Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 136 C HAPTER 8 Information Systems Controls for System.

Similar presentations


Presentation on theme: "© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 136 C HAPTER 8 Information Systems Controls for System."— Presentation transcript:

1 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 136 C HAPTER 8 Information Systems Controls for System Reliability Part 2: Confidentiality, Privacy, Processing Integrity, and Availability

2 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart2 of 136 INTRODUCTION Questions to be addressed in this chapter include: –What controls are used to protect the confidentiality of sensitive information? –What controls are designed to protect privacy of customers’ personal information? –What controls ensure processing integrity? –How are information systems changes controlled to ensure that the new system satisfies all five principles of systems reliability?

3 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart3 of 136 INTRODUCTION Reliable systems satisfy five principles: –Information Security (discussed in Chapter 7) –Confidentiality –Privacy –Processing integrity –Availability SECURITY CONFIDENTIALITY PRIVACY PROCESSING INTEGRITY AVAILABILITY SYSTEMS RELIABILITY

4 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart4 of 136 CONFIDENTIALITY  Reliable systems maintain the confidentiality of sensitive information. SECURITY CONFIDENTIALITY PRIVACY PROCESSING INTEGRITY AVAILABILITY SYSTEMS RELIABILITY

5 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart5 of 136 CONFIDENTIALITY  Table 8-1 in your textbook summaries key controls to protect confidentiality of information: SituationControls StorageEncryption and access controls TransmissionEncryption DisposalShredding, thorough erasure, physical destruction OverallCategorization to reflect value and training in proper work practices

6 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart6 of 136 CONFIDENTIALITY Encryption is a fundamental control procedure for protecting the confidentiality of sensitive information. Confidential information should be encrypted: –While stored –Whenever transmitted

7 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart7 of 136 CONFIDENTIALITY The Internet provides inexpensive transmission, but data is easily intercepted. Encryption solves the interception issue. If data is encrypted before sending it, a virtual private network (VPN) is created. –Provides the functionality of a privately owned network –But uses the Internet

8 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart8 of 136 CONFIDENTIALITY It is critical to encrypt any sensitive information stored in devices that are easily lost or stolen, such as laptops, PDAs, cell phones, and other portable devices. –Many organizations have policies against storing sensitive information on these devices. –81% of users admit they do so anyway.

9 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart9 of 136 CONFIDENTIALITY Encryption alone is not sufficient to protect confidentiality. Given enough time, many encryption schemes can be broken. Access controls are also needed: –To prevent unauthorized parties from obtaining the encrypted data; and –Because not all confidential information can be encrypted in storage. Strong authentication techniques are necessary. Strong authorization controls should be used to limit the actions (read, write, change, delete, copy, etc.) that authorized users can perform when accessing confidential information.

10 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart10 of 136 CONFIDENTIALITY Access to system outputs should also be controlled: –Do not allow visitors to roam through buildings unsupervised. –Require employees to log out of any application before leaving their workstation unattended, so other employees do not have unauthorized access. –Workstations should use password-protected screen savers that automatically engage when there is no activity for a specified period. –Access should be restricted to rooms housing printers and fax machines. –Reports should be coded to reflect the importance of the information therein, and employees should be trained not to leave reports with sensitive information laying in plain view.

11 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart11 of 136 CONFIDENTIALITY Special procedures are needed for information stored on magnet and optical media. –Using built-in operating system commands to delete the information does not truly delete it, and utility programs will often be able to recover these files. –De-fragmenting a disk may actually create multiple copies of a “deleted” document. –Consequently, special software should be used to “wipe” the media clean by repeatedly overwriting the disk with random patterns of data (sometimes referred to as “shredding” a disk). –Magnetic disks and tapes can be run through devices to demagnetize them. –The safest alternative may be to physically destroy disks with highly sensitive data.

12 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart12 of 136 CONFIDENTIALITY Phone conversations have also been affected by technology. The use of voice-over-the-Internet (VoIP) technology means that phone conversations are routed in packets over the Internet. –Because this technology makes wiretapping much easier, conversations about sensitive topics should be encrypted.

