Public Section Preview
Security, Controls & Audit in Computerized Accounting
6.1 Internal Controls
Common internal controls in computerized accounting include:
- Password and user access control: Role-based access ensures that data entry staff cannot approve payments and managers cannot alter restricted records without authorization.
- Audit trail: Every entry records who entered it, when it was entered, and what was changed, creating a traceable log.
- Data backup and recovery: Automated daily or weekly backups, including off-site or cloud copies, reduce the risk of data loss.
- Encryption and firewall protection: SSL/TLS protects data in transit, while firewalls block unauthorized network access.
- Antivirus and malware protection: Security tools reduce the risk of ransomware and other malicious attacks on accounting data.
6.2 Computer-Assisted Audit Techniques (CAATs)
Auditors use CAATs when auditing computerized accounting systems:
| CAAT Technique | Description |
|---|---|
| Audit Software (ACL, IDEA) | Extract, analyse, and test large data sets — identify duplicates, unusual patterns |
| Test Data Method | Auditor inputs dummy transactions to verify the system processes them correctly |
| Parallel Simulation | Auditor re-processes actual transactions using own program — compare with entity's output |
| Integrated Test Facility (ITF) | Dummy entity created within live system — test transactions mixed with real data |
| Embedded Audit Modules | Audit routines built into accounting software to flag suspicious transactions in real-time |