Microcomputers Present a New Internal Control Challenge
Jenne, Stanley Earl, The National Public Accountant
It was a great day for the credit union when they could end their reliance on a computer service center and purchase an in-house minicomputer system. With the lower costs of computers, the new system could be purchased outright and software leased for less than the cost of the multi-year contract renewal option available from their local computer service center. Service contracts through the vendor were included to cover maintenance of the hardware purchased. The new system had a projected useful life that was twice as long as the computer service center contract. The savings were more than adequate to justify the acquisition of the new computer system. In addition, the local company offering the software lease provided a package tailored specifically for the credit union industry. The new system promised to meet the unique needs of the credit union with timely responses to management's inquiries and greater flexibility in producing special reports. I.t was user friendly and did not require a computer expert or any additional staff to run it.
The new minicomputer system was acquired, the employees were trained, and the system was placed into service. Overall, the system appeared to work very well. Problems and limitations were relatively minor when compared to the computer service center mainframe system previously used. It was not until the author, a member of the Board of Directors, began reviewing the controls of the new system that serious internal control weaknesses were discovered. The most serious weakness was in the vendor software package. While the software did offer different security levels for tellers, loan officers, and the controller as promised, the software allowed the controller to perform virtually all of the operating functions within the credit union. Thus, the accounting control of separation of duties was seriously compromised. Upon discovery of the weakness, compensating controls were put into place and the credit union began working with the vendor through a user group to correct the control weaknesses discovered.
THE MOVE TOWARD SMALLER COMPUTERS
As organizations move toward minicomputers and microcomputers to handle critical accounting functions, they frequently compromise many of the internal controls which existed in their former systems. Internal control problems tend to be more numerous in a microcomputer environment than in a minicomputer environment. Microcomputers were originally developed for personal use and the limited operating capacity of early microcomputers made them impractical for most organizational computing needs. These computers were designed for a single user and for convenience and simplicity of operation. Security and internal control were typically ignored in the development of most microcomputer hardware and software. The common recommendation for the internal control of a microcomputer system was to simply lock the office door.
The amazing increase in computing power and data storage of microcomputers, their low cost, and the development of user friendly software have combined to make microcomputers a suitable replacement for the mainframe computer for some applications. In large organizations which still have a need for a main-frame computer system, microcomputers, through modems and networks, are being used to access the mainframe computer. They are also used to reduce substantially the amount of computing performed by the central mainframe computer. As critical accounting functions are migrating toward smaller computers and as microcomputers are increasingly used to access data and software residing on networks, minicomputers, and mainframe computers, the need for better internal control of microcomputer applications becomes apparent.
COMMON INTERNAL CONTROL PROBLEMS
Common internal control problems associated with current microcomputer environments and many minicomputer environments include lack of separation of duties, unauthorized access to hardware and software, and uncontrolled development of computer application programs. …