13 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart13 of 136 CONFIDENTIALITY Employee use of email and instant messaging (IM) probably represents two of the greatest threats to the confidentiality of sensitive information. –It is virtually impossible to control its distribution once held by the recipient. –Organizations need to develop comprehensive policies governing the appropriate and allowable use of these technologies for business purposes. –Employees need to be trained on what type of information they can and cannot share, especially with IM.

14 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart14 of 136 CONFIDENTIALITY Many organizations are taking steps to address the confidentiality threats created by email and IM. –One response is to mandate encryption of all email with sensitive information. –Some organizations prohibit use of freeware IM products and purchase commercial products with security features, including encryption. –Users sending emails must be trained to be very careful about the identity of their addressee. EXAMPLE: The organization may have two employees named Allen Smith. It’s critical that sensitive information go to the correct Allen Smith.

15 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart15 of 136 PRIVACY In the Trust Services framework, the privacy principle is closely related to the confidentiality principle. Primary difference is that privacy focuses on protecting personal information about customers rather than organizational data. Key controls for privacy are the same that were previously listed for confidentiality. SECURITY CONFIDENTIALITY PRIVACY PROCESSING INTEGRITY AVAILABILITY SYSTEMS RELIABILITY

16 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart16 of 136 PROCESSING INTEGRITY C OBI T control objective DS 11.1 addresses the need for controls over the input, processing, and output of data. Identifies six categories of controls that can be used to satisfy that objective. Six categories are grouped into three for discussion. SECURITY CONFIDENTIALITY PRIVACY PROCESSING INTEGRITY AVAILABILITY SYSTEMS RELIABILITY

17 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart17 of 136 PROCESSING INTEGRITY Three categories/groups of integrity controls are designed to meet the preceding objectives: –Input controls –Processing controls –Output controls

18 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart18 of 136 PROCESSING INTEGRITY Three categories of integrity controls are designed to meet the preceding objectives: –Input Controls –Processing controls –Output controls

19 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart19 of 136 PROCESSING INTEGRITY Input Controls –If the data entered into a system is inaccurate or incomplete, the output will be, too. (Garbage in  garbage out.) –Companies must establish control procedures to ensure that all source documents are authorized, accurate, complete, properly accounted for, and entered into the system or sent to their intended destination in a timely manner.

20 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart20 of 136 PROCESSING INTEGRITY The following input controls regulate integrity of input: –Forms design Source documents and other forms should be designed to help ensure that errors and omissions are minimized (Chapter 18).

21 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart21 of 136 PROCESSING INTEGRITY The following input controls regulate integrity of input: –Forms design Pre-numbered forms sequence test Pre-numbering helps verify that no items are missing. When sequentially pre-numbered input documents are used, the system should be programmed to identify and report missing or duplicate form numbers.

22 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart22 of 136 PROCESSING INTEGRITY The following input controls regulate integrity of input: –Forms design –Pre-numbered forms sequence test Turnaround documents Documents sent to external parties that are prepared in machine-readable form to facilitate their subsequent processing as input records. Example: the stub that is returned by a customer when paying a utility bill. Are more accurate than manually-prepared input records.

23 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart23 of 136 PROCESSING INTEGRITY The following input controls regulate integrity of input: –Forms design Pre-numbered forms sequence test Turnaround documents –Cancellation and storage of documents Documents that have been entered should be canceled –Paper documents are stamped “paid” or otherwise defaced –A flag field is set on electronic documents. Canceling documents does not mean destroying documents. They should be retained as long as needed to satisfy legal and regulatory requirements.

24 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart24 of 136 PROCESSING INTEGRITY The following input controls regulate integrity of input: –Forms design Pre-numbered forms sequence test Turnaround documents –Cancellation and storage of documents –Authorization and segregation of duties Source documents should be prepared only by authorized personnel acting within their authority. Employees who authorize documents should not be assigned incompatible functions.

