Chapter 10

Information Systems Controls for System Reliability—Part 3: Processing Integrity and

Availability 10-1
Nicholas Kitch James S. Gajetela, MSIT(CAR)
 Learning Objectives

 Identify and explain controls designed to ensure processing integrity.

 Identify and explain controls designed to ensure systems availability.

Nicholas Kitch James S. Gajetela, MSIT(CAR) 10-2

 Trust Services Framework
 Security (Chapter 8)
 Access to the system and its data is controlled and restricted to legitimate users.

 Confidentiality (Chapter 8)
 Sensitive organizational information (e.g., marketing plans, trade secrets) is protected from
unauthorized disclosure.

 Privacy (Chapter 9)
 Personal information about customers is collected, used, disclosed, and maintained only in
compliance with internal policies and external regulatory requirements and is protected from
unauthorized disclosure.

 Processing Integrity
 Data are processed accurately, completely, in a timely manner, and only with proper
authorization.

 Availability
 System and its information are available to meet operational and contractual
obligations.

Nicholas Kitch James S. Gajetela, MSIT(CAR) 10-3

 Controls Ensuring Processing Integrity

 Input

 Process

 Output

Nicholas Kitch James S. Gajetela, MSIT(CAR) 10-4

 Input Controls

 “Garbage-in Garbage-out”

 Form Design
 All forms should be sequentially numbered
 Verify missing documents
 Use of turnaround documents
 Eliminate input errors

Nicholas Kitch James S. Gajetela, MSIT(CAR) 10-5

 Input Controls
 Data Entry Checks  Validity check
 Field check  Input compared with master data
 Characters proper type? Text, to confirm existence
integer, date, and so on  Reasonableness check
 Sign check  Logical comparisons
 Proper arithmetic sign?  Check digit verification
 Limit check  Computed from input value to
 Input checked against fixed catch typo errors
value?  Prompting
 Range check  Input requested by system
 Input within low and high range  Close-loop verification
value?  Uses input data to retrieve and
 Size check display related data
 Input fit within field?
 Completeness check
 Have all required data been
entered?

Nicholas Kitch James S. Gajetela, MSIT(CAR) 10-6

 Batch Input Controls

 Batch Processing
 Input multiple source documents at once in a group

 Batch Totals
 Compare input totals to output totals
 Financial
 Sums a field that contains monetary values
 Hash
 Sums a nonfinancial numeric field
 Record count
 Sums a nonfinancial numeric field

Nicholas Kitch James S. Gajetela, MSIT(CAR) 10-7

 Processing Controls

 Data Matching
 Multiple data values must match before processing occurs.

 File Labels
 Ensure correct and most current file is being updated.

 Batch Total Recalculation

 Compare calculated batch total after processing to input totals.

 Cross-Footing and Zero Balance Tests

 Compute totals using multiple methods to ensure the same results.

 Write Protection
 Eliminate possibility of overwriting or erasing existing data.

 Concurrent Update
 Locking records or fields when they are being updated so multiple users are not updating at
the same time.

Nicholas Kitch James S. Gajetela, MSIT(CAR) 10-8

 Output Controls

 User Review
 Verify reasonableness, completeness, and routed to intended individual

 Reconciliation

 Data Transmission Controls

 Check sums
 Hash of file transmitted, comparison made of hash before and after
transmission
 Parity checking
 Bit added to each character transmitted, the characters can then be
verified for accuracy

Nicholas Kitch James S. Gajetela, MSIT(CAR) 10-9

 Controls Ensuring Availability

 Systems or information need to be available 24/7

 It is not possible to ensure this so:

Nicholas Kitch James S. Gajetela, MSIT(CAR) 10-10

 Minimize Risks
 Preventive Maintenance
 Cleaning, proper storage

 Fault Tolerance
 Ability of a system to continue if a part fails

 Data Center Location

 Minimize risk of natural and human created disasters.

 Training
 Less likely to make mistakes and will know how to recover, with minimal damage, from
errors they do commit

 Patch Management
 Install, run, and keep current antivirus and anti-spyware programs

Nicholas Kitch James S. Gajetela, MSIT(CAR) 10-11

 Quick Recovery
 Back-up
 Incremental
 Copy only data that changed from last partial back-up
 Differential
 Copy only data that changed from last full back-up

 Business Continuity Plan (BCP)

 How to resume not only IT operations, but all business processes
 Relocating to new offices
 Hiring temporary replacements

Nicholas Kitch James S. Gajetela, MSIT(CAR) 10-12

 Change Control

 Formal process used to ensure that modifications to hardware,

software, or processes do not reduce systems reliability
 Changes need to be documented.
 Changes need to be approved by appropriate manager.
 Changes need to be tested before implementations.
 All documentation needs to be updated for changes.
 Back-out plans need to be adopted.
 User rights and privileges need to be monitored during change.

Nicholas Kitch James S. Gajetela, MSIT(CAR) 10-13

 Disaster Recovery Plan (DRP)
 Procedures to restore an organization’s IT function in the event that its
data center is destroyed
 Cold Site
 An empty building that is prewired for necessary telephone and Internet
access, plus a contract with one or more vendors to provide all necessary
equipment within a specified period of time
 Hot Site
 A facility that is not only prewired for telephone and Internet access but
also contains all the computing and office equipment the organization
needs to perform its essential business activities
 Second Data-Center
 Used for back-up and site mirroring

Nicholas Kitch James S. Gajetela, MSIT(CAR) 10-14