUTER FRAUD
Salami Technique
Computer programs are modified to inappropriately round off calculations to the benefit of the fraud
perpetrator. The amounts available from rounding are then placed in an account controlled by the
perpetrator. In some of the most famous cases, the payment of centavos of interest detoured form bank
accounts amounted to thefts of millions of pesos.

Trojan Horse
It is an unauthorized program placed within an authorized one. Trojan horses typically are designed to
wait until a specific time, when they act and then erase all evidence of their existence. For example, a
Trojan horse can be used to destroy important data and then destroy itself. Fired employees have used
Trojan horses to destroy their employees’ data.

Virus Programs
These are programs with unauthorized information or instructions. They can spread by the electronic
transfer of information between systems or the physical exchange of media, such as disks carried from
one system to another.

Trapdoors
These are unauthorized entry points into programs or databases. Through a trapdoor individuals can
change data or instructions without approval. For example, a programmer who has an unauthorized entry
point into the cash collections program is able to write-off accounts without proper approval.