PAPS 1001 Personal Computer System (Philippine Standard on

Auditing and Philippine Auditing Practice Statements, 2005)

Personal Computer System or PCs are economical yet powerful
self-contained general purpose computers consisting typically of a
central processing unit (CPU), memory, monitor, disk drives,
printer cables and modems. PC can be used to process accounting
transactions and produce reports that are essential to the
preparations of financial statements. Computer Information
Systems (CIS) environments in which personal computers are used
are different from other CIS environments. Personal Computer
Configurations (Philippine Standard on Auditing and
PhilippineAuditing Practice Statements, 2005) 9 a stand-alone
workstation operated by a single user or a number of users at
different timesaccessing the same or different programs. - The
programs and data are stored in the personal computers or in close
proximity and generally data are entered manually through the
keyboard. 2. a workstation which is part of a local area network is
an arrangement where 2 or more PC are linked together through
the use of special software and communications lines (LAN serves
as sharing of resources such as facilities and printer). 3. a
workstation connected linked to a server and used as such systems
example is online – workstation / as part of a distributed accounting
system -A personal computer can act as an intelligent terminal
because of its logic, transmission, storage and basic computing
capabilities. Characteristics of Personal Computer (Philippine
Standard on Auditing andPhilippine Auditing Practice Statements,
2005) ✓ Although personal computers provide the user with
substantial computing capabilities, they are small enough to be
transportable, are relatively inexpensive and can be placed in
operation quickly. ✓ Software for a wide range of personal
computer applications can be purchased from thirdparty vendors to
perform (e.g., general ledger accounting, receivables accounting
and production / inventory control). ✓ The operating software,
applications programs and data can be stored on and retrieved
from removable storage media, including diskettes, compact disks,
tapes and removable hard disks. ✓ A virus is a computer program
(a block of executable code) that attaches itself to legitimate
program or data file and uses it as a transport mechanism to
reproduce itself without the knowledge of the user. ✓ Users with
basic computer skills can learn to operate a personal computer
easily since many operating system software and applications are
“user-friendly” and contain stepby-step instruction 10 ✓ Users can
also develop spreadsheets or database, purchased from third-party
vendors. (User can developed other applications with the use of
generic software packages.) - Such software packages are typically
used without modification of the programs. ✓ Software programs
and data can also be stored on hard disks that are not removable.
Both removable and removable storage media may be potentially
erased or damaged by computer viruses that could attacks the CIS.
Internal Control in Personal in Personal Computer Environment
(Philippine Standard onAuditing and Philippine Auditing Practice
Statements, 2005) ✓ Generally, the CIS environment in which
personal computers are used is less structured that a centrally-
controlled CIS environment. ✓ In almost all commercially available
operating systems, the built-in security provided has gradually
increased over the years. ✓ In a typical personal computer-
environment, the distinction between general CIS controls and CIS
application controls may not be easily ascertained. -In such cases,
the controls over the system development. In such cases, the
controls over the system development process and operations
which are essential to the effective control for a large computer
environment, may not be viewed by the developer, the user or
management as being as important or cost-effective in a personal
computer environment. Since personal computers are oriented to
individual end-users, the degree of accuracy and dependability of
financial information produced will depend upon the internal
controls prescribed by management and adopted by the user.
Management Authorization for Operating Personal Computers
(Philippine Standard onAuditing and Philippine Auditing Practice
Statements, 2005) Management can contribute to the effective
operation of stand-alone personal computers by prescribing and
enforcing policies for their control and use. Management’s policy
statement may include: • Managements responsibilities; 11 •
Instruction on personal computer use; • Training requirements; •
Authorization for access to programs and data; • Policies to
prevent unauthorized copying of programs and data; • Security,
back-up and storage requirements; • Applications development and
documentation standards; • Standards of report format and report
distribution controls; • Personal usage policies; • Data integrity
standards; • Responsibility for programs, data and error
corrections • Appropriate segregation of duties Physical security –
equipment (Philippine Standard on Auditing and Philippine
AuditingPractice Statements, 2005) ✓ Because of their physical
characteristics, personal computers are susceptible to theft,
physical damage, unauthorized access or misuse. ✓ One method of
physical security is to restrict access to personal computers when
not in use by door locks or other security protection during non-
business hours. ✓ In cases where personal computers are used to
process critical stand-alone applications, additional, physical
security can be established by: ➢ Locking the personal computer in
a protective cabinet or shell or; ➢ Using an alarm system that is
activated any time the personal computer is disconnected or moved
from its location. Physical Security – Removable and Non-
removable media (Philippine Standard on Auditingand Philippine
Auditing Practice Statements, 2005) ✓ Programs and data used on
personal computer can be stored on removable storage media or
non-removable storage media. When personal computer is used by
many 12 individuals, users may develop a casual attitude toward
the storage of the application for diskettes, compact disks or back-
ups tapes for which they are responsible. ✓ Control over removable
storage media can be established by placing responsibility for such
media under personnel whose responsibilities include duties of
software custodians or librarians. Physical control over non-
removable storage media is probably best established with locking
devices. ✓ Depending on the nature of the program and data files.
It is appropriate to keep current copies of diskettes, compact disks
or back-ups tapes and hard disks in a fireproof container, either on
site, off-site or both. This applies equally to operating system and
utility software and back-up copies of hard disks. Program and
Data Security (Philippine Standard on Auditing and Philippine
AuditingPractice Statements, 2005) ✓ When personal computers
are accessible to many users, there is a risk that programs and
data may be altered without authorization. ✓ Because personal
computer operating system software may not contain many control
and security features there are several internal control techniques
which can be built into the application programs to help ensure
that data are processed and read as authorized and that
accidentals destruction of data is prevented. ✓ These techniques
which limit access to programs and data to authorized personnel,
include: 1. Segregating data into files organized under separate file
directories 2. Using hidden files and secret file names 3. Employing
passwords 4. Using cryptography 5. Using anti-virus software
programs Software and Data Integrity (Philippine Standard on
Auditing and Philippine AuditingPractice Statements, 2005) ✓
Software and data integrity controls may ensure that processes
information is free of 13 errors and that software is not susceptible
to unauthorized manipulation (i.e. that authorized data are
processed in the prescribed manner.) ✓ Data integrity can be
strengthened by incorporating internal control procedures such as
format and range checks and cross check results. ✓ Adequate
written documentation of applications that are processes on the PC
can strengthen Software and data integrity controls further.
Hardware, software and data back-up (Philippine Standard on
Auditing and PhilippineAuditing Practice Statements, 2005) Data
back-up refers to plans made by the entity to obtain access to
comparable hardware, software and data in the event of their
failures, loss or destructions. ✓ Identify important programs and
data files to be copied and sored at a location away from PC. ✓
Back-up procedure must be on a regular basis The Effect of PC on
Accounting System and Related Internal Control (Philippine
Standardon Auditing and Philippine Auditing Practice Statements,
2005) The extent to which the PC is being used to process
accounting applications ✓ The type and significance of financial
transactions being processed ✓ The nature of files and programs
utilized in the application ➢ General CIS Controls – Segregations of
Duties ➢ CIS application Controls ✓ it may not be practicable /
cost-effective for management to implement sufficient controls to
reduce the risks of undetected error to a minimum level ✓
Computer-assisted audit techniques may include the use of client
software (database, electronic spreadsheet or utility software)
which has been subjected to review by the auditor’s own software
programs ✓ The auditor may decide to take a different approach.