Chapter 10

Information Systems Controls for System ReliabilityPart 3: Processing Integrity and Availability

Copyright 2012 Pearson Education, Inc. publishing as Prentice Hall

10-1

Learning Objectives
Identify and explain controls designed to ensure processing integrity.
Identify and explain controls designed to ensure systems availability.

Copyright 2012 Pearson Education, Inc. publishing as Prentice Hall

10-2

Trust Services Framework

Security (Chapter 8)
Access to the system and its data is controlled and restricted to legitimate users.

Confidentiality (Chapter 8)
Sensitive organizational information (e.g., marketing plans, trade secrets) is protected from unauthorized disclosure.

Privacy (Chapter 9)
Personal information about customers is collected, used, disclosed, and maintained only in compliance with internal policies and external regulatory requirements and is protected from unauthorized disclosure.

Processing Integrity
Data are processed accurately, completely, in a timely manner, and only with proper authorization.

Availability
System and its information are available to meet operational and contractual obligations.
10-3

Controls Ensuring Processing Integrity

Input Process Output

Copyright 2012 Pearson Education, Inc. publishing as Prentice Hall

10-4

Input Controls
Garbage-in Garbage-out

Form Design
All forms should be sequentially numbered
Verify missing documents

Use of turnaround documents

Eliminate input errors

Copyright 2012 Pearson Education, Inc. publishing as Prentice Hall

10-5

Input Controls
Data Entry Checks
Field check
Characters proper type? Text, integer, date, and so on

Sign check
Proper arithmetic sign?

Limit check
Input checked against fixed value?

Range check
Input within low and high range value?

Size check
Input fit within field?

Completeness check
Have all required data been entered?

Copyright 2012 Pearson Education, Inc. publishing as Prentice Hall

10-6

Input Controls
Data Entry Checks (continued)
Validity check
Input compared with master data to confirm existence

Reasonableness check
Logical comparisons

Check digit verification

Computed from input value to catch typo errors

Prompting
Input requested by system

Close-loop verification
Uses input data to retrieve and display related data

Copyright 2012 Pearson Education, Inc. publishing as Prentice Hall

10-7

Batch Input Controls

Batch Processing
Input multiple source documents at once in a group

Batch Totals
Compare input totals to output totals
Financial Sums a field that contains monetary values Hash

Sums a nonfinancial numeric field

Record count Sums a nonfinancial numeric field

Copyright 2012 Pearson Education, Inc. publishing as Prentice Hall

10-8

Processing Controls
Data Matching
Multiple data values must match before processing occurs.

File Labels
Ensure correct and most current file is being updated.

Batch Total Recalculation

Compare calculated batch total after processing to input totals.

Cross-Footing and Zero Balance Tests

Compute totals using multiple methods to ensure the same results.
Copyright 2012 Pearson Education, Inc. publishing as Prentice Hall

10-9

Processing Controls
Write Protection
Eliminate possibility of overwriting or erasing existing data.

Concurrent Update
Locking records or fields when they are being updated so multiple users are not updating at the same time.

Copyright 2012 Pearson Education, Inc. publishing as Prentice Hall

10-10

Output Controls
User Review
Verify reasonableness, completeness, and routed to intended individual

Reconciliation Data Transmission Controls

Check sums
Hash of file transmitted, comparison made of hash before and after transmission

Parity checking
Bit added to each character transmitted, the characters can then be verified for accuracy
Copyright 2012 Pearson Education, Inc. publishing as Prentice Hall

10-11

Controls Ensuring Availability

Systems or information need to be available 24/7
It is not possible to ensure this so:

Copyright 2012 Pearson Education, Inc. publishing as Prentice Hall

10-12

Minimize Risks
Preventive Maintenance
Cleaning, proper storage

Fault Tolerance
Ability of a system to continue if a part fails

Data Center Location

Minimize risk of natural and human created disasters.

Training
Less likely to make mistakes and will know how to recover, with minimal damage, from errors they do commit

Patch Management
Install, run, and keep current antivirus and antispyware programs
10-13

Quick Recovery
Back-up
Incremental
Copy only data that changed from last partial back-up

Differential
Copy only data that changed from last full back-up

Business Continuity Plan (BCP)

How to resume not only IT operations, but all business processes
Relocating to new offices Hiring temporary replacements

Copyright 2012 Pearson Education, Inc. publishing as Prentice Hall

10-14

Change Control
Formal process used to ensure that modifications to hardware, software, or processes do not reduce systems reliability
Changes need to be documented. Changes need to be approved by appropriate manager. Changes need to be tested before implementations. All documentation needs to be updated for changes. Back-out plans need to be adopted. User rights and privileges need to be monitored during change.

Copyright 2012 Pearson Education, Inc. publishing as Prentice Hall

10-15

Disaster Recovery Plan (DRP)

Procedures to restore an organizations IT function in the event that its data center is destroyed
Cold Site
An empty building that is prewired for necessary telephone and Internet access, plus a contract with one or more vendors to provide all necessary equipment within a specified period of time

Hot Site
A facility that is not only prewired for telephone and Internet access but also contains all the computing and office equipment the organization needs to perform its essential business activities

Second Data-Center
Used for back-up and site mirroring

Copyright 2012 Pearson Education, Inc. publishing as Prentice Hall

10-16