OTHER AUDIT CONSIDERATIONS (STUDY OBJECTIVE 11)
DIFFERENT IT ENVIRONMENTS
Most companies use microcomputers or personal computers (PCs) in their accounting processes. General controls covering PCs are often less advanced than those covering the mainframe and client–server systems. As a result, PCs may face a greater risk of loss due to unauthorized access, lack of segregation of duties, lack of backup control, and computer viruses. Following are some audit techniques used to test controls specifically in the use of PCs:
- Make sure that PCs and removable hard drives are locked in place to ensure physical security. In addition, programs and data files should be password protected to prevent online misuse by unauthorized persons.
- Make sure that computer programmers do not have access to systems operations, so that there is no opportunity to alter source code and the related operational data. Software programs loaded on PCs should not permit the users to make program changes. Also ascertain that computer-generated reports are regularly reviewed by management.
- Compare dates and data included on backup files with live operating programs in order to determine the frequency of backup procedures.
- Verify the use of antivirus software and the frequency of virus scans.
In addition to, or as an alternative to using PCs, companies may use IT environments that involve networks, database management systems, e-commerce systems, cloud computing, and/or other forms of IT outsourcing. Many of the ...
Get Accounting Information Systems: The Processes and Controls, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