25 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart25 of 136 PROCESSING INTEGRITY The following input controls regulate integrity of input: –Forms design –Pre-numbered forms sequence test –Turnaround documents –Cancellation and storage of documents –Authorization and segregation of duties –Visual scanning Documents should be scanned for reasonableness and propriety.

26 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart26 of 136 PROCESSING INTEGRITY The following input controls regulate integrity of input: –Forms design –Pre-numbered forms sequence test –Turnaround documents –Cancellation and storage of documents –Authorization and segregation of duties –Visual scanning –Check digit verification –RFID security

27 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart27 of 136 PROCESSING INTEGRITY Five categories of integrity controls are designed to meet the preceding objectives: –Input controls Data entry controls –Processing controls –Output controls

28 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart28 of 136 PROCESSING INTEGRITY Once data is collected, data entry control procedures are needed to ensure that it’s entered correctly. Common tests to validate input include: –Field check Determines if the characters in a field are of the proper type. Example: The characters in a social security field should all be numeric.

29 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart29 of 136 PROCESSING INTEGRITY Once data is collected, data entry control procedures are needed to ensure that it’s entered correctly. Common tests to validate input include: –Field check –Sign check Determines if the data in a field have the appropriate arithmetic sign. Example: The number of hours a student is enrolled in during a semester could not be a negative number.

30 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart30 of 136 PROCESSING INTEGRITY Once data is collected, data entry control procedures are needed to ensure that it’s entered correctly. Common tests to validate input include: –Field check –Sign check –Limit check Tests whether an amount exceeds a predetermined value. Example: A university might use a limit check to make sure that the hours a student is enrolled in do not exceed 21.

31 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart31 of 136 PROCESSING INTEGRITY Once data is collected, data entry control procedures are needed to ensure that it’s entered correctly. Common tests to validate input include: –Field check –Sign check –Limit check –Range check Similar to a field check, but it checks both ends of a range. Example: Perhaps a wage rate is checked to ensure that it does not exceed $15 and is not lower than the minimum wage rate.

32 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart32 of 136 PROCESSING INTEGRITY Once data is collected, data entry control procedures are needed to ensure that it’s entered correctly. Common tests to validate input include: –Field check –Sign check –Limit check –Range check –Size (or capacity) check Ensures that the data will fit into the assigned field. Example: A social security number of 10 digits would not fit in the 9-digit social security field.

33 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart33 of 136 PROCESSING INTEGRITY Common tests to validate input include: –Field check –Sign check –Limit check –Range check –Size (or capacity) check –Completeness check Determines if all required items have been entered. Example: Has the student’s billing address been entered along with enrollment details?

34 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart34 of 136 PROCESSING INTEGRITY Once data is collected, data entry control procedures are needed to ensure that it’s entered correctly. Common tests to validate input include: –Field check –Sign check –Limit check –Range check –Size (or capacity) check –Completeness check –Validity check Compares the value entered to a file of acceptable values. Example: Does the state code entered for an address match one of the 50 valid state codes?

35 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart35 of 136 PROCESSING INTEGRITY Once data is collected, data entry control procedures are needed to ensure that it’s entered correctly. Common tests to validate input include: –Field check –Sign check –Limit check –Range check –Size (or capacity) check –Completeness check –Validity check –Reasonableness test Determines whether a logical relationship seems to be correct. Example: A freshman with annual financial aid of $60,000 is probably not reasonable.

36 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart36 of 136 PROCESSING INTEGRITY Once data is collected, data entry control procedures are needed to ensure that it’s entered correctly. Common tests to validate input include: –Field check –Sign check –Limit check –Range check –Size (or capacity) check –Completeness check –Validity check –Reasonableness test –Check digit verification An additional digit called a check digit can be appended to account numbers, policy numbers, ID numbers, etc. Data entry devices then perform check digit verification by using the original digits in the number to recalculate the check digit. If the recalculated check digit does not match the digit recorded on the source document, that result suggests that an error was made in recording or entering the number.

