General Control and Application Control

Control as we know, is a substance material in every single system in this world. There were many kind of control do we have recently. In Accounting Information System (AIS) we recognize the word “Internal Control”. In the world of computer audit they also have general control and application control as their internal control. General and Applications control basically have the same purposes. There are four basic purpose of control based on Anies S.M. Basalamah in his book. First purpose is to make sure that the control purpose is reliably reached and fill the standard, local and international (COSO and COBIT). Second purpose is to minimalize risk and threats. Threads define as a condition that relieve the process and opportunities and risk is a condition that can minimalize chance to reach the organizational goal. Third purpose is to equalize with the complexity of today’s cybercrime. Cybercrime grows fast, in technology and technique, recently, so that controls hold an important role to anticipate the effect of this problem. Final purpose is to solve the problem that caused by the computer itself. Computer, as a device, sometime cause a trouble for its own system.

General control is a policy and a procedure about whole thing of EDP audit that is used to build an overall control framework in EDP audit and to make sure that control purpose is reliably reached.

General control builds six main controls in an organizational area. First, control of organization and management. This kind of control requires the managers of the head of director build a separation of duty and responsibility inside the organization. This prevent someone do the job from the beginning to the end. This also prevent from fraud and malfunctioning a system. Second, control of development and maintenance of application. Development of application sometimes becomes a boomerang for the organization. Programmer sometimes inserts a miscellaneous code in organizational program for special fraud purpose. Prevent this kind of fraud is not an easy job so that management and control of a development in application should be established. Third, controls on operation system. This control has a same purpose to the second control. It will make sure that uses of the OS are appropriate to the purpose of the organization and of course it is well authorized. Fourth, control on software and application. This control has the same purpose as the second control. Fifth, control on data entry and program. This control is to make sure that every entry on the program is well authorized and reliably true. This control is also use to control the level of garbage in the data base, better control make less garbage in the database. Sixth, controls of computer system’s security.  This security term include social engineering, malfunction, viruses and malware, data mining, and also power loss or damage. This comprehensive definition of security needs comprehensive control to maintain the purpose and keep the system save.

Application control as a partner of general control, also have an important role to keep the system work well and has a reliable quality. Application control is usually has a close relationship with data entry and data quality. Some expert define application control as a process of control that can give an assurance of recording, classification, update of the master file, and the reporting system can produce an accurate, complete, and on time. There are some main purposes of application control such as: make sure that every transaction is only processed once, make sure that data was accurate and complete, make sure that transaction process is true, make sure that information produced is uses as it should be, and make sure that the application can do the job continuously.

Application control also builds main control as general control did. There are three main control points in application control: Input control, Process control, Output control. Input control I the first control in application control area. This kind of control has a responsibility to make sure that data inputted is correct and well authorized. There are several levels on input control; it is included authorized control, check on readability with the machine, a conversion and transmission control. Process control has a job to control that a transaction process is process as well as it has should be, transaction process is not lost, add, or change without an authorization, transaction process is free from error and malfunction. And last control, output control, has a function to make sure that the information produce is accurate, complete and distribute to the user on time.