Читать книгу Wiley Practitioner's Guide to GAAS 2020 - Joanne M. Flood - Страница 272

Again, the types of procedures you perform for the period between June 30 and December 31 will depend on the risk related to the control. Application controls are the structure, policies, and procedures that apply to separate, individual business process application systems. They include both the automated control procedures (i.e., those routines contained within the computer program) and the policies and procedures associated with user activities, such as the manual follow-up required to investigate potential errors identified during processing.

As with all other control procedures, information technology (IT) application controls should be designed to achieve specified control objectives, which in turn are driven by the risks to achieving certain business objectives. In general, the objectives of a computer application are to ensure that:

 Data remain complete, accurate, and valid during their input, update, and storage.

 Output files and reports are distributed and made available only to authorized users.

Specific application-level controls should address the risks to achieving these objectives.

The way in which IT control objectives are met will depend on the types of technologies used by the entity. For example, the specific control procedures used to control access to an online, real-time database will be different from those procedures related to access of a “flat file” stored on a disk.

An IT controls specialist most likely will be needed to understand the risks involved in various technologies and the related activity-level controls.