Sei sulla pagina 1di 36

Philippine Auditing

Practice Statements
(PAPS) 1002
Online Computer Systems
are computer systems that enable users to acce
ss data and programs directly through terminal

 mainframe computers,
 minicomputers; or
 a network of connected PCs
Online systems allow users to directly initiate v
arious functions such as:
• Entering transactions
• Making inquiries
• Requesting reports
• Updating master files
• Electronic commerce activities
Types of
Terminal Devices
General Purpose Terminals
Basic Keyboard and Screen
used for entering data without any validation within the terminal and for displaying data fro
m the computer system on the screen

Intelligent Terminal
used for the functions of the basic keyboard and screen with the additional functions
of validating data within the terminal, maintaining transaction logs and performing o
local processing
used for all of the functions of an intelligent terminal with additional local processing a
nd storage capabilities
Special Purpose Terminals
Point-of-Sale devices
used to record sales transactions as they occur and to transmit them to the main computer

Automated Teller Machines

used to initiate, validate, record, transmit and complete various banking transactions

Hand-held wireless devices

for entering data from remote locations

Voice Response Systems

used to allow user interaction with the computer over a telecommunications network base
on verbal instructions issued by the computer
Terminal Devices

Local Terminal D Remote Terminal D

evices evices

connected directly to the require the use of

computer through cables telecommunications to link
them to the computer
Users of Organization’s
Business Partners
Other Third Parties
External Parties
Computer Supplier Personnel
Types of Online
Computer Systems
Types of Online
Computer Systems
01 Online/Real-Time Processing

02 Online/Batch Processing

03 Online/Memo Update (and Subsequent Processing)

04 Online/Inquiry

05 Online Downloading/Uploading Processing

1. Online/Real-Time Processing
 individual transactions are entered at terminal devices, validate
d and used to update related computer files immediately

2. Online/Batch Processing
 individual transactions are entered at a terminal device, subjec
ted to certain validation checks and added to a transaction file
contains other transactions entered during the period
3. Online/Memo Update (and Subsequent Processing)
 shadow update
 combines online/real time processing and online/batch processi

4. Online/Inquiry
 restricts users at terminal devices to making inquiries of master-fi

5. Online Downloading/Uploading Processing

 refers to the transfer of data from a master-file to an intellige
nt terminal device for further processing by the user
Characteristics of Onlin
e Computer Systems
Characteristics of Online
Computer Systems
01 Online Data Entry and Validation

02 On-line access to the system by users

03 Possible lack of visible transaction trail

04 Potential access to the system by non-users

Online Data Entry and Validation

When data are entered on-line, they are usually subject t

o immediate validation checks. Data failing this validati
are not accepted and a message may be displayed on th
e terminal screen, providing the user with the ability to
correct the data and re-enter the valid data immediately.
Online access to the system by users

 Users may have on-line access to the system that enable

s them to perform various functions.
 Unlimited access to all of these functions in a particular
application is undesirable because it provides the user
with the potential ability to make unauthorized changes
to the data and programs.
Possible lack of visible transaction trail

An on-line computer system may be designed not to provid

e supporting documents for all transactions entered into th
system. Such a system must be able to provide details of th
e transactions on request or by transaction logs or other
Potential access to the system by non-users

 Programmers may have on-line access to the system that enabl

es them to develop new programs and modify existing programs
 Unrestricted access provides the programmer with the potential
to make unauthorized changes to programs and obtain
unauthorized access to other parts of the system and would
represent a serious control weakness.
• Access Controls
• Controls over User IDs and Passwords
Internal Control in an • Systems Development &Maintenance
On-Line Computer Control
System • Programming Controls
• Transaction Logs
• Use of Anti-Virus Program (Firewalls)
Access Controls

• Access control is a way of limiting access to

a system or to physical or virtual resources.
Programming Controls

Program control is how a program makes decisions

or organizes its activities. Program control typically
involves executing particular code based on the outc
ome of a prior operation or a user input
Transaction Logs

• records all transactions and the database

modifications made by each transaction.

• computer firewall is a software program

that prevents unauthorized access to or
from a private network.
• Pre-processing Authorization
CIS - Authorization to initiate a transaction.
• Edit, Reasonableness and Other
Controls Validation Tests
- Programmed routines that check the
input data and processing results for
completeness, accuracy and
• Cut-off Procedures
CIS - Procedures that ensure transactions are
Application processed
in the proper accounting

• File Controls
- Procedures that ensure the correct data
files are used for on-line processing.
• Master File Controls
- Changes to master-files are controlled
CIS by procedures similar to those used for
controlling other input transaction data.
Controls • Balancing
- The process of establishing control
totals over data being submitted for
processing through the on-line terminal
Effects of On-Line • extent to which the online system is
being used to process accounting
Computer application
Systems on the • type and significance of financial
Accounting and transactions being processed
Related Internal • nature of file and programs utilized
in the application
• Data entry is performed at or near the
Risk of fraud point where transactions originate
• If invalid transactions are corrected
or error may and re-entered immediately
be reduced • Data entry is performed by
individuals who understand the
nature of transactions involved
• If transactions are processed
• If workstations are located
throughout the entity
• Workstations may provide the
Risk of fraud opportunity for unauthorized uses
such as:
or error may  modification of previously
be increased entered transactions or
 modification of computer
 access to data and programs
from remote locations
• Processing is interrupted due to
faulty telecommunications, there
Risk of fraud may be a greater chance that
transactions or files may be lost and
or error may that the recovery may not be
be increased accurate and complete
• On-line access to data and programs
through telecommunications may
provide greater opportunity for
access to data and programs by
unauthorized persons
• No source documents for every
input transactions
Consequences of • May not be designed to provide
Characteristics of report
On-line Computer  e.g. edit report may be replaced
by edit message displayed on a
System on monitor
Internal Control • Results are highly summarized
 e.g. totals from individual on-line
data entry devices can be traced
to subsequent processing
• Authorization, completeness and
accuracy of on-line transactions
Effect of On-line • Integrity of records and processing
Computer • Changes in performance of audit
procedures (use of CAAT's) due to:
System on Audit  Need for auditors with technical
Procedures skills in on-line systems
 Effect of on-line computer
system on the timing of audit
Effect of On-line  Lack of visible transaction trails
Computer  Procedures carried out during the
audit planning stage
System on Audit  Audit procedures carried out
Procedures concurrently with on-line processing
 Procedures performed after
processing has taken place
End of Presentation
Darren Earl S. Gagui
Eugene Perez
Ella Apelo
Marie May Sese Magtibay