April
1999 QUESTION 2 Total Marks: 20 Marks |
Click here to access other
questions
GRADE A
|
| (a) | Explain the difference between the two classes of EDP controls, general controls and application controls. | [2] |
| General controls deal
with how the employees are to carry out their duties, the policies and procedures that
must be followed. Application controls are embedded into the software to prevent unauthorised access, data manipulation, and any harm to the system. It is planned during the design stage and implemented during coding.
|
||
| (b) | Describe and give an example of each of the following three kinds of application control for verifying that a batch of transactions has been correctly processed: control totals, hash totals, record counts. | [6] |
| Control totals is a
numeric field that is summed to ensure the accuracy of processing. The 'grand total $' is
such a field. Hash totals are similar to control totals but the numeric field is normally not manipulated. For example, the 'candidate index no.' can be used as a hash total. Record counts identify records that have been processed and sums up each individual record to ensure that a batch of transactions has been accurately and completely processed. A record count example is a preprinted 'receipt number'.
|
||
| (c) | Give two objectives of a computer audit. | [2] |
Two objectives:
|
||
| (d) | Explain the distinction between auditing around the computer and auditing through the computer. | [2] |
| Auditing around the
computer treats the computer system logic as a black box, whereas auditing through the
computer tests the logic of the system.
|
||
| (e) | For each of the following scenarios, identify whether auditing through the computer is called for, or whether (in the absence of any other complications) auditing around the computer is sufficient. State your reasons. | [6] |
| (i) At the end of every week, a company updates their customer mailing list. New customers are added to the list, customers are removed on request, and notifications of change of address are processed. | ||
| (ii) An airline allows tickets to be purchased over the Internet with a credit card. All processing is electronic, from communicating with the bank to printing the tickets and a mailing label. | ||
| (iii) A large supermarket chain keeps track of which products customers buy together. For any pair of products x and y, if more than 50% of the customers who buy x also buy y, then the supermarket tries to place products x and y together on the shelves. | ||
| (i) Auditing around
the computer would be appropriate as the system & logic is simple, and the system is
batched. (ii) Auditing through the computer. This is to give auditors a greater sense of confidence in logic of the system is complex, without a clear audit trail. Furthermore, because of its Internet capability, the system is run in real time. (iii) Auditing through the computer. The processing logic is complex, the system is real time (it 'tracks' the purchases of customers) and there is not a clear audit trail (all electronic).
|
||
| (f) | Give one advantage and one disadvantage of auditing through the computer, as compared with auditing around the computer. | [2] |
| Advantage Auditing through the computer tests all possible logic pathways of a system, giving the auditors more confidence in the system. Disadvantage |