37 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart37 of 136 PROCESSING INTEGRITY The preceding tests are used for batch processing and online real-time processing. Both processing approaches also have some additional controls that are unique to each approach.

38 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart38 of 136 PROCESSING INTEGRITY Additional Batch Processing Data Entry Controls –In addition to the preceding controls, when using batch processing, the following data entry controls should be incorporated. Sequence check Tests whether the data is in the proper numerical or alphabetical sequence.

39 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart39 of 136 PROCESSING INTEGRITY Additional Batch Processing Data Entry Controls –In addition to the preceding controls, when using batch processing, the following data entry controls should be incorporated. Sequence check Error log Records information about data input or processing errors (when they occurred, cause, when they were corrected and resubmitted). Errors should be investigated, corrected, and resubmitted on a timely basis (usually with the next batch) and subjected to the same input validation routines. The log should be reviewed periodically to ensure that all errors have been corrected and then used to prepare an error report, summarizing errors by record type, error type, cause, and disposition.

40 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart40 of 136 PROCESSING INTEGRITY Additional Batch Processing Data Entry Controls –In addition to the preceding controls, when using batch processing, the following data entry controls should be incorporated. Sequence check Error log Batch totals Summarize key values for a batch of input records. Commonly used batch totals include: –Financial totals—sums of fields that contain dollar values, such as total sales. –Hash totals—sums of nonfinancial fields, such as the sum of all social security numbers of employees being paid. –Record count—count of the number of records in a batch. These batch totals are calculated and recorded when data is entered and used later to verify that all input was processed correctly.

41 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart41 of 136 PROCESSING INTEGRITY Additional online data entry controls –Online processing data entry controls include: Automatic entry of data Whenever possible, the system should automatically enter transaction data, such as next available document number or new ID number. Saves keying time and reduces errors.

42 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart42 of 136 PROCESSING INTEGRITY Additional online data entry controls –Online processing data entry controls include: Automatic entry of data Prompting System requests each input item and waits for an acceptable response.

43 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart43 of 136 PROCESSING INTEGRITY Additional online data entry controls –Online processing data entry controls include: Automatic entry of data Prompting Pre-formatting Fields that need to be completed are highlighted.

44 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart44 of 136 PROCESSING INTEGRITY Additional online data entry controls –Online processing data entry controls include: Automatic entry of data Prompting Pre-formatting Closed-loop verification Checks accuracy of input data by retrieving related information. Example: When a customer’s account number is entered, the associated customer’s name is displayed on the screen so the user can verify that entries are being made for the correct account.

45 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart45 of 136 PROCESSING INTEGRITY Additional online data entry controls –Online processing data entry controls include: Automatic entry of data Prompting Pre-formatting Closed-loop verification Transaction logs Maintains a detailed record of all transaction data, including: –A unique transaction identifier –Date and time of entry –Terminal from which entry is made –Transmission line –Operator identification –Sequence in which transaction is entered The log can be used to reconstruct a file that is damaged or can be used to ensure transactions are not lost or entered twice if a malfunction shuts down the system.

46 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart46 of 136 PROCESSING INTEGRITY Additional online data entry controls –Online processing data entry controls include: Automatic entry of data Prompting Pre-formatting Closed-loop verification Transaction logs Error messages Should indicate when an error occurred, which item, and how it should be corrected.

47 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart47 of 136 PROCESSING INTEGRITY Three categories of integrity controls are designed to meet the preceding objectives: –input controls –Processing controls –Output controls

48 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart48 of 136 PROCESSING INTEGRITY Processing Controls –Processing controls to ensure that data is processed correctly include: Data matching Two or more items must match before processing can proceed. Example: The quantity billed on the vendor invoice must match the quantity ordered on the purchase order and the quantity received on the receiving report.

49 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart49 of 136 PROCESSING INTEGRITY Processing Controls –Processing controls to ensure that data is processed correctly include: Data matching File labels External labels should be checked visually to ensure the correct and most current files are being updated. There are also two important types of internal labels to be checked. –The header record, located at the beginning of each file, contains the file name, expiration date, and other identification data. –The trailer record at the end of the file contains the batch totals calculated during input.

