3 Application ControlsProgrammed procedures designed to deal with potential exposures that threaten specific applications, such as payroll, purchases, and cash disbursements systems.Three categories:Input controlsProcessing controlsOutput controls
4 Input ControlsDesigned to ensure that transactions are valid, accurate, and complete.Broad classes:Source document controlsData coding controlsBatch controlsValidation controlsInput error correctionGeneralized data input systems
5 Source document controls Techniques to prevent source document fraud (for example, an individual with access to purchase orders and receiving reports could fabricate a purchase transaction to a non-existent supplier)Use pre-numbered source documentsUse source documents in sequencePeriodically audit source documents
6 Data Coding ControlsChecks on integrity of data codes used in processing.A customer’s account number, an inventory item number, and a chart of accounts number are all examples of data codes.
7 Data Coding ControlsThree types of errors that can corrupt data codes and cause processing errors:Transcription errorsSingle transposition errorsMultiple transposition errors
8 Transcription ErrorsAddition errors: e.g., inventory item number recorded asTruncation errors: e.g., the inventory item above recorded as 8327Substitution errors: e.g., the inventory item above recorded as 83266
9 Transposition ErrorsSingle transposition errors: occur when two adjacent digits are reversed.Multiple transposition errors: occur when nonadjacent digits are transposed. For example, is recorded as
10 Check Digits A method to detect data coding errors. A check digit is a control digit added to the code that allows the integrity of the code to be established during subsequent processing.The simplest form of check digit is to sum the digits in the code and use this sum as the check digit.
11 Check DigitsFor example, the calculated check digit for customer account code 5327 would be 7 ( =17, then drop the tens column)This technique can detect some transcription errors, but not transposition errors.Another technique in page 217 can be used to detect transposition errors.See ‘Check digit’ from Wikipedia in relevant links
12 Batch ControlsA method used to manage high volumes of transaction data through a system.Provide assurance thatAll records in batch are processedNo records are processed more than onceAn audit trail of transactions is created
13 Steps in Batch Controls Grouping similar types of transactions (such as sales order) together in batchesFor each batch of documents, prepare a batch transmittal sheet that contains (see page 218)A unique batch numberA batch dateA transaction code (type of transactions)Number of records in batch (record count)Total dollar value of a financial field (batch control total)Total of a unique non-financial field (hash total)
14 Steps in Batch Controls Batch transmittal sheet is used to assess the integrity of the batch during processing as shown in Figure 6-2 (page 219).Batch control total can be used to make sure the batch is in balanceHash total can be used to detect the fraud that someone replaced one of the sales orders in the batch with a fictitious record of the same dollar amount (see page 220)
15 Validation ControlsIntended to detect errors in transaction data before the data are processed.Three levels of input validation controls:Field interrogationRecord interrogationFile interrogation
16 Filed Interrogation Missing data checks Numeric-alphabetic data checks Zero-value checksLimit checksRange checksValidity checks (compare actual values against known acceptable values)
17 Record InterrogationValidate entire record by examining inter-relationship of its field values.Reasonableness checks: e.g., an employee’s pay rate of 18 dollars per hour is excessive, when compared to the employee’s job skill code of 693 (employees in this skill class never earn more than 12 dollars per hour)
18 Record InterrogationSign check: e.g., dollar amount field must be positive for sales but negative for sales return transactions.Sequence check: determine if a record is out of order
19 File InterrogationEnsure that correct file is being processed by the system.Internal label checks verify that the file processed is the one the program is actually calling for.Files usually have external labels that identify them to librarian and operator. But wrong labels may be affixed to files.Operating system can create internal label that is placed at the beginning of the file (Figure 6-6 in page 224)
20 File InterrogationVersion checks are used to verify that the version of the file being processed is correct.Expiration date check prevents a file from being deleted before it expires.
21 Input Error Correction 3 common error handling techniquesImmediate correctionCreate an error fileReject entire batch
22 Generalized Data Input Systems To achieve a high degree of control and standardization over input validation procedures.This technique includes centralized procedures to manage the data input for all of the organization’s transaction processing systems. (see Figure 6-9)
24 Run-to-run ControlsUse batch control figures to monitor the batch as it moves from one run to another.Specific uses of run-to-run control figures:Recalculate control totals (dollar amount fields, hash totals, record counts)Transaction codes: ensure only correct type of transaction is being processed.Sequence checks ensure the proper order of transactions being processed
25 Operator Intervention Controls Operator intervention increases the potential for human errors.Systems that limit operator intervention thru operator intervention controls are thus less prone to errors.
26 Audit Trail Controls Techniques to preserve audit trails: Transaction logs: every transaction successfully processed by the system should be recorded on a transaction log, which servers as a journal.Log of automatic transactionsListing of automatic transactionsError listing