Scribd Logo
Upload

Welcome to Scribd!

  • Chapter 10

    Uploaded by

    Danica
    1 views17 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    1 views17 pages

    Chapter 10

    Uploaded by

    Danica

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    of 17

    Processing Integrity and Availability

    Controls
    Chapter 10

    Copyright © 2015 Pearson Education, Inc.


    10-1
    Learning Objectives

    • Identify and explain controls designed to ensure processing


    integrity.

    • Identify and explain controls designed to ensure systems


    availability.

    Copyright © 2015 Pearson Education, Inc.


    10-2
    PROCESSING INTEGRITY
    • A reliable system produces
    SYSTEMS
    information that is
    RELIABILITY accurate, timely, reflects
    results of only authorized

    PROCESSING INTEGRITY
    transactions, and includes
    CONFIDENTIALITY

    outcomes of all activities

    AVAILABILITY
    engaged in by the
    PRIVACY

    organization during a
    given period of time.
    • Requires controls over
    both data input quality and
    the processing of the data.
    SECURITY
    Copyright © 2015 Pearson Education, Inc.
    Processing Integrity Controls

    • Input
    ▫ Forms design
     Sequentially prenumbered/sequence test
    ▫ Turnaround documents
    ▫ Cancellation & storage of documents
    ▫ Visual Scanning

    Copyright © 2015 Pearson Education, Inc.


    10-4
    Processing Integrity: Data Entry Controls
    • Field check • Completeness check
    ▫ Characters in a field are proper type ▫ Verifies that all required data is entered
    • Sign check • Validity check
    ▫ Data in a field is appropriate sign ▫ Compares data from transaction file to that
    (positive/negative) of master file to verify existence
    • Limit check • Reasonableness test
    ▫ Tests numerical amount against a fixed ▫ Correctness of logical relationship between
    value two data items
    • Range check • Check digit verification
    ▫ Tests numerical amount against lower and ▫ Recalculating check digit to verify data
    upper limits entry error has not been made
    • Size check • Key verification
    ▫ Input data fits into the field ▫ Requires entering key data in twice to
    verify its accuracy
    Copyright © 2015 Pearson Education, Inc.
    10-5
    Input Controls
    • The preceding tests are used for batch
    processing and online real-time processing.
    • Both processing approaches also have some
    additional controls that are unique to each
    approach.

    Copyright © 2015 Pearson Education, Inc.


    Batch Input Controls
    • Batch Processing
    ▫ Input multiple source documents at once in a
    group
    • In addition to the preceding controls, when
    using batch processing, the following data entry
    controls should be incorporated.
     Sequence check
     Error log
     Batch totals

    Copyright © 2015 Pearson Education, Inc.


    Batch Input Controls
    • Batch Totals
    ▫ Compare input totals to output totals
     Financial
     Sums a field that contains monetary values
     Hash
     Sums a nonfinancial numeric field
     Record count
     The number of records in a batch

    Copyright © 2015 Pearson Education, Inc.


    Online Data Entry Controls
    • Prompting
    ▫ System prompts you for input (online
    completeness check)
    • Closed-loop verification
    ▫ Checks accuracy of input data by using it to
    retrieve and display other related information
    (e.g., customer account # retrieves the customer
    name)
    • Transaction logs
    • Automatic data entry
    Copyright © 2015 Pearson Education, Inc.
    Processing Controls

    • Data matching • Cross-footing


    ▫ Two or more items must be matched ▫ Verifies accuracy by comparing two
    before an action takes place alternative ways of calculating the same
    • File labels total
    ▫ Ensures correct and most updated file is • Zero-balance tests
    used ▫ For control accounts (e.g., payroll
    • Recalculation of batch totals clearing)
    • Write-protection mechanisms
    ▫ Protect against overwriting or erasing data
    • Concurrent update controls
    ▫ Prevent error of two or more users
    updating the same record at the same time
    Copyright © 2015 Pearson Education, Inc.
    10-10
    Output Controls

    • User review of output


    • Reconciliation
    ▫ Procedures to reconcile to control reports (e.g., general ledger A/R
    account reconciled to Accounts Receivable Subsidiary Ledger)
    ▫ External data reconciliation
    • Data transmission controls
    1. Checksums – hash of file transmitted, comparison made of
    hash before and after transmission
    2. Parity checking
    Copyright © 2015 Pearson Education, Inc.
    10-11
    AVAILABILITY
    • Reliable systems are available
    SYSTEMS for use whenever needed.
    RELIABILITY • Threats to system availability
    originate from many sources,

    PROCESSING INTEGRITY
    including:
    CONFIDENTIALITY

    AVAILABILITY
    ▫ Hardware and software failures
    PRIVACY

    ▫ Natural and man-made disasters


    ▫ Human error
    ▫ Worms and viruses
    ▫ Denial-of-service attacks and other
    sabotage

    SECURITY
    Copyright © 2015 Pearson Education, Inc.
    Availability Controls
    • Preventive maintenance • Backup procedures
    • Fault tolerance ▫ Incremental
    ▫ Use of redundant components  Copies only items that have changed since
    • Data center location and design last partial backup
    ▫ ▫ Differential backup
    Raised floor
     Copies all changes made since last full
    ▫ Fire suppression
    backup
    ▫ Air conditioning
    • Disaster recovery plan (DRP)
    ▫ Uninterruptible power supply (UPS)
    ▫ Procedures to restore organization’s IT
    ▫ Surge protection
    function
    • Training • Business continuity plan (BCP)
    • Patch management and antivirus software ▫ How to resume all operations, not just IT

    Copyright © 2015 Pearson Education, Inc.


    10-13
    AVAILABILITY
    • Disaster Recovery and Business
    Continuity Planning Objectives:
    ▫ Minimize the extent of the disruption, damage, and
    loss
    ▫ Temporarily establish an alternative means of
    processing information
    ▫ Resume normal operations as soon as possible
    ▫ Train and familiarize personnel with emergency
    operations
    • Recovery point objective (RPO)
    • Recovery time objective (RTO)

    Copyright © 2015 Pearson Education, Inc.


    AVAILABILITY
    • Organizational options for replacing
    computer and networking equipment.
    ▫ Reciprocal agreements
    ▫ Cold sites
    ▫ Hot sites
    ▫ Real-time mirroring

    Copyright © 2015 Pearson Education, Inc.


    AVAILABILITY
    • Documentation
    ▫ An important and often overlooked component.
    Should include:
     The disaster recovery plan itself, including instructions for
    notifying appropriate staff and the steps to resume operation,
    needs to be well documented.
     Assignment of responsibility for the various activities.
     Vendor documentation of hardware and software.
     Documentation of modifications made to the default
    configuration (so replacement will have the same
    functionality).
     Detailed operating instructions.
    ▫ Copies of all documentation should be stored both on-
    site and off-site.

    Copyright © 2015 Pearson Education, Inc.


    AVAILABILITY
    • Testing
    ▫ Periodic testing and revision is probably the most
    important component of effective disaster
    recovery and business continuity plans.
     Most plans fail their initial test, because it’s
    impossible to anticipate everything that could go
    wrong.
     The time to discover these problems is before the
    actual emergency and in a setting where the
    weaknesses can be carefully analyzed and
    appropriate changes made.

    Copyright © 2015 Pearson Education, Inc.

    You might also like