Internal Controls Of An Accounting Information System

Discussion of Internal Controls that are placed in an Accounting information System

In accounting systems, certain controls are needed to ensure that employees are doing their jobs properly and ensure that the system runs properly. These checks are in the best interest of the organization. These controls come in the form of internal and external controls for the system. The internal controls are the checks that are placed in the system my the company's own management and directors. Today more and more companies are moving from the manual accounting systems to computerized accounting information systems. The advantages of a computerized system are increases in the speed and accuracy of processing accounting information.

However, as systems become computerized, the internal controls for that system has to be adapted accordingly. This is because computerized systems bring with them certain unique problems that can only be removed or minimized by adapting the present controls and adding new controls. These problems are

* In a manual system there is a paper trail for the internal auditor to follow. All records and transactions are kept on paper and so an auditor has clear and documented proof of what has transpired. Computerized systems rarely have a clear paper trail to follow. Since computers do all of the sorting of the information the company rarely sorts the source documents. Also the computer does most of the calculations and processing so there would not be the amount of documentation that there would be in a manual system.

* Another problem of computer systems is the fact that there can be difficulty in determining who entered the data. In a manual system the identity of the person entering the data can be identified possibly by the person's handwriting. This cannot be done in a computerized system. This makes it very difficult to determine who is responsible for errors or fraud.

* Since the computers do all calculations and processing errors can occur due to bad design of the program. This can be difficult to detect especially if the error does not occur frequently and only does so under particular conditions.

* Computer systems also offer new opportunities for fraud. If a computerized system is not set up properly and certain checks not put in then the computer system can be used to defraud the company. The fact that it is difficult to trace who enters the data only adds to the magnitude of this.

In order to minimize the risks of errors or fraud occurring in the computer system certain controls have to be put into place. These controls can be broken up into three different categories. They are

1. Administrative Controls

2. Systems Development Controls

3. Procedural Controls

Administrative Controls

Administrative controls are those controls are those controls that are placed on the system to ensure the proper organization and processing of data. These administrative controls are

Division of duties.

Duties are assigned to different individuals in the organization. This is done in such a way that no one person can have full control over a transaction. This ensures that an individual cannot have full control over the creation and operating of the system. One reason for this division is having one person controlling the system can result in fraud if that person is not completely trustworthy. Another reason for the division of duties is to prevent the organization from becoming totally dependent on the person controlling the computer system. If this person were to leave then the organization would have no one to run the system. The division of duties ensures that employees can leave without having any major effect on the system.

Operation Controls

Operation controls are necessary controls since they since they determine what the computer systems and the employees using the system have been doing. These controls can come in the form of

* rotation of shifts

* duty logs

* a manual of operating instructions

* attendance controls

* computer logs

These controls can allow an auditor to track the exact actions of the computer systems and employees. This documentation allows the to easily spot any errors or improper actions that have occurred.

Files Controls

These controls are put in place to minimize the number of errors and omission that occur in the file system. Good file controls are

* Availability of a skilled technician

* Proper procedures for issuing and returning files

* proper labeling and indexing of files

* protection of storage media from dust, humidity, fire etc.

* Procedures for returning files for certain minimum periods

* Facilities for recovering files that have been damaged or corrupted.

* Facilities for creating backup copies of files.

The placement of these controls have very serious implications. These controls that information that is vital to the organization is safe. The data in these files must be protected from errors or tampering whether intentional or accidental.

Hardware Security

The computer hardware is not only important to the processing of the information but is also a valuable fixed asset for the company. Therefore controls for the protection of the hardware must be put into place. Computer hardware must be placed in a secure area where the access to it is limited only to those who need to use it. Certain levels of security must me maintained e.g. only the systems administrator can have access to the CPU and storage systems. The computer system must also be placed in a control environment to protect it from environmental hazards e.g. dust and humidity. Arrangements should be made to protect the computer against fires and power fluctuations. There should also be some controls in place to recover the system

...