CHAPTER 10

Information Systems Controls for

System Reliability—Part 3:
Processing Integrity and
Availability

10-1
LEARNING OBJECTIVES
Identify and explain controls designed
to ensure processing integrity.
Identify and explain controls designed
to ensure systems availability.

COPYRIGHT © 2012 PEARSON EDUCATION 10-2

TRUST SERVICES FRAMEWORK
Security (Chapter 8)
 Access to the system and its data is controlled and restricted to
legitimate users.
Confidentiality (Chapter 8)
 Sensitive organizational information (e.g., marketing plans, trade
secrets) is protected from unauthorized disclosure.
Privacy (Chapter 9)
 Personal information about customers is collected, used, disclosed,
and maintained only in compliance with internal policies and
external regulatory requirements and is protected from
unauthorized disclosure.
Processing Integrity
 Data are processed accurately, completely, in a timely manner,
and only with proper authorization.
Availability
 System and its information are available to meet operational and
contractual obligations.

10-3
CONTROLS ENSURING PROCESSING INTEGRITY

Input
Process
Output

10-4
INPUT CONTROLS
“Garbage-in Garbage-out”
Form Design
 All forms should be sequentially numbered
 Verify missing documents
 Use of turnaround documents
 Eliminate input errors

COPYRIGHT © 2012 PEARSON EDUCATION 10-5

INPUT CONTROLS
Data Entry Checks  Validity check
 Field check  Input compared with
 Characters proper type? master data to confirm
Text, integer, date, and so
on existence
 Sign check  Reasonableness check
 Proper arithmetic sign?  Logical comparisons
 Limit check  Check digit verification
 Input checked against fixed
value?  Computed from input
 Range check value to catch typo errors
 Input within low and high  Prompting
range value?  Input requested by system
 Size check
 Input fit within field?  Close-loop verification
 Completeness check  Uses input data to
 Have all required data retrieve and display
been entered? related data

10-6
BATCH INPUT CONTROLS
Batch Processing
Input multiple source documents at once in
a group
Batch Totals
Compare input totals to output totals
 Financial
 Sums a field that contains monetary values
 Hash
 Sums a nonfinancial numeric field
 Record count
 Sums a nonfinancial numeric field

10-7
 PROCESSING CONTROLS
Data Matching
 Multiple data values must match before processing occurs.
File Labels
 Ensure correct and most current file is being updated.
Batch Total Recalculation
 Compare calculated batch total after processing to input totals.
Cross-Footing and Zero Balance Tests
 Compute totals using multiple methods to ensure the same
results.
Write Protection
 Eliminate possibility of overwriting or erasing existing data.
Concurrent Update
 Locking records or fields when they are being updated so
multiple users are not updating at the same time.
10-8
OUTPUT CONTROLS
User Review
Verify reasonableness, completeness, and routed
to intended individual
Reconciliation
Data Transmission Controls
Check sums
 Hash of file transmitted, comparison made of hash before and
after transmission
Parity checking
 Bit added to each character transmitted, the characters can then
be verified for accuracy

COPYRIGHT © 2012 PEARSON EDUCATION 10-9

CONTROLS ENSURING AVAILABILITY
Systems or information need to be available 24/7
 It is not possible to ensure this so:

COPYRIGHT © 2012 PEARSON EDUCATION 10-10

MINIMIZE RISKS
Preventive Maintenance
 Cleaning, proper storage
Fault Tolerance
 Ability of a system to continue if a part fails
Data Center Location
 Minimize risk of natural and human created disasters.
Training
 Less likely to make mistakes and will know how to
recover, with minimal damage, from errors they do
commit
Patch Management
 Install, run, and keep current antivirus and anti-spyware
programs
10-11
QUICK RECOVERY
Back-up
Incremental
 Copy only data that changed from last partial back-up
Differential
 Copy only data that changed from last full back-up

Business Continuity Plan (BCP)

How to resume not only IT operations, but
all business processes
 Relocating to new offices
 Hiring temporary replacements
10-12
CHANGE CONTROL
Formal process used to ensure that
modifications to hardware, software, or
processes do not reduce systems reliability
 Changes need to be documented.
 Changes need to be approved by appropriate manager.
 Changes need to be tested before implementations.
 All documentation needs to be updated for changes.
 Back-out plans need to be adopted.
 User rights and privileges need to be monitored during
change.

10-13
DISASTER RECOVERY PLAN (DRP)
Procedures to restore an organization’s IT function
in the event that its data center is destroyed
 Cold Site
 An empty building that is prewired for necessary
telephone and Internet access, plus a contract with one
or more vendors to provide all necessary equipment
within a specified period of time
 Hot Site
 A facility that is not only prewired for telephone and
Internet access but also contains all the computing and
office equipment the organization needs to perform its
essential business activities
 Second Data-Center
 Used for back-up and site mirroring

10-14