Page 112 - CITP Review
P. 112
Generally, application controls are developed to provide assurance over financial transaction functions:
initiation, authorization, recording, processing, and reporting. Exhibit 3-8 provides sample application
controls for each of these vital functions.
Application controls are of course the subject for tests of controls (ToC), when the external auditors have
sufficient reliance upon an application control. The external auditor would identify an application control
where that control objective is relevant to the further audit procedures and RMM, and then perform a ToC
to assess its operational effectiveness (for example, does the control perform consistently across time
as designed). The ToC would involve some technical knowledge and maybe even technology tools (for
example CAATs).
Exhibit 3-8 — Financial transaction functions — Sample application controls
Initiation Data transmission controls
Input edits
Validations
Security
Authorization Programmed transaction approvals
Restricted access to information/data files
Record Database updates
Automated feeds
Process Calculations and related tables
File checking
Automated restrictions to sensitive transactions
Report Automated posting to subsidiary ledgers or general ledgers
Automated reporting whether commercial application or
“user-defined”
Systems model
The systems model is a general model for any kind of system.
All systems basically operate, at a minimum, on the three following processes:
Input
Process
Output
For instance, the respiratory system of the human body takes in oxygen (input), exchanges it in the lungs
with carbon dioxide (process), and exhales the carbon dioxide (output). A computerized system would
add data storage to process as an interactive fourth element (data is processed, stored, retrieved, printed,
and so on).
© 2019 Association of International Certified Professional Accountants. All rights reserved. 3-28