50 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart50 of 136 PROCESSING INTEGRITY Processing Controls –Processing controls to ensure that data is processed correctly include: Data matching File labels Recalculation of batch totals Batch totals should be recomputed as processing takes place. These totals should be compared to the totals in the trailer record. Discrepancies indicate processing errors, such as: –If the recomputed record count is smaller than the original count, one or more records were not processed. –If the recomputed record count is larger than the original, then additional unauthorized transactions were processed or some authorized transactions were processed twice. –If the discrepancy between totals is evenly divisible by 9, there was probably a transposition error (two adjacent digits were reversed).

51 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart51 of 136 PROCESSING INTEGRITY Processing Controls –Processing controls to ensure that data is processed correctly include: Data matching File labels Recalculation of batch totals Cross-footing balance test Compares arithmetic results produced by two different methods to verify accuracy. EXAMPLE: Compute the sum of column totals in a spreadsheet and compare it to a sum of the row totals.

52 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart52 of 136 PROCESSING INTEGRITY Processing Controls –Processing controls to ensure that data is processed correctly include: Data matching File labels Recalculation of batch totals Cross-footing balance test Write-protection mechanisms Protect against accidental writing over or erasing of data files but are not foolproof.

53 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart53 of 136 PROCESSING INTEGRITY Processing Controls –Processing controls to ensure that data is processed correctly include: Data matching File labels Recalculation of batch totals Cross-footing balance test Write-protection mechanisms RFID security Many businesses are replacing bar codes and manual tags with radio frequency identification (RFID) tags that can store up to 128 bytes of data. These tags should be write-protected so that unscrupulous customers cannot change price information on merchandise.

54 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart54 of 136 PROCESSING INTEGRITY Processing Controls –Processing controls to ensure that data is processed correctly include: Data matching File labels Recalculation of batch totals Cross-footing balance test Write-protection mechanisms Database processing integrity procedures Database systems use database administrators, data dictionaries, and concurrent update controls to ensure processing integrity. The administrator establishes and enforces procedures for accessing and updating the database. The data dictionary ensures that data items are defined and used consistently. Concurrent update controls protect records from being updated by two users simultaneously. –Locks one user out until the other has finished processing.

55 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart55 of 136 PROCESSING INTEGRITY Three categories of integrity controls are designed to meet the preceding objectives: –Input controls –Processing controls –Output controls

56 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart56 of 136 PROCESSING INTEGRITY Output Controls –Careful checking of system output provides additional control over processing integrity. –Output controls include: User review of output Users carefully examine output for reasonableness, completeness, and to assure they are the intended recipient.

57 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart57 of 136 PROCESSING INTEGRITY Output Controls –Careful checking of system output provides additional control over processing integrity. –Output controls include: User review of output Reconciliation procedures Periodically, all transactions and other system updates should be reconciled to control reports, file status/update reports, or other control mechanisms. Control accounts should also be reconciled to subsidiary account totals.

58 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart58 of 136 PROCESSING INTEGRITY Output Controls –Careful checking of system output provides additional control over processing integrity. –Output controls include: User review of output Reconciliation procedures External data reconciliation Database totals should periodically be reconciled with data maintained outside the system. EXAMPLE: Compare number of employee records in the payroll file to number in the human resources file. (Excess records in payroll suggests a “ghost” employee.)

59 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart59 of 136 AVAILABILITY Reliable systems are available for use whenever needed. Threats to system availability originate from many sources, including: –Hardware and software failures –Natural and man-made disasters –Human error –Worms and viruses –Denial-of-service attacks and other sabotage SECURITY CONFIDENTIALITY PRIVACY PROCESSING INTEGRITY AVAILABILITY SYSTEMS RELIABILITY

60 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart60 of 136 AVAILABILITY Proper controls can minimize the risk of significant system downtime caused by the preceding threats. It is impossible to totally eliminate all threats. Consequently, organizations must develop disaster recovery and business continuity plans to enable them to quickly resume normal operations after such an event.

