Presentation is loading. Please wait.

Presentation is loading. Please wait.

PowerPoint Presentation by Charlie Cook Copyright © 2004 South-Western. All rights reserved. Chapter 9 Controlling Information Systems: Process Controls.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "PowerPoint Presentation by Charlie Cook Copyright © 2004 South-Western. All rights reserved. Chapter 9 Controlling Information Systems: Process Controls."— Presentation transcript:

1 PowerPoint Presentation by Charlie Cook Copyright © 2004 South-Western. All rights reserved. Chapter 9 Controlling Information Systems: Process Controls Controlling Information Systems: Process Controls

2 Copyright © 2004 South-Western. All rights reserved.9–2 Learning Objectives To be able to prepare a control matrix To describe the generic process control plans introduced in this chapter To describe how these process controls accomplish control goals To describe why these generic process controls are important to organizations with enterprise systems and those that are engaged in e- business

3 Copyright © 2004 South-Western. All rights reserved.9–3 Elements of the Control Matrix FIGURE 9.1

4 Copyright © 2004 South-Western. All rights reserved.9–4 Causeway Company Annotated Systems Flowchart FIGURE 9.2

5 Copyright © 2004 South-Western. All rights reserved.9–5 Steps in Preparing the Control Matrix Review system flowchart and related narrative  Identify business process  Important resources  Input, output, storage  Master data being updated List goals germane to process List set of recommended control plans

6 Copyright © 2004 South-Western. All rights reserved.9–6 Steps in Preparing the Control Matrix (cont’d) Examine flowchart and narrative  For implemented control plan, enter “P-x”  For missing control plan, enter “M-x” At bottom of control matrix  Provide short statement about how each existing control plan satisfies related control goal.  Provide statement about the significance of each missing control plan.

7 Copyright © 2004 South-Western. All rights reserved.9–7 Systems Flowchart Data Entry Without Master Data Available FIGURE 9.3

8 Copyright © 2004 South-Western. All rights reserved.9–8 FIGURE 9.4 Control Matrix for Data Entry Without Master Data KEY: Possible operations process goals include: A = To ensure timely processing of (blank) event data B = (describe) IV = input validity IC = input completeness IA = input accuracy UC = update completeness UA = update accuracy

9 Copyright © 2004 South-Western. All rights reserved.9–9 Online Processing Control Plans P-1: Document design  Source document is designed in such a way that makes it easier to prepare initially and later to input data from the document. P-2: Written approvals  Requiring a signature or initials on a document to indicate that a person has authorized the event.

10 Copyright © 2004 South-Western. All rights reserved.9–10 Online Processing Control Plans (cont.) P-3: Preformatted screens  Help guide entry of data.  May fix length of fields, “case” of field entered.  Cursor moves to fields. P-4: Online prompting  Program prompts user to work in sequence and asks questions that control operations.

11 Copyright © 2004 South-Western. All rights reserved.9–11 Online Processing Control Plans (cont.) P-5: Programmed edit checks  Automatically performed when data entered.  Reasonableness (limit checks): tests whether data fall within predetermined limits (e.g.,< $5,000/week pay).  Dependency: logic of data entered to other data entered.  Math accuracy: does math independently; checks user’s calculations.

12 Copyright © 2004 South-Western. All rights reserved.9–12 Online Processing Control Plans (cont’d) P-5: Programmed edit checks (cont’d)  Format checks—tests format on input  Missing data  Alpha in alpha fields; numbers in numeric fields  Input field proper size  Input field within set range (example: customer gender) P-6: Interactive feedback checks  Feedback to user that entry is accepted/rejected.

13 Copyright © 2004 South-Western. All rights reserved.9–13 Online Processing Control Plans (cont’d) M-1: Key verification  Documents keyed by one individual and rekeyed by another individual.  Very expensive technique P-7: Procedures for rejected inputs  Designed to ensure that rejected data (not accepted for processing) are corrected and resubmitted for processing.

14 Copyright © 2004 South-Western. All rights reserved.9–14 Systems Flowchart Data Entry with Master Data Available FIGURE 9.5

15 Copyright © 2004 South-Western. All rights reserved.9–15 Control Matrix for Data Entry with Master Data FIGURE 9.6 IV = Input validity IC = Input completeness IA = Input accuracy UC = Update completeness UA = Update accuracy Key: Operations Process Possible operations include: A = Ensure timely processing of order event data B = (describe)

16 Copyright © 2004 South-Western. All rights reserved.9–16 Systems Flowchart Data Entry with Batches FIGURE 9.7

17 Copyright © 2004 South-Western. All rights reserved.9–17 Control Matrix for Data Entry with Batches FIGURE 9.8 KEY: Operations process Possible operations process include: A = To ensure timely processing of shipping event data B = (describe) IV = input validity IC = input completeness IA = input accuracy UC = update completeness UA = update accuracy

18 Copyright © 2004 South-Western. All rights reserved.9–18 Control Plans: Batch Calculate batch totals -  Document/record counts  Item or line counts  Dollar totals  Hash totals - total of fields not normally totaled  Example: invoices, parts, and social security numbers. Computer agreement of batch totals  Batch total calculated manually and entered with batch.  Computer accumulates batch total during processing.  Computer generates report comparing totals.

