Para 3.22.73 — Auditing an operational application system involve
Original Rule Text
3.22.73 Audit of an operational application system involves verification of the input/output controls, processing controls and the audit trail. Testimonial evidence may be obtained in the course of audit by means of the following questionnaire to arrive at a reasonable conclusion in regard to the availability of controls and their adequacy:
(i) Are the data processed genuine, complete and accurate and not provisional?
(ii) Is the expected output is produced and distributed on time?
(iii) Do the application programs process data as intended and accurately?
(iv) Is a complete audit trail available for tracing back a transaction from the final result to the initial input?
(v) Are the data and changes thereto authorised by appropriate authorities both in the user and computer departments?
(vi) Are schedules for receipt of input data maintained and what is the extent of compliance?
(vii) Is there a preliminary check on input data to ensure completeness?
(viii) Are output reports test-checked prior to their distribution to the user department and is the output produced in accordance with a prescribed schedule?
Further, it should also be examined whether the application system provides for the following programmed controls:
(a) Controls to check for missing/duplicate transactions. Examples are:
(i) checks for ensuring continuity of goods invoice numbers issued by a station and locating missing numbers; and
(ii) checks to ensure that more than one subscription is not accounted for in the same month in respect of a Provident Fund subscriber.
(b) Controls on rejected items to be retained under computer suspense. For instance, the monthly treasury transactions should be rejected if they do not have valid heads of account as given in the budget master and such rejected items kept under suspense. Similarly, in the absence of balances, issue notes in a stores accounting system should be rejected.
(c) Input validation for data purification. These are alpha-numeric checks to ensure conformity with data types. For instance, the personal identity number should always be numeric or, depending upon system requirements, the station name field could be represented only by alphabets.
(d) Limit/range checks. Some examples are checks to ensure that the transaction type in a financial accounting system (expressed in terms of rupees) does not have values less than 1 or greater than 6; or the maximum basic pay does not exceed Rs. 9,000 per month; or the code for treasury alone for any State does not have values in excess of two digits.
(e) Overflow checks. To illustrate, if the field length for withdrawal/advances in a computerised Provident Fund system is only five digits and there is a
valid debit transaction with six digits, the high order digit would get truncated and only five digits of the debit will be recorded. This mistake will remain undetected in the absence of overflow checks. Similarly, if the filed length is inadequate, transactions involving arithmetical calculations could be incorrectly recorded.
(f) Controls should be available to ensure that certain mandatory fields, such as the leave type code in a leave accounting system, or the field representing the nature of expenditure in a treasury transaction, are not left blank.
(g) Check digits. In a pay roll system, the account number, which is a control field to identify an employee, has a built-in check digit. The program works out the check digit on the basis of the account number input and verifies the correctness of the check digit given. If the check digits do not tally, it can be concluded that the account number has been wrongly entered. Similarly, the station code in the freight accounting system in the Railways has a check digit to detect entry of an incorrect code.
(h) Compatibility checks. For example, if the transaction in a financial accounting system relates to official receipts, the amount cannot normally have a negative value.
(i) Exception condition checks. If the amount column in a treasury transaction for a month has a value greater than the budget for a quarter, this would apparently represent and exceptional situation that could be detected by these checks.
(j) Total for a batch/lot. For example, the batch total for a major head under a treasury is worked out on the computer and tallied with the total given in the schedule of payments/receipts for that batch in order to ensure complete accounting of transactions in a batch.
(k) Record totals and summaries for reconciliation. When a goods basic tape is created in a freight accounting system, it gives the total number of records, which should tally with the total number of invoices input.
# Audit Trail
What This Means
Auditing an operational application system involves verifying input/output controls, processing controls, and the audit trail. The auditor uses a detailed questionnaire to assess control adequacy, covering areas like data genuineness, output timeliness, processing accuracy, audit trail availability, and proper authorisation. Additionally, the auditor examines programmed controls including checks for missing/duplicate transactions, rejected item handling, input validation, limit/range checks, overflow checks, mandatory field checks, check digits, compatibility checks, exception condition checks, batch totals, and record totals for reconciliation.
This explanation was generated with AI assistance for educational purposes. Always refer to the official gazette notification for authoritative text.
Key Points
- 1Audit of operational applications covers input controls, output controls, processing controls, and audit trail
- 2A systematic questionnaire is used to evaluate control availability and adequacy
- 3Programmed controls include duplicate/missing transaction checks, input validation, and range checks
- 4Overflow checks prevent data truncation errors when field lengths are exceeded
- 5Batch totals, record totals, and check digits are essential reconciliation and validation tools
Practical Example
An auditor examining a railway freight accounting system uses the questionnaire to verify controls. They check that goods invoice numbers are sequential with no gaps (missing transaction check), that a Provident Fund system rejects duplicate monthly subscriptions for the same subscriber (duplicate check), that treasury transactions with invalid account heads are rejected to a suspense file (rejected items control), that station codes include a check digit to catch data entry errors, and that the total number of goods invoices in the basic tape matches the number of invoices actually input (record totals). They also verify that if a withdrawal amount exceeds the five-digit field length, the system detects the overflow rather than silently truncating the high-order digit.
This explanation was generated with AI assistance for educational purposes. Always refer to the official gazette notification for authoritative text.
Frequently Asked Questions
What is an overflow check and why is it important?▼
What is a check digit and how does it work?▼
What are compatibility checks?▼
This explanation was generated with AI assistance for educational purposes. Always refer to the official gazette notification for authoritative text.