61 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart61 of 136 AVAILABILITY –COBIT control objective DS 13.5 identifies the need for preventive maintenance. Examples: Cleaning disk drivers Properly storing magnetic and optical media –Use of redundant components can provide fault tolerance, which enables the system to continue functioning despite failure of a component. Examples of redundant components: Dual processors Arrays of multiple hard drives. Surge protection devices provide protection against temporary power fluctuations.

62 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart62 of 136 AVAILABILITY C OBI T control objectives DS 12.1 and 12.4 address the importance of proper location and design of rooms housing mission-critical servers and databases. –Raised floors protect from flood damage. –Fire protection and suppression devices reduce likelihood of fire damage. –Adequate air conditioning reduces likelihood of damage from over-heating or humidity. –Cables with special plugs that cannot be easily removed reduce risk of damage due to accidentally unplugging.

63 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart63 of 136 AVAILABILITY –An uninterruptible power supply (UPS) provides protection from a prolonged power outage and buys the system enough time to back up critical data and shut down safely.

64 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart64 of 136 AVAILABILITY Training is especially important. –Well-trained operators are less likely to make mistakes and more able to recover if they do. –Security awareness training, particularly concerning safe email and Web-browsing practices, can reduce risk of virus and worm infection. Anti-virus software should be installed, run, and kept current. Email should be scanned for viruses at both the server and desktop levels. Newly acquired software and disks, CDs, or DVDs should be scanned and tested first on a machine that is isolated from the main network. C OBI T control objective DS 13.1 stresses the importance of defining and documenting operational procedures and ensuring that operations staff understand their responsibilities.

65 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart65 of 136 AVAILABILITY Disaster Recovery and Business Continuity Planning –Disaster recovery and business continuity plans are essential if an organization hopes to survive a major catastrophe. –Being without an IS for even a short period of time can be quite costly—some report as high as half a million dollars per hour. –Yet many large U.S. companies do not have adequate disaster recovery and business continuity plans. Experience suggests that companies which experience a major disaster resulting in loss of use of their information system for more than a few days have a greater than 50% chance of going out of business.

66 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart66 of 136 AVAILABILITY The objectives of a disaster recovery and business continuity plan are to: –Minimize the extent of the disruption, damage, and loss –Temporarily establish an alternative means of processing information –Resume normal operations as soon as possible –Train and familiarize personnel with emergency operations

67 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart67 of 136 AVAILABILITY Key components of effective disaster recovery and business continuity plans include: –Data backup procedures –Provisions for access to replacement infrastructure (equipment, facilities, phone lines, etc.) –Thorough documentation –Periodic testing –Adequate insurance

68 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart68 of 136 AVAILABILITY Key components of effective disaster recovery and business continuity plans include: –Data backup procedures –Provisions for access to replacement infrastructure (equipment, facilities, phone lines, etc.) –Thorough documentation –Periodic testing –Adequate insurance

69 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart69 of 136 AVAILABILITY Data Backup Procedures –Data need to be backed up regularly and frequently. –A backup is an exact copy of the most current version of a database. It is intended for use in the event of a hardware or software failure. –The process of installing the backup copy for use is called restoration.

70 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart70 of 136 AVAILABILITY Several different backup procedures exist. –A full backup is an exact copy of the data recorded on another physical media (tape, magnetic disk, CD, DVD, etc.) –Restoration involves bringing the backup copy online. –Full backups are time consuming, so most organizations: Do full backups weekly Supplement with daily partial backups.

71 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart71 of 136 AVAILABILITY Two types of partial backups are possible: –Incremental backup Involves copying only the data items that have changed since the last backup. Produces a set of incremental backup files, each containing the results of one day’s transactions. Restoration: –First load the last full backup. –Then install each subsequent incremental backup in the proper sequence.