19 Copyright © 2004 South-Western. All rights reserved.9–19 Control Plans: Batch (cont.) Manual agreement of batch totals  Similar to above except manually calculated batch totals not submitted to computer.  Computer produces report with batch total.  Person compares two and takes appropriate action. Sequence checks  Controlling sequentially numbered documents  Accounting for all numbers in sequence to find missing documents.  Applies to sequentially numbered batches of documents to ensure they are in order.

20 Copyright © 2004 South-Western. All rights reserved.9–20 Control Plans: Batch (cont’d) Key verification  Extremely expensive control plan where a second data entry person keys in source data to compare with data already entered. Rarely used in practice. Written approvals  A requirement that handwritten signatures be affixed to documents indicating approval/authorization. Computer preparation of business documents  Part of output of computer process  More efficient (and legible) than manual processes

21 Copyright © 2004 South-Western. All rights reserved.9–21 Control Plans - Batch (cont’d) Rejection procedures  Establish procedures to be followed when errors are entered and erroneous records rejected by computer.  Rejected records may written to a suspense file and require periodic follow-up. Prerecorded data  Examples: serial numbers, MICR a/c #s, dept. #s  Printed on forms so that manual entry is not required.  Turnaround documents  Prerecorded data to capture input on subsequent processing. Example: RA stub attached to invoice.

22 Copyright © 2004 South-Western. All rights reserved.9–22 Computer Agreement of Batch Totals Control Plan FIGURE 9.9

23 Copyright © 2004 South-Western. All rights reserved.9–23 Example of Data Encryption FIGURE 9.10

24 Copyright © 2004 South-Western. All rights reserved.9–24 Illustration of Public-Key Cryptography and Digital Signatures FIGURE 9.11 (a) Encrypting the MESSAGE

25 Copyright © 2004 South-Western. All rights reserved.9–25 Causeway Company Systems Flowchart to Accompany Problem 9-1 FIGURE 9.12

Download ppt "PowerPoint Presentation by Charlie Cook Copyright © 2004 South-Western. All rights reserved. Chapter 9 Controlling Information Systems: Process Controls."

Similar presentations

PowerPoint Presentation by Charlie Cook Copyright © 2004 South-Western. All rights reserved. Chapter 10 The Order-to- Cash Process: Part I, Marketing and.

PowerPoint Presentation by Charlie Cook Copyright © 2004 South-Western. All rights reserved. Chapter 10 The Order-to- Cash Process: Part I, Marketing and.
Module 3: Business Information Systems

Module 3: Business Information Systems
Application Security By Prashant Mali.

Application Security By Prashant Mali.
Presented to the Tallahassee ISACA Chapter

Presented to the Tallahassee ISACA Chapter
Overview of Transaction Processing and Enterprise Resource Planning Systems Chapter 2.

Overview of Transaction Processing and Enterprise Resource Planning Systems Chapter 2.
Documenting Information Systems

Documenting Information Systems
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
Documenting Information Systems

Documenting Information Systems
PowerPoint Presentation by Charlie Cook Copyright © 2004 South-Western. All rights reserved. Chapter 2 Documenting Business Processes and Information Systems.

PowerPoint Presentation by Charlie Cook Copyright © 2004 South-Western. All rights reserved. Chapter 2 Documenting Business Processes and Information Systems.
3.1 Data and Information –The rapid development of technology exposes us to a lot of facts and figures every day. –Some of these facts are not very meaningful.

3.1 Data and Information –The rapid development of technology exposes us to a lot of facts and figures every day. –Some of these facts are not very meaningful.
PowerPoint Presentation by Charlie Cook Copyright © 2004 South-Western. All rights reserved. Chapter 12 The “Purchase-to-Pay” (PtoP) Process.

PowerPoint Presentation by Charlie Cook Copyright © 2004 South-Western. All rights reserved. Chapter 12 The “Purchase-to-Pay” (PtoP) Process.
P-1: Enter cash receipts close to originating source Ensure effectiveness of operations: As reflected by the entries in goal columns A and B under process.

P-1: Enter cash receipts close to originating source Ensure effectiveness of operations: As reflected by the entries in goal columns A and B under process.
Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.

Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.
PowerPoint Presentation by Charlie Cook Copyright © 2004 South-Western. All rights reserved. Chapter 11 The “Order-to-Cash” Process: Part II, Revenue Collection.

PowerPoint Presentation by Charlie Cook Copyright © 2004 South-Western. All rights reserved. Chapter 11 The “Order-to-Cash” Process: Part II, Revenue Collection.
Chapter 14 System Controls. A Quote “The factory of the future will have only two employees, a man and a dog. The man will be there to feed the dog. The.

Chapter 14 System Controls. A Quote “The factory of the future will have only two employees, a man and a dog. The man will be there to feed the dog. The.
Chapter 9 Describing Process Specifications and Structured Decisions

Chapter 9 Describing Process Specifications and Structured Decisions
Data Model Examples: DFD’s and System Flowcharts

Data Model Examples: DFD’s and System Flowcharts
Databases and Processing Modes. Fundamental Data Storage Concepts and Definitions What is an entity? An entity is something about which information is.

Databases and Processing Modes. Fundamental Data Storage Concepts and Definitions What is an entity? An entity is something about which information is.
Processing Integrity and Availability Controls

Processing Integrity and Availability Controls
Overview of Transaction Processing and Enterprise Resource Planning Systems Chapter 2.

Overview of Transaction Processing and Enterprise Resource Planning Systems Chapter 2.

Similar presentations

Ads by Google