Chapter 1 Problem # 1
a. The purpose of transaction authorization is to ensure that all material transactions processed by the information system are valid and in accordance with management’s objectives. No transaction shall occur unless it is authorized. Authorizations may be general or specific. General authority is granted to operations personnel to perform day-to-day activities. It rules specified in advance. Specific Authorizations deal with case by case decisions associated with nonroutine transactions. However, in IT environment authorization may be imbedded in the coded program logic in a module and take place without visibility. Unauthorized transactions may not be noticed until well after the fact. b. In segregation of duties, authorization must be separated from transaction processing. Some certain duties that are deemed incompatible in a manual system may be combined in an IT environment. Due to automation, incompatible “duties” may all reside in a single computer program or application. Computer has no motivation to circumvent controls and does not make mistakes due to human weaknesses. Humans do the circumventing and make the mistakes. In IT environment, must “separate” humans that create programs which do authorizing from humans that run the programs that do processing. c. In accounting records, the source documents, journals, and ledgers that capture the economic essence of transactions and provide audit trail of economic events. Organizations must maintain audit trails for two reasons. First, this information is needed for conducting day to day operations. Second, the audit trail plays an essential role in the financial audit of the firm. Allow auditors to trace transactions from original sources to financial statements. In IT environment, no physical source documents – data in digital form. Audit trail consists of pointers, hashing, indexes, embedded keys, etc. in database tables. Logs recording processing are essential. d....
Please join StudyMode to read the full document