Following are certain internal control characteristics that distinguish CLS from manual system.
(1) Lack of audit trail in computer generated data.
Audit trail is a series of audit evidences provided through chain of documents and -cross-referencing connecting balances per trial balance with orrgina! transactions. If the chain of evidence relating to a particular account balance is broken somewhere it is said that audit trail is missing.
Examples of missing audit trail
a) The computer may generate totals and balances without printing the details.
b) In certain cases no assurance can be provided visually as regards completeness of the printed reports.
c) Employee punch time clock with magnetic identification card, and the system automatically records hours worked. The time cards (which are available in manual system) are not prepared.
d) In a manual system, in order to correct a journal entry, a rectifying entry is passed (sometimes error may be made in passing correcting entry and it can be followed through). In CIS environment it is possible to manipulate the files directly thus leaving no trace of initial entry and reasons for amending an entry. In small organization, even a duplicate set of books can be printed in a few hours. Where access is open to many users, weak controls over error correction may create havoc.
e) In a manual system, folio numbers facilitate tracing flow of entries. In a computer system folio numbers do not appear any where.
f) Purchase orders are automatically generated and sales orders accepted by the software.
( 2) Uniform processing of transactions.
The computer does not have the capability. of processing the data in a manner other than programmed Generally, therefore, more reliance can be placed on processing the data than in case of manual processing.
(3) Lack of segregation of functions
One of the techniques for achieving good internal control is that no one department should be responsible for handling all phases of transaction and where possible, following functions should be segregated.
a) Approval of transaction
c) Custody of related assets.
Such a division of responsibility provides a check on the accuracy of recorded amounts. For example, the general ledger inventory control account maintained by the accounting department will provide a check over the storekeeper. The storekeeper will be alert in checking the accuracy of the receiving department records, as he will be accountable for goods received form the receiving department.
Proper segregation of duties is easier in batch – type mainframe environment with a large number of employees, than in on line system. The ideal segregation of duties is not generally found in a computer system for the following reasons.
a) In case of on-line or real-time systems and in microcomputers the users departments directly enter the data.
b) Computer operators may have a direct access to cash through preparation and signing of cheques through computer.
c) Number of persons engaged in processing the data are considerablj lower than in manual processing.
d) Only a few data processing personnel have complete knowledg about the accounting system and internal controls.
e) Access of data is possible through the use of computer equipment remote locations.
As a result of above, the individuals who have access to computer be in a position to perform incompatible functions. Consequently, may make any alterations for their advantage.
( 4) Potential for error:s and irregularities
Development, maintenance and execution of IT is more exposed to errors and frauds due to the fact that computer programme which enable a to data and its processing are generally stored at the same place where the data is stored, possibility for unauthorized access to accounting records and manipulation of data is more likely in IT environment than is manual system. For example, in some instances employees credited their personal accounts against outstanding loans due form them. The error could not be detected on a timely basis.
Cases have also came to light where an employee who is debtor of the entity credited his own account by transferring collections received from another debtor. Likewise, a computer programme used to process accounts receivable may be designated to raise a sales invoice as soon as a delivery note is entered on computer. An employee made an unauthorized change in the programme and caused substantial deliveries to special customers without raising an invoice.
In a manual system, the clerk who has written books can be identified by his handwriting. Erasing figures are not permitted. In a computer system it may not be easy to detect who has made the entries, because manual books do not exist The information is only keyed to computer.
The amounts and entries can be easily altered.
Books of accounts in a manual system can be kept under lock and key. In a computer system if passwords are not used, or not frequently changed , the access to all books is easy.
In case of a software error, the resultant errors will continue unless corrected. If the auditor tests a sample of population, he will only insist on correcting the errors found and other errors may remain undetected. The same problem will be repeated from year to year.
Another potential for irregularity is the alteration of a master file. If the access to a master file is not restricted an employee can alter his salary on the master file.
The same amount of salary will be repeated every month on the payroll summary. Collusion with a customer may cause his credit limit to be increased on master file. The master file may also be changed for the discount rate allowed to a customer.
Collusion with customer may also result in crediting his account with the amount received from another customer. In manual system due to segregation of duties commitment of this type of fraud is more difficult.
Erasing a complete record or a file to damage the company is far easier in a computer system than in manual books.
( 5) lnililltion or execution of transactions
In IT environment the approval of transactions is not evidenced in the same way as in the manual procedure. For example a sale invoice on an on line system is processed from shipping information received on the terminal through the warehouse and on the basis of approved price list.
( 6) Potential for the use of computer assisted audit techniques
The computers may be used as audit tools either through audit software or test data techniques. As a result audit procedures may be performed more effectively and efficiently.
As in manual system, the auditor is required to carry out risk assessment in CIS environment. However the CIS environment may affect the procedures for assessment of inherent and control risk.
Two types of inherent and control risks in CIS environment are:
Deficiencies pervasive in CIS environment affecting multiple applications (general CIS controls)
Deficiencies related to specific areas (application controls)