There may be need for manual controls to for instance, a check to reveal that all purchase orders have been appropriately authorized before a transaction is submitted for processing.
Processing controls.
These controls seek to ensure that transactions are processed by the right programs and against the correct master files. They also seek to ensure that data is not lost, duplicated or altered during processing and that errors are identified ad corrected. Some of the controls in input could help in meeting the above objectives of processing controls.
In addition to those, processing controls include:
Physical file identification procedures. This is in form of labels which are physically attached to files or diskettes to ensure right files are used during processing of transactions. Sequence tests over pre-numbered documents. This ensures that all transactions are being
processed. Comparing the contents in files before and after processing a transaction to ensure that the expected processing results have been achieved. Zero balance checks that add up debits and credits of the transactions posted to ensure that the result is zero as an indication that double entry has been completed. An audit trail should be created through use of input and output control logs and maintenance of transaction listing. This trail will facilitate an attempt to trace a transaction as a way of verifying that it has been correctly processed.
Output controls.
These are necessary to ensure that:
- Expected reports are received from input data processed.
- Results of processing are accurate.
- Output is distributed to appropriate users promptly.
Controls over output include:
- Matching and agreeing output information to the input data e.g. for input data related to journal processed to create an additional provision for bad and doubtful debts, one may want to compare or match the balance appearing in the ledger after the
transaction is processed as a way of verifying that output matches the input. - Noting distribution of all output information to verify that this information is accessible to and is distributed to the list of authorized users only.
- Error listing or exception reports should be generated on a daily basis and reviewed by an independent person to ensure that the transactions summarized in these reports are investigated and where appropriate resubmitted for processing.
Controls over master files and standby data.
Standing data refers to the data that is required during processing of the transactions but which does not vary or change with every transaction. E.g. customer details such as name and address do not change with every transaction although they are required in processing every transaction with the customer.
Controls over master files and standing data are aimed at ensuring completeness, accuracy and credibility of the information maintained. These controls include;
- Restrictive access to standing data and ensuring that only few individuals have the user rights within the system to make adjustments to the standing data.
- Before any changes are made to the standing data, appropriate authorization should be obtained. E.g. before any changes are made on selling prices in the master file, appropriate authorization should be obtained from the responsible officials.
- Once amendments have been made on standing data, a printout should be obtained from the system such that an independent person can verify that the correct amendments have been made.
- Where necessary, the organization should print out all the standing data and an independent check be carried out to verify that this data is accurate and complete.
- An exception report should be generated on a regular basis providing details of any unauthorized amendments made on standing data.