Maquiniana, Mark Jason

BSA-3

CHAPTER 7

1. What are the broad classes of input controls?

The broad classes of input controls are Source document control are Datacoding
controls, Batch controls, Validation controls, Input error correction and Generalized data
input systems.
2. Explain the importance of source documents and associated control techniques.
Source documents is importance because it provides evidence that a financial
transaction has occurred. During an accounting or tax audit, source documents back up
the accounting journals and general ledger as an indisputable transaction trail. Also,
associated control techniques provide managers with the type and amount of
information they need to measure and monitor performance. The information from
various controls must be tailored to a specific management level, department, unit, or
operation.
3. Give one example of an error that is detected by a check digit control.
One of the errors that is detected by check digit control is transcription error.
4. What are the primary objectives of a batch control?
The objective of batch control is to reconcile output produced by the system
with the input originally entered into the system. This provides assurance that:
• All records in the batch are processed
• No records are processed more than once
• An audit trail of transactions is created from input through processing to the output
stage of the system.
5. Classify each of the following as a field, record, or file interrogation:
a. Limit check - field
b. Validity check - field
c. Version check - file interrogation
d. Missing data check - field

e. Sign check - record

f. Expiration date check - file interrogation
g. Numeric-alphabetic data check - field
h. Sequence check - record
i. Zero-value check - field
j. Header label check - file interrogation
k. Range check - field
 l. Reasonableness check - record
6. Compare the three common error-handling techniques discussed in the book.
The first is correct immediately is when the system isusing the direct data validation
approach, error detection and correction can takeplace during data entry. Second, Create an
Error File is when delayed validation is being used, such as inbatch systems with sequential files,
individual errors should be flagged to prevent them from being processed. Third is Reject the
Batch takes place when some forms oferrors are associated with the entire batch and are not
clearly attributable toindividual records.
7. What are the five major components of a GDIS?
The five major components of GDIS are generalized validation module, validated data
file, error file, error reports and transaction log.
8. What are the three categories of processing controls?
The three categories of processing cobtrols arr run-to-run controls, operator
intervention controls ans audit trail controls.
9. If all of the inputs have been validated before processing, then what purpose do runto-run
controls serve?
The run-to-run control is a control device to ensure that norecords are lost,
unprocessed, or processed more than once for each of thecomputer runs (processes) that the
records must flow through.
10. What is the objective of a transaction log?

Transaction log keeps a log of all the transactions that are taking place; along with the
database modifications it’s making each day. It is one of the most crucial element in your
database, in case of any system failure it brings back database to a consistent condition.
11. How can spooling present an added exposure?
The creation of an output file as an intermediate step in the printing process presents an
added exposure. A computer criminal may use this opportunity to perform any of the following
unauthorized acts:
1. Access the output file and change critical data values (such as dollar amounts on checks). The
printer program will then print the corrupted output as if it were produced by the output run.
Using this technique, a criminal may effectively circumvent the processing controls designed
into the application.
2. Access the file and change the number of copies of output to be printed. The extra copies
may then be removed without notice during the printing stage.
3. Make a copy of the output file to produce illegal output reports.
4. Destroy the output file before output printing takes place.
Discussion Questions
1. The field calls for an “M” for married or an “S” for single. The entry is a “2.” What control will
detect this error?
Numeric/alphabetic data checks or validity check
2. The firm allows no more than 10 hours of overtime a week. An employee entered “15” in the
field. Which control will detect this error?
Limit check
3. The password was “CANARY”; the employee entered “CAANARY.” Which control will detect
this error?

Validity check
4. The inventory item number was omitted on the purchase order. Which control will detect
this error?
Missing data check
5. The order entry system will allow a 10 percent variation in list price. For example, an item
with a list price of $1 could be sold for 90 cents or $1.10 without any system interference. The
cost of the item is $3, but the cashier entered $2. Which control would detect this error?
Range check

6. How does privacy relate to output control?

If the privacy of certain types of output is violated, for example, sensitive information
about clients or customers, a firm could be legally exposed.
7. What are some typical problems with passwords?
Users failing to remember passwords, failure to change passwords frequently,
displaying passwords where others can see them, and using simple, easy to guess passwords.
8. What are the three categories of processing control?
Run-to-run controls, operator intervention controls, and audit trail controls
9. Output controls ensure that output is not lost, misdirected, or corrupted and that privacy is
not violated. What are some output exposures, or situations where output is at risk?
Output is removed from the printer by the computer operator, separated into sheets
and separated from other reports, reviewed for correctness by the data control clerk, and then
sent through interoffice mail to the end user. Each stage in this process is a point of potential
exposure where the output could be reviewed, stolen, copied, or misdirected. An additional
exposure exists when processing or printing goes wrong and produces output that is
unacceptable to the end user. These corrupted or partially damaged reports are often
discarded in waste cans. Computer criminals have successfully used such waste to achieve their
illicit objectives.
10. Input validation includes field interrogation that examines the data in individual fields. List
four validation tests and indicate what is checked in each.
Numeric-alphabetic checks look for the correct content in a field, numbers, or letters;
zero-value checks determine if necessary zeros are present; limit checks verify that values are
within preset limits; range checks verify the values fall within an acceptable range. Other
acceptable responses include missing data checks that look for blank spaces, validity checks
that compare actual values in a field against known acceptable values, and check digit controls
that identify nkeystroke errors in key fields.
11. What is record interrogation? Give two examples.
Record interrogation examines the combination of fields in a record to determine
consistency. Record interrogation tests include reasonableness checks, sign checks, sequence
checks.