Home / Summaries / AIS [Hall] / output-application-control

IT controls : Systems development, program changes, and application controls

22 important questions on IT controls : Systems development, program changes, and application controls

Which points distinguish an effective systems development process?

-  Systems authorization activities: all systems should be properly authorized, which requires a formal environment.
-  User specification activities: the users need to be actively involved in the systems development process.
-  Technical design activities: the technical design activities translate user specifications into a set of detailed technical specifications for a system that meets the user’s needs.
-  Internal audit participation: the internal auditor can serve as a liaison between users and the systems professionals to ensure an effective transfer of knowledge.

What are the four controls all maintenance actions should require?

1. formal authorizations,
2. technical specifications,
3. testing and
4. documentation updates.

What is a source program library (SPL)?

Even with formal maintenance procedures in place, individuals who gain unauthorized access to programs threaten application integrity. In larger computer systems, application program modules are stored in source code form on magnetic disks called the source program library (SPL). Protecting the source code on the SPL is central to protecting the production application.
  • Higher grades + faster learning
  • Never study anything twice
  • 100% sure, 100% understanding
Discover Study Smart
Testimonial person
Sophia
Law student
Quotes

For my 1st exam I got a C. Then, I started looking for ways to learn better and I came across Study Smart. Since then I have scored a A+, A, A- and another A. I highly recommend it to everyone who wants to hear it. I am so happy with it!!

Testimonial person
John
Economics Student
Quotes

I was struggling to finish all my first-year subjects for 3 years. Then I discovered Study Smart, which helped me to finish all of them within 3 months.

Testimonial person
Sara
Public Administration Student
Quotes

Because of StudySmart, things are going well in many ways. Before, I always had study stress and no time for anything. Now I feel calm and confident (because of the program). I used to score a B, now I usually score an A or A+.

Testimonial person
Mary
Business Student
Quotes

Hey Chris, I really want to thank you very much for developing the platform, I usually got around C for my exams, now I scored an A+, an A and a A- !!

Testimonial person
Melanie
Psychology Student
Quotes

Since using Study Smart, my average has increased significantly. I even completed a statistics course with a A+ while I'm bad at statistics. I took on extra courses this year, because of Study Smart. Thanks so much!

Testimonial person
Jane
Nursing Studies
Quotes

Ever since I started studying with StudySmart I passed all my exams !!! No more re-sits!! At first, I was happy with a pass and now I only get good grades. Many thanks!

Testimonial person
Rose
Political Science Student
Quotes

I aced all the courses I studied with Study Smart. For law, I first scored a D, and now an A! I’m 100% sure that I’ll pass all the courses I study with Study Smart.

Testimonial person
Tina
Medicine Student
Quotes

I always thought I studied well. My grades were fine. I could never have imagined that applying these study skills would have such a huge and direct impact on my grades, my speed and the pleasure I have in learning.

Testimonial person
Julie
Marketing Student
Quotes

For the first time, I finally feel totally confident about the way I learn. I have the perfect overview and make great progress in terms of speed and the grades I get. Thanks, Chris!

Testimonial person
Matt
Industrial Engineering Student
Quotes

I immediately started to enjoy learning again, and my grades soared. All of a sudden, everything went better. I highly recommend Study Smart to all students..

Testimonial person
Emma
Law Student
Quotes

Being able to create my materials online made the process of studying so much smoother and quicker. I no longer have to spend a huge amount of my time on creating my summaries.

Testimonial person
Michael
Psychology Student
Quotes

At first, my notes were a mess. Now I use Study Smart to take my notes in a perfectly structured way. It helps me to save a lot of time and do other things I enjoy.

Testimonial person
Emily
Teacher
Quotes

Students that study with Study Smart get better grades. The system applies all the learning methods in such a way that both well-performing students and students who struggle perform much better.

Testimonial person
Richard
Literature Student
Quotes

Hi Chris, I would like to thank you very much. Last year I scored C on a course, and this year I got an A+ thanks to your method! Thank you very much!

Testimonial person
Madison
Parent
Quotes

The largest effect is that my child is more enthusiastic about school! Every parent wants their children to be happy at school, Study Smart made it happen.

Testimonial person
Robert
Accountant Student
Quotes

In high school, I failed several exams, and that has really changed now. I actually needed this tool very much back then. Since I started studying with StudySmart, I haven't had any D's. My average score is now an A and those are results I would have never had in the past

Testimonial person
James
Business and Science Student
Quotes

With my old method, I passed only 3 out of 8 courses. Since I started taking my notes digitally in Study Smart, I have passed all my courses on the first try. For me, StudySmart takes away the stress of wondering if I will pass or not.

Testimonial person
Christopher
Veterinarian Student
Quotes

Thanks to StudySmart, I passed all my exams, and with better grades than before! On top of that, I have mastered a very good study method now, which I am confident will help me earn my degree.

Which four critical functions does the SPLMS control?

(1) storing programs on the SPL,
(2) retrieving programs for maintenance purposes,
(3) deleting obsolete programs from the library and
(4) documenting program changes to provide an audit trail of the changes.

