We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byDiana Heath
Modified over 5 years ago
Copyright © 2015 Pearson Education, Inc. Processing Integrity and Availability Controls Chapter 10 10-1
Copyright © 2015 Pearson Education, Inc. Learning Objectives Identify and explain controls designed to ensure processing integrity. Identify and explain controls designed to ensure systems availability. 10-2
Copyright © 2015 Pearson Education, Inc. PROCESSING INTEGRITY A reliable system produces information that is accurate, timely, reflects results of only authorized transactions, and includes outcomes of all activities engaged in by the organization during a given period of time. Requires controls over both data input quality and the processing of the data. SECURITY CONFIDENTIALITY PRIVACY PROCESSING INTEGRITY AVAILABILITY SYSTEMS RELIABILITY
Copyright © 2015 Pearson Education, Inc. Processing Integrity Controls Input ▫Forms design Sequentially prenumbered/sequence test ▫Turnaround documents 10-4
Copyright © 2015 Pearson Education, Inc. Processing Integrity: Data Entry Controls Field check ▫Characters in a field are proper type Sign check ▫Data in a field is appropriate sign (positive/negative) Limit check ▫Tests numerical amount against a fixed value Range check ▫Tests numerical amount against lower and upper limits Size check ▫Input data fits into the field Completeness check ▫Verifies that all required data is entered Validity check ▫Compares data from transaction file to that of master file to verify existence Reasonableness test ▫Correctness of logical relationship between two data items Check digit verification ▫Recalculating check digit to verify data entry error has not been made Key verification ▫Requires entering key data in twice to verify its accuracy 10-5
Copyright © 2015 Pearson Education, Inc. Input Controls The preceding tests are used for batch processing and online real-time processing. Both processing approaches also have some additional controls that are unique to each approach.
Copyright © 2015 Pearson Education, Inc. Batch Input Controls Batch Processing ▫Input multiple source documents at once in a group In addition to the preceding controls, when using batch processing, the following data entry controls should be incorporated. Sequence check Error log Batch totals
Copyright © 2015 Pearson Education, Inc. Batch Input Controls Batch Totals ▫Compare input totals to output totals Financial Sums a field that contains monetary values Hash Sums a nonfinancial numeric field Record count The number of records in a batch
Copyright © 2015 Pearson Education, Inc. Online Data Entry Controls Prompting ▫System prompts you for input (online completeness check) Closed-loop verification ▫Checks accuracy of input data by using it to retrieve and display other related information (e.g., customer account # retrieves the customer name) Transaction logs
Copyright © 2015 Pearson Education, Inc. Processing Controls Data matching ▫Two or more items must be matched before an action takes place File labels ▫Ensures correct and most updated file is used Recalculation of batch totals Cross-footing ▫Verifies accuracy by comparing two alternative ways of calculating the same total Zero-balance tests ▫For control accounts (e.g., payroll clearing) Write-protection mechanisms ▫Protect against overwriting or erasing data Concurrent update controls ▫Prevent error of two or more users updating the same record at the same time 10-10
Copyright © 2015 Pearson Education, Inc. Output Controls User review of output Reconciliation ▫Procedures to reconcile to control reports (e.g., general ledger A/R account reconciled to Accounts Receivable Subsidiary Ledger) ▫External data reconciliation Data transmission controls 1.Checksums – hash of file transmitted, comparison made of hash before and after transmission 2.Parity checking 10-11
Copyright © 2015 Pearson Education, Inc. Output Controls Parity checking ▫Computers represent characters as a set of binary digits (bits). ▫For example, “5” is represented by the seven-bit pattern 0000101. ▫When data are transmitted some bits may be lost or received incorrectly. ▫Two basic schemes to detect these events are referred to as even parity and odd parity. ▫In either case, an additional bit is added to the digit being transmitted.
Copyright © 2015 Pearson Education, Inc. AVAILABILITY Reliable systems are available for use whenever needed. Threats to system availability originate from many sources, including: ▫Hardware and software failures ▫Natural and man-made disasters ▫Human error ▫Worms and viruses ▫Denial-of-service attacks and other sabotage SECURITY CONFIDENTIALITY PRIVACY PROCESSING INTEGRITY AVAILABILITY SYSTEMS RELIABILITY
Copyright © 2015 Pearson Education, Inc. Availability Controls Preventive maintenance Fault tolerance ▫Use of redundant components Data center location and design ▫Raised floor ▫Fire suppression ▫Air conditioning ▫Uninterruptible power supply (UPS) ▫Surge protection Training Patch management and antivirus software Backup procedures ▫Incremental Copies only items that have changed since last partial backup ▫Differential backup Copies all changes made since last full backup Disaster recovery plan (DRP) ▫Procedures to restore organization’s IT function Business continuity plan (BCP) ▫How to resume all operations, not just IT 10-14
Copyright © 2015 Pearson Education, Inc. AVAILABILITY Disaster Recovery and Business Continuity Planning Objectives: ▫Minimize the extent of the disruption, damage, and loss ▫Temporarily establish an alternative means of processing information ▫Resume normal operations as soon as possible ▫Train and familiarize personnel with emergency operations Recovery point objective (RPO) Recovery time objective (RTO)
Copyright © 2015 Pearson Education, Inc. AVAILABILITY Organizations have three basic options for replacing computer and networking equipment. ▫Cold sites ▫Hot sites ▫Real-time mirroring
Copyright © 2015 Pearson Education, Inc. AVAILABILITY Documentation ▫An important and often overlooked component. Should include: The disaster recovery plan itself, including instructions for notifying appropriate staff and the steps to resume operation, needs to be well documented. Assignment of responsibility for the various activities. Vendor documentation of hardware and software. Documentation of modifications made to the default configuration (so replacement will have the same functionality). Detailed operating instructions. ▫Copies of all documentation should be stored both on- site and off-site.
Copyright © 2015 Pearson Education, Inc. AVAILABILITY Testing ▫Periodic testing and revision is probably the most important component of effective disaster recovery and business continuity plans. Most plans fail their initial test, because it’s impossible to anticipate everything that could go wrong. The time to discover these problems is before the actual emergency and in a setting where the weaknesses can be carefully analyzed and appropriate changes made.
Chapter 16: Recovery System
Presented to the Tallahassee ISACA Chapter
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
General Ledger and Reporting System
Overview of Transaction Processing and Enterprise Resource Planning Systems Chapter 2.
Auditing Computer-Based Information Systems
Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.
Auditing Computer Systems
9 - 1 Computer-Based Information Systems Control.
Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.
Chapter 14 System Controls. A Quote “The factory of the future will have only two employees, a man and a dog. The man will be there to feed the dog. The.
THE AUDITING OF INFORMATION SYSTEMS
Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.
MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan1 Systems Design, Implementation, Maintenance, and Review Chapter 13.
1 Output Controls Ensure that system output is not lost, misdirected, or corrupted and that privacy is not violated. Exposures of this sort can cause serious.
Information Systems Controls for System Reliability Part 2: Confidentiality, Privacy, Processing Integrity, and Availability SYSTEMS RELIABILITY CONFIDENTIALITY.
© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 136 C HAPTER 8 Information Systems Controls for System.
Processing Integrity and Availability Controls
Auditing Auditing & Automated Systems Chapter 22 Auditing & Automated Systems Chapter 22.
© 2021 SlidePlayer.com Inc. All rights reserved.