Presentation is loading. Please wait.

Presentation is loading. Please wait.

Processing Integrity and Availability Controls

Published byBaldric Paul Modified over 5 years ago

Similar presentations

Presentation on theme: "Processing Integrity and Availability Controls"— Presentation transcript:

1 Processing Integrity and Availability Controls
Chapter 10

2 Learning Objectives Identify and explain controls designed to ensure processing integrity. Identify and explain controls designed to ensure systems availability.

3 PROCESSING INTEGRITY SYSTEMS RELIABILITY A reliable system produces information that is accurate, timely, reflects results of only authorized transactions, and includes outcomes of all activities engaged in by the organization during a given period of time. Requires controls over both data input quality and the processing of the data. CONFIDENTIALITY PRIVACY PROCESSING INTEGRITY AVAILABILITY SECURITY

4 Processing Integrity Controls
Input Forms design Sequentially prenumbered/sequence test Turnaround documents Cancellation & storage of documents Visual Scanning

5 Processing Integrity: Data Entry Controls
Field check Characters in a field are proper type Sign check Data in a field is appropriate sign (positive/negative) Limit check Tests numerical amount against a fixed value Range check Tests numerical amount against lower and upper limits Size check Input data fits into the field Completeness check Verifies that all required data is entered Validity check Compares data from transaction file to that of master file to verify existence Reasonableness test Correctness of logical relationship between two data items Check digit verification Recalculating check digit to verify data entry error has not been made Key verification Requires entering key data in twice to verify its accuracy

6 Input Controls The preceding tests are used for batch processing and online real-time processing. Both processing approaches also have some additional controls that are unique to each approach.

7 Batch Input Controls Batch Processing
Input multiple source documents at once in a group In addition to the preceding controls, when using batch processing, the following data entry controls should be incorporated. Sequence check Error log Batch totals

8 Batch Input Controls Batch Totals
Compare input totals to output totals Financial Sums a field that contains monetary values Hash Sums a nonfinancial numeric field Record count The number of records in a batch

9 Online Data Entry Controls
Prompting System prompts you for input (online completeness check) Closed-loop verification Checks accuracy of input data by using it to retrieve and display other related information (e.g., customer account # retrieves the customer name) Transaction logs Automatic data entry

10 Processing Controls Data matching File labels
Two or more items must be matched before an action takes place File labels Ensures correct and most updated file is used Recalculation of batch totals Cross-footing Verifies accuracy by comparing two alternative ways of calculating the same total Zero-balance tests For control accounts (e.g., payroll clearing) Write-protection mechanisms Protect against overwriting or erasing data Concurrent update controls Prevent error of two or more users updating the same record at the same time

11 Output Controls User review of output Reconciliation
Procedures to reconcile to control reports (e.g., general ledger A/R account reconciled to Accounts Receivable Subsidiary Ledger) External data reconciliation Data transmission controls Checksums – hash of file transmitted, comparison made of hash before and after transmission Parity checking

12 AVAILABILITY Reliable systems are available for use whenever needed.
RELIABILITY Reliable systems are available for use whenever needed. Threats to system availability originate from many sources, including: Hardware and software failures Natural and man-made disasters Human error Worms and viruses Denial-of-service attacks and other sabotage CONFIDENTIALITY PRIVACY PROCESSING INTEGRITY AVAILABILITY SECURITY

13 Availability Controls
Preventive maintenance Fault tolerance Use of redundant components Data center location and design Raised floor Fire suppression Air conditioning Uninterruptible power supply (UPS) Surge protection Training Patch management and antivirus software Backup procedures Incremental Copies only items that have changed since last partial backup Differential backup Copies all changes made since last full backup Disaster recovery plan (DRP) Procedures to restore organization’s IT function Business continuity plan (BCP) How to resume all operations, not just IT

14 AVAILABILITY Disaster Recovery and Business Continuity Planning Objectives: Minimize the extent of the disruption, damage, and loss Temporarily establish an alternative means of processing information Resume normal operations as soon as possible Train and familiarize personnel with emergency operations Recovery point objective (RPO) Recovery time objective (RTO)

15 AVAILABILITY Organizational options for replacing computer and networking equipment. Reciprocal agreements Cold sites Hot sites Real-time mirroring

16 AVAILABILITY Documentation
An important and often overlooked component. Should include: The disaster recovery plan itself, including instructions for notifying appropriate staff and the steps to resume operation, needs to be well documented. Assignment of responsibility for the various activities. Vendor documentation of hardware and software. Documentation of modifications made to the default configuration (so replacement will have the same functionality). Detailed operating instructions. Copies of all documentation should be stored both on- site and off-site.

17 AVAILABILITY Testing Periodic testing and revision is probably the most important component of effective disaster recovery and business continuity plans. Most plans fail their initial test, because it’s impossible to anticipate everything that could go wrong. The time to discover these problems is before the actual emergency and in a setting where the weaknesses can be carefully analyzed and appropriate changes made.

Download ppt "Processing Integrity and Availability Controls"

Similar presentations

Chapter 6 Computer Assisted Audit Tools and Techniques

Chapter 6 Computer Assisted Audit Tools and Techniques
Presented to the Tallahassee ISACA Chapter

Presented to the Tallahassee ISACA Chapter
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
General Ledger and Reporting System

General Ledger and Reporting System
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.

Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.
Auditing Computer Systems

Auditing Computer Systems
9 - 1 Computer-Based Information Systems Control.

9 - 1 Computer-Based Information Systems Control.
Chapter 10: Auditing the Expenditure Cycle

Chapter 10: Auditing the Expenditure Cycle
Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.

Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.
Chapter 14 System Controls. A Quote “The factory of the future will have only two employees, a man and a dog. The man will be there to feed the dog. The.

Chapter 14 System Controls. A Quote “The factory of the future will have only two employees, a man and a dog. The man will be there to feed the dog. The.
Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.

Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.
MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan1 Systems Design, Implementation, Maintenance, and Review Chapter 13.

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan1 Systems Design, Implementation, Maintenance, and Review Chapter 13.
1 Output Controls Ensure that system output is not lost, misdirected, or corrupted and that privacy is not violated. Exposures of this sort can cause serious.

1 Output Controls Ensure that system output is not lost, misdirected, or corrupted and that privacy is not violated. Exposures of this sort can cause serious.
© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 136 C HAPTER 8 Information Systems Controls for System.

© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 136 C HAPTER 8 Information Systems Controls for System.
Processing Integrity and Availability Controls

Processing Integrity and Availability Controls
©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart 8-1 Accounting Information Systems 9 th Edition Marshall.

©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart 8-1 Accounting Information Systems 9 th Edition Marshall.
PowerPoint Presentation by Charlie Cook Copyright © 2004 South-Western. All rights reserved. Chapter 9 Controlling Information Systems: Process Controls.

PowerPoint Presentation by Charlie Cook Copyright © 2004 South-Western. All rights reserved. Chapter 9 Controlling Information Systems: Process Controls.
General Ledger and Reporting System

General Ledger and Reporting System
Copyright © 2015 Pearson Education, Inc. Processing Integrity and Availability Controls Chapter 10 10-1.

Copyright © 2015 Pearson Education, Inc. Processing Integrity and Availability Controls Chapter

Similar presentations

Ads by Google