 Hello and welcome to the session in which we would look at the manual versus automated system of controls or a computerized system of control. Now bear in mind the goal for both an automated system or a manual system are the same or we can say similar but the risks inherent in each system is different because the control procedures are different of course whether the control is a manual control versus automated which is a computerized control. So in this session we're going to discuss some of the key differences between a manual and a computerized system and we're going to summarize them into the following different types of errors and segregation of duties simply put the type of segregation of duties and segregation of duties is a very popular internal control concept if you don't know it make sure you go to the internal control section the audit trail different levels of automation and initiation different levels of automation and processing different data storage and accessibility different audit and monitoring capabilities so we're going to summarize them into those six different levels and obviously if you know farhad if you know anything about farhad once i have a list of things i will go over each one separately before we proceed any further i have a public announcement about my company farhadlectures.com farhad accounting lectures is a supplemental educational tool that's going to help you with your CPA exam preparation as well as your accounting courses my CPA material is aligned with your CPA review course such as becker roger wiley gleam myles my accounting courses are aligned with your accounting courses broken down by chapter and topics my resources consist of lectures multiple choice questions through false questions as well as exercises go ahead start your free trial today no obligation no credit card required starting with segregation of duties i'm gonna have i'm gonna break the screen into two parts the left part will be for the manual system the right part will be for the computerized system so this is the computerized starting with the computerized for the segregation of duties how can you implement segregation of duties in a computerized or a computer based system well you can give access to user access control what does that mean it means you can restrict access to the system to authorized users only assigning different level of access based on the job function so if you work in accounts payable if you if you work in accounts receivable well you only have access to that application for example you cannot go to the cash application you cannot go to payroll you cannot know how much other people are making so on and so forth so you would you would have user access control also something similar to it is role-based access assigning specific tasks or transaction to different users roles such as data entry system maintenance and reporting now also within ap you might be able only to do data entry you cannot do system maintenance of course you should not be able to you should not be able to prepare reports maybe only data entry maybe i give you access to all three or maybe not maybe i'll give you access to certain transaction below a certain amount this is a role-based access what i'm doing is i'm limiting your access and by doing so i'm segregating you segregate in your ability to do other things segregation of duties is itself the concept is assigning different roles and responsibility to different individuals of group such as separating the responsibilities of data entry from those data review same basic concept auditing now in segregation of duties you have to be able to audit to review what other people did will be discussed this in a separate on a separate slide because auditing is important also you could have a dual control what's dual control implementing a dual control mechanism for sensitive information because you don't want to implement dual control for all transactions if you do so you're going to see it defeat the whole purpose of an automated system you want to have a automated system to speed up the process not to slow it down for example requiring two two two authorized persons for any transaction above a certain amount so if the transaction is above ten thousand dollar well guess what it can you cannot access it you will need approval this is what what's called dual control on the other hand we have manual control now bear in mind segregation of duties and manual control they meet they may be non-existent so if you have a small company small organization for segregation of duties to work you have to have a lot of people a lot of a human to separate the process of the process is manual now if you could automate the process we showed the benefit of automating the process but in a small company is what end up happening the manager slash owner usually usually it's the manager that's the owner is the manager involved in every transaction will compensate for this now enlarge and medium organization it's a possible with investment it means you have to have people if it's a manual system for example the person that receives the cash should not be be able the person to record the cash should not be the person to deposit the cash should not be the person to reconcile the cash so this is what we mean by a manual segregation now you're assigning different people in the process manually to do so now what's the problem with manual segregation or any manual control we're going to see this again and again it's a prawn to human errors typos miscommunication misinterpretation of instruction tiredness laziness so on and so forth and the problem with the manual is override or collusion simply put you don't do what you're supposed to do or if there is a person above you that's supposed to look over your shoulders that person is colliding with you so defeat the purpose now bear in mind also that a computerized system could be overrun as well you could override the internal control and subject to hacking audit trail so we're going to look at the difference between an audit trail and a manual system versus a computerized system starting with the manual system in a manual system usually the audit trail what is the audit trail simply put if you want to go back and see what happened can you find out what happened well if you have a manual system usually the audit trail is the manual documentation actual paper written records or logbooks somewhere recorded those also could be in electronic form and for example you could record stuff on an excel sheet or a database but in a sense it's a manual because you are doing so manually it's not being generated automatically because they are being generated manually they can be prone to errors that are typically and are typically more time-consuming to create maintain or review so that's the problem with the manual system of audit trail and a computerized system the audit trail is generated by a computer system by the by the computer system and software I can tell you for example I teach a course called accounting information system and in that course we use a software called QuickBooks believe it or not this company FTX this multi-billion company they were using QuickBooks as a software which is it should not be used by large companies it's usually for small and medium-sized companies but in QuickBooks what I can do let's assume a student is is completing the work on QuickBooks I have the access since I am their accountant and an accountant in a sense that I can see what's going on I can see go in there and know exactly what time this individual logged in what did they exactly do and what are they doing incorrectly that they are not getting they are not following the the the instruction in the book or in the homework because I can see I can audit I can see what how what they did the system automatically record the transaction and other activities as they occur and store this information in a centralized location so I can see it and they cannot change it basically it's a long okay there are those type of audit trail are typically more accurate and efficient than manual audit trail because I know exactly what you did you cannot override the system I cannot override the system it's easier to review for me easier to analyze and the data can be easily query sorted and filtered for example in my class I could have 30 students I can just pick one students and know exactly what that student did I could have many logs many audit trail but I can sort it it's easy to sort it's more comprehensive much much more accurate so we're looking here at a more detailed data that can be used to track activities even in real time I can ask the students if I'm with them on the phone go ahead process this transaction and as I'm on the phone I can go in refresh my screen