Para 3.22.8 — MSO (Audit)

MSO (Audit)mso-audit

3.22.8 The objectives of controls do not change with the introduction of computers. Instead, it is the control techniques that change with many of the manual controls being computerised and new technical computer controls being added to achieve the same objectives. Typical control objectives within a government data processing function aim to ensure:
(i) the provision of effective organisational control over functions related to data processing by clearly defining organisational objectives;
(ii) effective management control over development of data processing resources in conformity with organisational objectives;
(iii) adoption of practices related to data processing activities in accordance with statutory requirements and prescribed administrative procedures;
(iv) adherence to policies, standards and procedures in respect of all data processing functions; and
(v) efficiency and effectiveness of the data processing systems geared towards achievement of the desired objectives.
- Audit objectives and scope

What This Means

When government departments switch from manual processes to computer systems, the fundamental goals of internal controls remain the same — only the methods change. Computerised controls must still ensure that data processing aligns with organisational objectives, follows statutory requirements, adheres to prescribed standards, and operates efficiently. New technical controls specific to computers are added alongside traditional ones.

This explanation was generated with AI assistance for educational purposes. Always refer to the official gazette notification for authoritative text.

Key Points

1Control objectives do not change when computers are introduced — only the techniques change
2Computerised systems must still follow statutory requirements and administrative procedures
3Organisational objectives must be clearly defined to provide effective control over data processing
4Both development of resources and day-to-day operations must align with organisational goals
5Efficiency and effectiveness of data processing must be continually assessed

Practical Example

A district office migrates its pension disbursement records from paper ledgers to a computerised database. The auditor verifies that the new system still has the same checks — proper authorisation for changes, separation of duties between data entry and approval, and reconciliation between disbursement totals and bank statements — even though these controls are now automated rather than manual.

This explanation was generated with AI assistance for educational purposes. Always refer to the official gazette notification for authoritative text.

Frequently Asked Questions

Do we need different audit objectives when a department uses computers?▼

No. The audit objectives remain the same — ensuring accuracy, compliance, and efficiency. What changes are the control techniques, such as automated access controls and system logs replacing manual registers.

What are 'technical computer controls'?▼

These are controls specific to IT systems, such as password-based access restrictions, automated data validation checks, audit trails in software, and backup/recovery procedures that did not exist in manual systems.

Who is responsible for ensuring computerised controls meet organisational objectives?▼

Management remains responsible for designing and implementing adequate controls. The auditor's role is to evaluate whether these controls are effective and aligned with the organisation's objectives.

This explanation was generated with AI assistance for educational purposes. Always refer to the official gazette notification for authoritative text.

Para 3.22.8 — MSO (Audit)

Original Rule Text

What This Means

Key Points

Practical Example

Frequently Asked Questions

Related Rules