Para 3.22.7 — MSO (Audit)
Original Rule Text
3.22.7 Presence of controls in a computerised system is significant from the audit point of view because the system may allow, in their absence, duplication of inputs or processing, or conceal or make invisible some of the processes. Controls also provide safeguards against data loss attributable to damage to or corruption of files, manipulation of data, power failures or fluctuations, viruses, computer abuses, etc. Absence of audit trails would also make it difficult to ensure the efficient and effective functioning of a computerised system. for an auditor Besides, in organisations where computer systems are operated, on contract, by outside agencies that employ their own standards and controls, absence of controls will also make the system vulnerable to remote and unauthorised access.
# Objectives of Computer Controls
What This Means
Controls in computerised systems are critical from an audit perspective because without them, the system may allow duplicate inputs, duplicate processing, or may hide certain processes from view. Controls protect against data loss from file corruption, manipulation, power failures, viruses, and computer abuse. Without audit trails, it is difficult to verify efficient system operation. When outside agencies operate computer systems on contract, the absence of controls makes the system vulnerable to remote and unauthorised access.
This explanation was generated with AI assistance for educational purposes. Always refer to the official gazette notification for authoritative text.
Key Points
- 1Without controls, systems may allow duplicate inputs or processing, or conceal processes
- 2Controls protect against data loss from corruption, manipulation, power failures, and viruses
- 3Audit trails are essential for verifying efficient and effective system functioning
- 4Outsourced computer operations create additional risks requiring controls
- 5Remote and unauthorised access is a particular risk when external agencies operate systems
Practical Example
A state government outsources its pension processing to a private IT firm. Without proper controls, the firm's employees could duplicate pension payments, hide processing steps from auditors, or access pension records remotely without authorisation. The state government must insist on comprehensive controls including: input validation to prevent duplicate entries, complete audit trails showing every processing step, access logs for all remote connections, and contractual requirements for the firm to follow the government's security standards. During audit, CAG staff would review these controls to ensure the outsourced system is functioning properly.
This explanation was generated with AI assistance for educational purposes. Always refer to the official gazette notification for authoritative text.
Frequently Asked Questions
Why are controls especially important when computer systems are outsourced?▼
How do controls prevent duplication of inputs or processing?▼
What happens when audit trails are absent in a computerised system?▼
This explanation was generated with AI assistance for educational purposes. Always refer to the official gazette notification for authoritative text.