Which planning and control techniques does an SPL require?

-  Password control: access through passwords
-  Separation of test libraries: a strict separation is maintained between the production programs that are subject to maintenance in the SPL and those being developed
-  Audit trail and management reports: an important feature of SPLMS is the creation of reports that enhance management control and support the audit function.

What are batch controls?

Batch controls are used to manage the flow on high volumes of transactions through batch processing systems. The objective of batch control is to reconcile system output with the input originally entered into the system. The control record contains relevant information about the batch, such as:
-  a unique batch number
-  a batch date
-  a transaction code
-  record count
-  batch control total
-  hash total.

What is a run-to-run control?

Run-to-run control is the use of batch figures to monitor the batch as it moves from one programmed procedure to another. This application comprises four runs: (1) data input, (2) accounts receivable update, (3) inventory update and (4) output.

What are output controls?

Output controls are a combination of programmed routines and other procedures to ensure that system output is not lost, misdirected, or corrupted and that privacy is not violated. This can cause serious disruptions in operations and may result in financial losses to a firm.

What is output spooling and how can it be abused?

Applications are often designed to direct their output to a magnetic disk file rather than print it directly. This is called spooling. Later when the printer resources become available, the output files are printed. It creates an output file as an intermediate step in the printing process. A computer criminal can use this opportunity to:
-  Access the output file and change critical data values;
-  Access the file and change the number of copies of output to be printed;
-  Make a copy of the output file to produce illegal output reports;
-  Destroy the output file before output printing takes place.

What are print programs?

Printing programs are often complex systems that require operator intervention. Four common types of operator actions:
Pausing the print program to load the correct type of output documents;
Entering parameters that the print run needs (number of copies to be printed);
Restarting the print run at a prescribed checkpoint after a printer malfunction;
Removing printed output from the printer for review and distribution.
Print programs should deal with two types of exposure:
1) the production of unauthorized copies of output and
2) employee browsing of sensitive data.

How can waste be abused?

Computer output waste is a potential source of exposure. Aborted reports and the carbon copies from multipart paper need to be disposed of properly. Computer criminals search through trash for information that is presumed to be of no value.

What are the risks with report distribution?

The primary risk of associated with the distribution of sensitive reports include their being lost, stolen, or misdirected in transit to the user. Control techniques:
-  a secure mailbox of which only the user has the key;
-  user must (in person) sign for receipt of the report;
-  making use of a security officer or special courier.

What are end-user controls?

Output reports should be examined for correctness. Errors may be symptoms of for example an improper system design.

How can digital output be controlled?

Digital output can be directed to the user’s computer screen or printer. The primary output threat is the interception, disruption, destruction or corruption of the output message as it passes across the communications network. This threat comes from two types of disposures: 1) exposures from equipment failure and 2) exposures from subversive acts.

What is black box testing?

Auditors performing black box testing do not rely on a detailed knowledge of the application’s internal logic. Instead they analyze flowcharts and interview knowledgeable personnel in the clients organization to understand the functional characteristics of the application. 

What is white box testing?

The white box approach relies on an in-depth understanding of the internal logic of the application being tested. The most common types of tests of controls include:
-  Authenticity tests;
-  Accuracy tests;
-  Completeness tests;
-  Redundancy tests:
-  Access tests;
-  Audit trial tests;
-  Rounding error tests

What is the test data method?

used to establish application integrity by processing specially sets of input data through production applications that are under review. The results of each test are compared to predetermined expectations to obtain an objective assessment of application logic and control effectiveness.

What is a base case system evaluation (BCSE)?

Is a variant of the test data approach. BCSE tests are conducted with a set of test transactions containing all possible transaction types. These are processed through repeated iterations during systems development testing until consistent and valid results are obtained. These results are the base case. When subsequent changes to the application occur during maintenance, their effect are evaluated by comparing current results with base case results.

What is an integrated test facility (ITF)?

Is an automated technique that enables the auditor to test an application’s logic and controls during its normal operations.

What are substantive testing techniques?

Substantive tests are so named because they are used to substantiate dollar amounts in account balances. Substantive tests include but are not limited to the following:
Determining the correct value of inventory;
Determining the accuracy of prepayments and accruals;
Confirming accounts receivable with customers;
Searching for unrecorded liabilities.

What is the embedded audit module?

The embedded audit module (EAM) techniques use one or more programmed modules embedded in a host application to select, for subsequent analysis, transactions that meet predetermined conditions. 

What is the generalized audit software?

GAS is the most widely used CAATT for IS auditing. GAS allows auditors to assess electronically coded data files and perform various operations on their contents. 

The question on the page originate from the summary of the following study material:

AIS [Hall]

View summary
  • A unique study and practice tool
  • Never study anything twice again
  • Get the grades you hope for
  • 100% sure, 100% understanding
Remember faster, study better. Scientifically proven.
Trustpilot Logo

Summaries related to The information system: an accountant's perspective