72 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart72 of 136 AVAILABILITY Two types of partial backups are possible: –Incremental backup –Differential backup All changes made since the last full backup are copied. Each new differential backup file contains the cumulative effects of all activity since the last full backup. Will normally take longer to do the backup than when incremental backup is used. Restoration: –First load the last full backup. –Then install the most recent differential backup file.

73 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart73 of 136 AVAILABILITY Whichever backup procedure is used, multiple backup copies should be created: –One can be stored on-site for use in minor incidents. –At least one additional copy should be stored off-site to be safe should a disaster occur Mirroring (maintaining two copies of the database at two separate data centers) is an alternative to these traditional backup methods. Mirroring is used by financial institutions and airlines, that cannot afford to lose transactions.

74 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart74 of 136 AVAILABILITY The offsite copies can be transported to remote storage physically or electronically. –The same security controls should apply as to original copies. Sensitive data should be encrypted in storage and during transmission. Access to the backup files should be carefully controlled and monitored.

75 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart75 of 136 AVAILABILITY Backups are retained for only a fixed period of time. An archive is a copy of a database, master file, or software that will be retained indefinitely as an historical record, usually to satisfy legal and regulatory requirements. Multiple copies of archives should be made and stored in different locations. Appropriate security controls should also be applied to these files. Tape or disk? Disk backup is faster and disks are less easily lost. Tape, however, is cheaper, easier to transport, and more durable. Many organizations use both. Data is first backed up to disk, for speed, and then transferred to tape. Archives are usually stored on tape.

76 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart76 of 136 AVAILABILITY Key components of effective disaster recovery and business continuity plans include: –Data backup procedures –Provisions for access to replacement infrastructure (equipment, facilities, phone lines, etc.) –Thorough documentation –Periodic testing –Adequate insurance

77 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart77 of 136 AVAILABILITY Infrastructure Replacement –Major disasters can totally destroy an organization’s information processing center or make it inaccessible. –A key component of disaster recovery and business continuity plans incorporates provisions for replacing the necessary computing infrastructure, including: Computers Network equipment and access Telephone lines Office equipment Supplies –It may even be necessary to hire temporary staff. How much time can the organization afford to be without its information system? The recovery time objective (RTO) represents the time following a disaster by which the organization’s information system must be available again.

78 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart78 of 136 AVAILABILITY Organizations have three basic options for replacing computer and networking equipment. –Reciprocal agreements The least expensive approach. The organization enters into an agreement with another organization that uses similar equipment to have temporary access to and use of their information system resources in the event of a disaster. Effective solutions for disasters of limited duration and magnitude, especially for small organizations. Not optimal in major disasters as: –The host organization may also be affected. –The host also needs the resources.

79 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart79 of 136 AVAILABILITY Organizations have three basic options for replacing computer and networking equipment. –Reciprocal agreements –Cold sites An empty building is purchased or leased and pre-wired for necessary telephone and Internet access. Contracts are created with vendors to provide all necessary computer and office equipment within a specified period of time. Still leaves the organization without use of the IS for a period of time.

80 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart80 of 136 AVAILABILITY Organizations have three basic options for replacing computer and networking equipment. –Reciprocal agreements –Cold sites –Hot sites Most expensive solution but used by organizations like financial institutions and airlines which cannot survive any appreciable time without there IS. The hot site is a facility that is pre-wired for phone and Internet (like the cold site) but also contains the essential computing and office equipment. It is a backup infrastructure designed to provide fault tolerance in the event of a major disaster.

81 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart81 of 136 AVAILABILITY Key components of effective disaster recovery and business continuity plans include: –Data backup procedures –Provisions for access to replacement infrastructure (equipment, facilities, phone lines, etc.) –Thorough documentation –Periodic testing –Adequate insurance

82 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart82 of 136 AVAILABILITY Documentation –An important and often overlooked component. Should include: The disaster recovery plan itself, including instructions for notifying appropriate staff and the steps to resume operation, needs to be well documented. Assignment of responsibility for the various activities. Vendor documentation of hardware and software. Documentation of modifications made to the default configuration (so replacement will have the same functionality). Detailed operating instructions. –Copies of all documentation should be stored both on-site and off-site.