and see if they did it correctly or not and this could help the organization detect and respond to any issue or anomalies more quickly assuming again assuming the system has some sort of an alert system so if something goes wrong in the audit trail something unusual it will trigger what's called an exception report and send it to management now bear in mind all system are subject to tempering or hacking but audit trail this is the manual and this is the computerized now let's take a look at transaction processing in a manual system there is a computerized system again a manual system you're always subject to human errors and variation in process execution in other words this transaction means you are doing the work you are processing transaction here what we're discussing is journalizing entries posting to the general posting to the ledger adding receipts so on and so forth it's always subject to some sort of a clerical error you could be adding the wrong number you're using the wrong tax rate journalizing but not posting not even journalizing forgetting to journalizing or posting but not carrying into the financial statement so on and so forth now in a computerized system computer program are executed according to algorithm which can be precisely defined and followed and this could lead to an increased processing consistency compared to a manual system computer system don't get tired they keep they keep doing what you're supposed to do now the only thing you have to keep in mind is it's important to know that the accuracy and consistency of any computerized system is as good as the algorithm as the program it's following okay if the algorithm or data is flawed and this is always a problem in computerized system the system output would also be flawed for example if the sales tax program at 2.3 it's supposed to be 3.7 that could be a systematic error and we could have a big problem okay this is called the systematic error and this usually happened in a new system or if the company don't have a proper change of control in a system where people can change the rate without even proper transaction so this is the computerized system transaction initiation basically the same thing but basically when you start a transaction rather than processing the transaction we could have human errors again typos miscommunication misinterpretation of instruction being tired being lazy we could be inefficient this could be time consuming and labor intensive and it's called slow down business operation if you want to initiate a transaction it may need several approval and there could be lack of consistency lack of scalability you cannot process many transaction because people get tired they get overwhelmed with the volume of transaction could it could lead to delays in the business delays in the productions backlog so on and so forth also lack of security we could be vulnerable to fraud or other type of misconduct especially if those initiation of transaction are not properly documented authorized and approved in a computerized system we could have an efficiency by automatically generating transaction for example when specified conditions are met for example places like wal-mart a purchase order for a product is initiated when the quantity on hands fall below a third an amount it trigger a reorder point so at wal-mart they could have in the program something like once we have five units of this product for the store automatically generate an order so this way if the manager is tired the absent forgot to do it the system will do it it reduces the time and effort required it increases the speed and accuracy of the process and the speed of business in general which is good you time is money now this type of speed may not be subject to oversight or documentation as manual transaction so that's kind of basically you have to have the pros and the cons now to mitigate this risk okay someone should review and report on the automated transaction that are generated by the system maybe the manager should review all the orders at the end of the day or every week or every two days depending on what's needed okay and this can help identify transactions that are unusual or unexpected and take appropriate action maybe reprogram the system to give us exactly what we need okay the transaction robust system in place for monitoring login and auditing activities related to to automate it so you have to have some sort of an audit or a logging system and not login basically tracking of the transaction also we could have different data storage and accessibility between a manual system and a computerized system starting with the computerized system the problem with the computerized system with the data it's the ability to remote access the data and network environment increase the risk of unauthorized use and potential breaches breaches of security so you could have someone from eastern europe and i where i say eastern europe because usually the hacking comes from eastern europe or russia that could be from anywhere the potential from damage from a successful breach is much greater because once they have access they have access to everything in a manual system you're going to have paperwork in in new york some paperwork in florida some paperwork in california but in a in a computerized system well they have access to everything okay and especially if it's a cloud system there's a decrease in human involvement in transaction processing also decreases the chances of observing and detecting fraud or errors now obviously we're going to be able to store more we're going to be able to analyze it better but those are the risks okay in control additionally errors or fraud may occur during the design or maintenance application program which can further increase the system vulnerability and this is always a problem in any computerized system if the if the program is flawed from the beginning it's going to give us problem down the road now in a manual system typically the data is stored in a paper form and are less accessible to remote users unless they physically access them with their higher there's a higher risk of theft arson uh fire this this is meant to be fire so on and so forth monitoring capabilities in a manual system we have fewer monitoring capabilities of transaction because it's time consuming and costly you need someone to sit down and review and monitor so it's not a good good internal control in a computerized system it gives you more opportunities for data analysis and management reporting by increasing the availability of fraud data in a computer system you'll have access to the data so you'll be able to monitor what's going on often time in real time then you could create those dashboards audit procedures also could help you can embed audit modules that can inside any application for the program itself to monitor the transaction for you and give you any exception report any red flags and this could help mitigate the additional risk associated with computerized processing by providing increased reporting and review of processing statistics and when you embed this system it's constantly reviewing the transaction giving you feedback it's a form of monitoring and internal control now bear in mind any computerized system will have risks but i'm going to summarize here the risks that are basically common to all computerized system and you need to be familiar with them first is the loss of data that's important especially if you're in the cloud flawed system or software the system is this is not designed properly that's always a risk sometimes the system is designed properly but the hero it could happen maintenance failed to implement necessary update or maintenance to the system well then your system becomes flawed unauthorized access to data resulting in destruction or alteration rather than using it they could go in there and change it okay or somebody with false or unauthorized go ahead and process false or unauthorized transaction unauthorized changes to master file system or software that's always a risk in any computerized system and always manual intervention is a problem because you could always override the system whether you are inside the company who's an insider and more more problematic if someone outside the company was able to penetrate your network and go into the computerized system what should you do now go to four head lectures look at additional mcqs this topic is covered on the cpa exam that could be covered on other professional certification that could be part of your accounting information system course invest in yourself invest in your career it security that's the future i would strongly suggest you invest time invest in your career invest in your opportunities good luck study hard and of course stay safe