Can you guys(particularly who have done F8) please make me understand the two categories of computer based controls.

1 Application controls
2 General cntrols.

Mah

No replies yet :(

Dear Mahjabeen,

There are two types of controls in an IT environment.
==>Application Controls
==>General Controls

Application Controls:-

As it is apparent from its name that it relates to particular application for example the application of payroll at your firm or application of sales or full accounting system at your firm.

The purpose of Application Controls is to devise specific controls over accounting system so that it will be certain that all transactions are recorded correctly, promptly in an appropriate account(or Ledger) within the relevant accounting period.

If you have worked with any accounting system(like Quick Books or Peach Tree etc) you have seen some controls over there for example you can not enter a wrong code of account or you can't enter a transaction with only single effect or for example If the codes of non-current assets at your firm starts from 1001 and ends with 1999 then you can fix a limit of for example a minimum of $2,000(i.e. lower limit) now an operator at your firm can't process the entry which is a non-current asset having worth less then $2,000.

Application controls therefore include.

Controls Over Input:-

Transactions are authorised by correct authority before being processed for example a transaction of purchase of non-current assets should have a documentary evidence of board minutes, and incorrect transactions are rejected.

Controls Over Processing:-

Transactions are correctly processed and any uncertainty is identified by a computer system for example a total at the paper list of daily credit sales before processing should match with the after processing computarised list, similarly if an operator has entered the wrong code of account for example an operator has processed a transaction of $5 as non-current asset this uncertainty should be identified and reported on by accounting information syasem.

Controls Over Output:-

Results of Processing are accurate and access to output is restricted to authorised personnel.



General Controls:-

General IT Controls relate to the whole IT environment(you can say whole computarised Information system unlike Application controls which were restricted to only particular application), If you have already came across to a terminology of "Control Environment" then it is not difficult for you to ascertain these General Controls because they are same controls for example restrictions made to the place where all the computers of company are held and only authorised individuals are allowed to access this computer department for example through swap cards or PINs.

General controls work as umbrella over Application controls and you can say application controls as an integral part of General controls in come sense.

General controls include prior authorisation of documents, password protections, PINs, Bio Matrix system, retina checking, backing-up and archiving facilities, restricted access to master files, aithorised amendments to payroll system and so many controls related to whole IT Environment.

I hope this will help you.

Regards,

Muhammad Amir

Dear Amir,

Thanks alot for your detailed explanation.This really helped me.

Kind Regards
Mah