Input controls include those controls that are employed at the data entry stage and are used to filter bad
            data or missing data — that is, the controls are used to validate and verify data, as much as possible, as it
            is input into the system.

            Process controls include those controls that are employed during the application processing of data to
            filter anomalies. These controls are used to ensure the validity and reliability of data being processed and
            stored. For example, when sales entries are made, and eventually the system posts the debits and credits
            to the general ledger, process controls make sure the data posted in the GL is the same data that was
            entered.

            Output controls include those controls that are employed to safeguard information, especially printed
            objects, at the output stage of the business process. For instance, when payroll checks are printed,
            output controls would ensure that the figures on the checks are accurate. The same thing would be true
            for customer invoices, statements, and financial reports.

            Often segregation of duties (SoD) is used to employ a person not associated with inputting or processing
            of data to take custody of printed materials and distribute them properly.

            As can be surmised, application controls may be involved in all three phases of this model. There could
            be application controls used to validate certain data, process controls to maintain data integrity, and
            output controls to safeguard sensitive data or documents. For instance, the application could forward
            printouts to a certain individual for distribution, using appropriate logical SoD.




            Business process management

                                                                           17
            Business process management (BPrM) is a profession of its own.  BPrM focuses on more than
            efficiency and effectiveness gains in revising business processes; it takes a holistic approach that strives
            for innovation, more flexibility, and integration with technology. A continuous improvement approach is
            also key to successful BPrM.

            Similar to total quality management (TQM), BPrM considers processes as potentially strategic tools that
            can be better managed and improved, then delivers value-added products and services to the entity’s
            clients. The difference between BPrM and TQM or BPI is the deliberate focus it has on leveraging
            technology to accomplish the goals and purposes of BPrM. That being said, BPrM also depends on
            human-driven processes, usually parallel to IT, where human judgment is performed in the steps of the
            business processes.

            BPrM tools allow management to do the following:

              Clarify vision. Strategize functions and processes.
              Define processes. Baseline the process or the process improvement.
              Test and model processes. Simulate the change to a process prior to implementation.
              Analyze alternative processes. Compare various simulations to determine an optimal solution.

            17
              See the website for the BPM Institute at www.bpminstitute.org.

            © 2019 Association of International Certified Professional Accountants. All rights reserved.    3-29