83 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart83 of 136 AVAILABILITY Key components of effective disaster recovery and business continuity plans include: –Data backup procedures –Provisions for access to replacement infrastructure (equipment, facilities, phone lines, etc.) –Thorough documentation –Periodic testing –Adequate insurance

84 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart84 of 136 AVAILABILITY Testing –Periodic testing and revision is probably the most important component of effective disaster recovery and business continuity plans. Most plans fail their initial test, because it’s impossible to anticipate everything that could go wrong. The time to discover these problems is before the actual emergency and in a setting where the weaknesses can be carefully analyzed and appropriate changes made.

85 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart85 of 136 AVAILABILITY Plans should be tested on at least an annual basis to ensure they reflect recent changes in equipment and procedures. –Important to test procedures involved in executing reciprocal agreements or hot or cold sites. –Backup restoration procedures also require practice.

86 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart86 of 136 AVAILABILITY Key components of effective disaster recovery and business continuity plans include: –Data backup procedures –Provisions for access to replacement infrastructure (equipment, facilities, phone lines, etc.) –Thorough documentation –Periodic testing –Adequate insurance

87 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart87 of 136 AVAILABILITY Insurance –Organizations should acquire adequate insurance coverage to defray part or all of the expenses associated with implementing their disaster recovery and business continuity plans.

88 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart88 of 136 CHANGE MANAGEMENT CONTROLS Organizations constantly modify their information systems to reflect new business practices and to take advantage of advances in IT. Controls are needed to ensure such changes don’t negatively impact reliability. Existing controls related to security, confidentiality, privacy, processing integrity, and availability should be modified to maintain their effectiveness after the change. Change management controls need to ensure adequate segregation of duties is maintained in light of the modifications to the organizational structure and adoption of new software.

89 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart89 of 136 CHANGE MANAGEMENT CONTROLS Important change management controls include: –All change requests should be documented in a standard format that identifies: Nature of the change Reason for the change Date of the request –All changes should be approved by appropriate levels of management. Approvals should be clearly documented to provide an audit trail. Management should consult with the CSO and other IT managers about impact of the change on reliability.

90 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart90 of 136 CHANGE MANAGEMENT CONTROLS –Changes should be thoroughly tested prior to implementation. Includes assessing effect of change on all five principles of systems reliability. Should occur in a separate, non-production environment. –All documentation (program instructions, system descriptions, backup and disaster recovery plans) should be updated to reflect authorized changes to the system. –“Emergency” changes or deviations from policy must be documented and subjected to a formal review and approval process as soon after implementation as practicable. All such actions should be logged to provide an audit trail. When changing systems, data from old files and databases are entered into new data structures. Conversion controls help ensure that the new data storage media are free of errors. Old and new systems should be run in parallel at least once and results compared to identify discrepancies. Internal auditors should review data conversion processes for accuracy.

91 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart91 of 136 CHANGE MANAGEMENT CONTROLS –“Backout” plans should be developed for reverting to the previous configuration if the approved changes need to be interrupted or aborted. –User rights and privileges should be carefully monitored during the change process to ensure proper segregation of duties.

92 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart92 of 136 CHANGE MANAGEMENT CONTROLS The most important change management control is adequate monitoring and review by top management to ensure that the changes are consistent with the entity’s multiyear strategic plan. Objective: Be sure the system continues to effectively support the organization’s strategy. Steering committees are often created to perform this function.

93 © 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart93 of 136 SUMMARY In this chapter, you’ve learned about the controls used to protect the confidentiality of sensitive information and the controls used to protect the privacy of customer information. You’ve also learned about controls that help ensure processing integrity. Finally, you’ve learned about controls to ensure that the system is available when needed.


Download ppt "© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 136 C HAPTER 8 Information Systems Controls for System."

Similar presentations


Ads by Google