IT Controls – General and Application Controls

Types of Controls and Scope

General controls – The organization’s entire processing environment
Application controls – Particular to each of the organization’s applications

Three Categories of Application Controls are: 

Input controls
Processing controls
Output controls

Three types of controls classified by function are:

Preventive controls
Detective controls
Corrective controls

Input controls provide reasonable assurance that data submitted for processing are
Authorized
Complete
Accurate

Examples of Input Controls are:
Preformatting Entry in an online tax return
Edit (field) checks – Rejecting the input of letters for SSNs
Limit (reasonableness) checks –  Rejecting working hours of over 100 per week
Check digits – Using algorithms to verify ID numbers
Record count – Matching the number of time clock cards with the number of payroll records processed
Financial total – Matching the sum of individual salaries with total salaries
Hash total – Matching the sum of individual SSNs with a predetermined total

Processing controls provide reasonable assurance about:
Processing controls provide reasonable assurance that
All data submitted for processing are processed
Only approved data are processed

Examples of processing controls.
Control Description /Example
Validation Rejecting transactions by vendors whose vendor numbers are not in the vendor master file
Completeness check –  Rejecting records with missing data
Arithmetic controls – Zero-balance checking

Output controls provide assurance that processing was complete and accurate.

Control Description/Example
Audit trail Checking for the completeness of each process
Error listing Reporting all transactions rejected by the system

If you have found this blog to be useful, you may share with your friends. Thanks!

Posted in Business & Finance and tagged .