The Control file

When auditing computerized information systems, it will be found that much reliance is placed within the system upon standard forms and documentation in general, as well as upon strict adherence to procedures laid down. This is no surprise, of course, since the ultimate constraining factor in the system is the computers own capability and all users are competitors for its time. It is therefore important that an audit control file be built as part of working papers and the auditor must that he is on the distribution list for notifications of all new procedures, documents and system changes in general.

The following should be included in the control file;

• Copies of all the forms which source documents might take and details of the checks that have been carried out to ensure their accuracy.
• Details of physical controls over source documents as well as of the nature of any control totals of numbers, quantities or values including the names of persons keeping these controls.
• Full description of how the source documents are to be converted into input media and the checking of control procedures.
• A detailed account of the clerical, procedural and systems development controls contained in the system. E.g. separation of programs from operators and separation of controls over assets from records relating to the assets.
• The arrangements for retaining source documents and input media for suitable periods. This is of great importance as they may be required for reconstructing stored files in event of error or mishap. A detailed flow diagram of what takes place during
  each routine processing run.
• Details of all tapes and discs in use including their layout, labelling, storage and retention arrangements. Copies of all the forms which output documents might take and details of their sorting and checking.
• The auditor‘s comments on the effectiveness of the controls.