Philippine Auditing P

ractice Statements (PA

PS) 1002
ONLINE COMPUTER SYSTEMS
Online Computer Systems
are computer systems that enable
users to access data and programs
directly through terminal
devices

Ex.
 mainframe computers,
 minicomputers; or
 a network of connected PCs
Online systems allow users to directly initiate
various functions such as:
• Entering transactions
• Making inquiries
• Requesting reports
• Updating master files
• Electronic commerce activities
 Types of
Terminal Devices
General Purpose Terminals
Basic Keyboard
and Screen
used for entering data without any validation within the terminal
and for displaying data from the computer system on the screen

Intelligent
Terminal
used for the functions of the basic keyboard and screen with
the additional functions of validating data within the
terminal, maintaining transaction logs and performing other
local processing
PCs
used for all of the functions of an intelligent terminal with
additional local processing and storage capabilities
Special Purpose Terminals
Point-of-Sale
devices
used to record sales transactions as they occur and to transmit
them to the main computer
Automated Teller
Machines
used to initiate, validate, record, transmit and complete various
banking transactions
Hand-held
wireless devices
for entering data from remote locations

Voice Response
Systems
used to allow user interaction with the computer over a
telecommunications network based
on verbal instructions issued by the computer
Terminal Devices

Local Remote
Terminal Terminal
Devices Devices
connected directly to require the use of
the telecommunications
computer through to link
cables them to the
computer
 Your Picture Here

Users of Organization’s Your Picture Here

Applications
Employees
Business Partners
Customers
Other Third Parties
External Parties
Programmers
Computer Supplier Personnel
Types of Online
Computer Systems
 Types of Online
Computer Systems
01 Online/Real-Time Processing

02 Online/Batch Processing

03 Online/Memo Update (and Subsequent Processing)

04 Online/Inquiry

05 Online Downloading/Uploading
Processing
1. Online/Real-Time Processing
 individual transactions are entered at
terminal devices, validated and used to
update related computer files immediately

2. Online/Batch Processing
 individual transactions are entered at a
terminal device, subjected to certain
validation checks and added to a transaction
file that
contains other transactions entered during
3. Online/Memo Update (and Subsequent Processing)
 shadow update
 combines online/real time processing and
online/batch processing

4. Online/Inquiry
 restricts users at terminal devices to making
inquiries of master-files

5. Online Downloading/Uploading Processing

 refers to the transfer of data from a master-
file to an intelligent terminal device for
further processing by the user
Characteristics of Onli
ne Computer Systems
 Characteristics of Online
Computer Systems
01 Online Data Entry and Validation

02 On-line access to the system by users

03 Possible lack of visible transaction trail

04 Potential access to the system by non-users

Online Data Entry and Validation

When data are entered on-line, they are usually

subject to immediate validation checks. Data
failing this validation
are not accepted and a message may be
displayed on the terminal screen, providing the
user with the ability to
correct the data and re-enter the valid data
immediately.
Online access to the system by users

 Users may have on-line access to the system

that enables them to perform various functions.
 Unlimited access to all of these functions in a
particular application is undesirable because it
provides the user with the potential ability to
make unauthorized changes to the data and
programs.
Possible lack of visible transaction trail

An on-line computer system may be designed

not to provide supporting documents for all
transactions entered into the
system. Such a system must be able to
provide details of the transactions on request
or by transaction logs or other
means.
 Potential access to the system by non-users

 Programmers may have on-line access to the system

that enables them to develop new programs and
modify existing programs.
 Unrestricted access provides the programmer with the
potential
to make unauthorized changes to programs and obtain
unauthorized access to other parts of the system and
would
represent a serious control weakness.
INTERNAL CONTROL IN AN ONLINE
COMPUTER SYSTEM
 • Access Controls
• Controls over User IDs and
Passwords
Internal Control in an • Systems Development &Maintenanc
On-Line Computer Control
System
• Programming Controls
• Transaction Logs
• Use of Anti-Virus Program (Firewalls)
 Access Controls

• Access control is a way of limiting access to

a system or to physical or virtual resources.
 Programming Controls

Program control is how a program makes decisions

or organizes its activities. Program control typically
involves executing particular code based on the
outcome of a prior operation or a user input
 Transaction Logs

• records all transactions and the database

modifications made by each transaction.
 Firewalls

• computer firewall is a software program

that prevents unauthorized access to or
from a private network.
 • Pre-processing Authorization
CIS - Authorization to initiate a
transaction.
Application
Controls • Edit, Reasonableness and Other
Validation Tests
- Programmed routines that check
the input data and processing result
for completeness, accuracy and
reasonableness.
 • Cut-off Procedures
- Procedures that ensure
CIS transactions are processed in the
Application proper accounting period.
Controls
• File Controls
- Procedures that ensure the correct
data files are used for on-line
processing.
 • Master File Controls
- Changes to master-files are
CIS controlled by procedures similar to
those used for controlling other input
Application transaction data.
Controls • Balancing
- The process of establishing control
totals over data being submitted for
processing through the on-line
terminal devices
EFFECTS
 • extent to which the online
Effects of On-Line system is being used to process
Computer accounting application
Systems on the • type and significance of
financial transactions being
Accounting and processed
Related Internal • nature of file and programs
Control utilized in the application
 • Data entry is performed at or near
the point where transactions
Risk of fraud originate
• If invalid transactions are
or error may corrected and re-entered
be reduced immediately
• Data entry is performed by
individuals who understand the
nature of transactions involved
• If transactions are processed
immediately
 • If workstations are located
throughout the entity
• Workstations may provide the
Risk of fraud opportunity for unauthorized
uses such as:
or error may  modification of previously
be increased entered transactions or
balances
 modification of computer
programs
 access to data and programs
from remote locations
 • Processing is interrupted due to
faulty telecommunications, there
Risk of fraud may be a greater chance that
transactions or files may be lost
or error may and that the recovery may not
be accurate and complete
be increased • On-line access to data and
programs through
telecommunications may provide
greater opportunity for access to
data and programs by
unauthorized persons
 • No source documents for every
input transactions
Consequences of • May not be designed to provide
report
Characteristics of
 e.g. edit report may be
On-line Computer replaced by edit message
System on displayed on a monitor
Internal Control • Results are highly summarized
 e.g. totals from individual on-
line data entry devices can be
traced to subsequent
processing
 • Authorization, completeness and
accuracy of on-line transactions
• Integrity of records and
Effect of On-line processing
• Changes in performance of audit
Computer procedures (use of CAAT's) due
System on Audit to:
 Need for auditors with
Procedures technical skills in on-line
systems
 Effect of on-line computer
system on the timing of audit
  Lack of visible transaction trails
Effect of On-line
 Procedures carried out during the
Computer audit planning stage
System on Audit  Audit procedures carried out
concurrently with on-line
Procedures processing
 Procedures performed after
processing has taken place
End of Presentation
Darren Earl S. Gagui
Eugene Perez
Ella Apelo
Marie May Sese Magtibay