Chapter 10

Information Systems Controls for System Reliability—Part 3: Processing Integrity and Availability

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

10-1

Learning Objectives
 Identify and explain controls designed to ensure processing integrity.
 Identify and explain controls designed to ensure systems availability.

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

10-2

Trust Services Framework
 Security (Chapter 8)
 Access to the system and its data is controlled and restricted to legitimate users.

 Confidentiality (Chapter 8)
 Sensitive organizational information (e.g., marketing plans, trade secrets) is protected from unauthorized disclosure.

 Privacy (Chapter 9)
 Personal information about customers is collected, used, disclosed, and maintained only in compliance with internal policies and external regulatory requirements and is protected from unauthorized disclosure.

 Processing Integrity
 Data are processed accurately, completely, in a timely manner, and only with proper authorization.

 Availability
 System and its information are available to meet operational and contractual obligations.
10-3

Controls Ensuring Processing Integrity
 Input  Process  Output

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

10-4

Input Controls
 “Garbage-in Garbage-out”

 Form Design
 All forms should be sequentially numbered
 Verify missing documents

 Use of turnaround documents
 Eliminate input errors

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

10-5

Input Controls
 Data Entry Checks
 Field check
 Characters proper type? Text, integer, date, and so on

 Sign check
 Proper arithmetic sign?

 Limit check
 Input checked against fixed value?

 Range check
 Input within low and high range value?

 Size check
 Input fit within field?

 Completeness check
 Have all required data been entered?

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

10-6

Input Controls
 Data Entry Checks (continued)
 Validity check
 Input compared with master data to confirm existence

 Reasonableness check
 Logical comparisons

 Check digit verification
 Computed from input value to catch typo errors

 Prompting
 Input requested by system

 Close-loop verification
 Uses input data to retrieve and display related data

Copyright 2012 © Pearson Education, Inc. publishing as Prentice Hall

10-7

Batch Input Controls
 Batch Processing
 Input multiple source documents at once in a group

 Batch Totals
 Compare input totals to output totals
 Financial  Sums a field that contains monetary values  Hash

 Sums a nonfinancial numeric field
 Record count  Sums a nonfinancial numeric field

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

10-8

Processing Controls
 Data Matching
 Multiple data values must match before processing occurs.

 File Labels
 Ensure correct and most current file is being updated.

 Batch Total Recalculation
 Compare calculated batch total after processing to input totals.

 Cross-Footing and Zero Balance Tests
 Compute totals using multiple methods to ensure the same results.
Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

10-9

Processing Controls
 Write Protection
 Eliminate possibility of overwriting or erasing existing data.

 Concurrent Update
 Locking records or fields when they are being updated so multiple users are not updating at the same time.

Copyright 2012 © Pearson Education, Inc. publishing as Prentice Hall

10-10

Output Controls
 User Review
 Verify reasonableness, completeness, and routed to intended individual

 Reconciliation  Data Transmission Controls
 Check sums
 Hash of file transmitted, comparison made of hash before and after transmission

 Parity checking
 Bit added to each character transmitted, the characters can then be verified for accuracy
Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

10-11

Controls Ensuring Availability
 Systems or information need to be available 24/7
 It is not possible to ensure this so:

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

10-12

Minimize Risks
 Preventive Maintenance
 Cleaning, proper storage

 Fault Tolerance
 Ability of a system to continue if a part fails

 Data Center Location
 Minimize risk of natural and human created disasters.

 Training
 Less likely to make mistakes and will know how to recover, with minimal damage, from errors they do commit

 Patch Management
 Install, run, and keep current antivirus and antispyware programs
10-13

Quick Recovery
 Back-up
 Incremental
 Copy only data that changed from last partial back-up

 Differential
 Copy only data that changed from last full back-up

 Business Continuity Plan (BCP)
 How to resume not only IT operations, but all business processes
 Relocating to new offices  Hiring temporary replacements

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

10-14

Change Control
 Formal process used to ensure that modifications to hardware, software, or processes do not reduce systems reliability
 Changes need to be documented.  Changes need to be approved by appropriate manager.  Changes need to be tested before implementations.  All documentation needs to be updated for changes.  Back-out plans need to be adopted.  User rights and privileges need to be monitored during change.

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

10-15

Disaster Recovery Plan (DRP)
 Procedures to restore an organization’s IT function in the event that its data center is destroyed
 Cold Site
 An empty building that is prewired for necessary telephone and Internet access, plus a contract with one or more vendors to provide all necessary equipment within a specified period of time

 Hot Site
 A facility that is not only prewired for telephone and Internet access but also contains all the computing and office equipment the organization needs to perform its essential business activities

 Second Data-Center
 Used for back-up and site mirroring

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

10-16

Master your semester with Scribd & The New York Times

Special offer for students: Only $4.99/month.

Master your semester with Scribd & The New York Times

Cancel anytime.