Types of Controls and Scope
General controls – The organization’s entire processing environment
Application controls – Particular to each of the organization’s applications
Three Categories of Application Controls are:
Input controls
Processing controls
Output controls
Three types of controls classified by function are:
Preventive controls
Detective controls
Corrective controls
Input controls provide reasonable assurance that data submitted for processing are
Authorized
Complete
Accurate
Examples of Input Controls are:
Preformatting Entry in an online tax return
Edit (field) checks – Rejecting the input of letters for SSNs
Limit (reasonableness) checks – Rejecting working hours of over 100 per week
Check digits – Using algorithms to verify ID numbers
Record count – Matching the number of time clock cards with the number of payroll records processed
Financial total – Matching the sum of individual salaries with total salaries
Hash total – Matching the sum of individual SSNs with a predetermined total
Processing controls provide reasonable assurance about:
Processing controls provide reasonable assurance that
All data submitted for processing are processed
Only approved data are processed
Examples of processing controls.
Control Description /Example
Validation Rejecting transactions by vendors whose vendor numbers are not in the vendor master file
Completeness check – Rejecting records with missing data
Arithmetic controls – Zero-balance checking
Output controls provide assurance that processing was complete and accurate.
Control Description/Example
Audit trail Checking for the completeness of each process
Error listing Reporting all transactions rejected by the system