ABSTRACT:

The authors point out the weakness of the traditional view of separating application controls from general controls. This weakness lies in the fact that the data processing environment today is very different from that of the 1 960s and 1970s in which the concepts of general controls and application controls were developed. The authors synthesize from the results of other researchers' studies and their own research and present a new approach to deal with the evaluation of an entity's internal control structure in today's business environment. This new approach requires the auditor to adopt five distinctive auditing concepts. First, all controls must be viewed as a set of interrelated controls and must be integrated into a structure. Second, the auditor should take a control perspective to determine the complexity of accounting systems. Third, the auditor should identify and be concerned with only the control-point processing steps at which EDP controls are relied upon to ensure the completeness and accuracy of information. Fourth, proper worksheets should be designed and used. Finally, the purpose of evaluation of an entity's internal control structure is to assess control risk which will critically affect the subsequent assessment of detection risk. The auditor's assessment of control risk and detection risk will ultimately assist him to determine individual and overall audit risks and to render an opinion on the fair presentation of the financial statements.