Processing Integrity and Availability Controls

Copyright © 2015 Pearson Education, Inc.

Processing Integrity and Availability ControlsChapter 10

10-1


Processing Integrity Controls

•Input▫Forms design Sequentially prenumbered

Control to identify potential missing transaction Cut down on errors by making data entry easier

▫Turnaround documents Eliminate errors in data entry

10-2


Processing Integrity: Data Entry Controls

• Field check▫Characters in a field are

proper type • Sign check

▫Data in a field is appropriate sign (positive/negative)

• Limit check▫Tests numerical amount

against a fixed value• Range check

▫Tests numerical amount against lower and upper limits

• Size check▫Input data fits into the field

• Completeness check▫Verifies that all required data

is entered• Validity check

▫Compares data from transaction file to that of master file to verify existence

• Reasonableness test▫Correctness of logical

relationship between two data items

• Check digit verification▫Recalculating check digit to

verify data entry error has not been made

10-3


Additional Data Entry Controls• Batch processing

▫Sequence check Test of batch data in

proper numerical or alphabetical sequence

▫Error logs▫Batch totals

Summarize numeric values for a batch of input records Financial total Hash total Record count

• Online▫Employee Access controls▫Automatic data entry▫Prompting

System prompts you for input (online completeness check)

▫Closed-loop verification Checks accuracy of input

data by using it to retrieve and display other related information (e.g., customer account # retrieves the customer name)

▫Transaction logs▫Error Messages

10-4


Processing Controls• Data matching

▫Two or more items must be matched before an action takes place

• File labels▫Ensures correct and most

updated file is used• Recalculation of batch

totals

• Cross-footing ▫Verifies accuracy by

comparing two alternative ways of calculating the same total

• Zero-balance tests▫For control accounts (e.g.,

payroll clearing)• Write-protection mechanisms

▫Protect against overwriting or erasing data

• Concurrent update controls▫Prevent error of two or

more users updating the same record at the same time

10-5


Output Controls•User review of output•Reconciliation

Procedures to reconcile to control reports (e.g., general ledger A/R account reconciled to Accounts Receivable Subsidiary Ledger)

•External data reconciliation•Data transmission controls

Check sums▫Hash of file transmitted, comparison made of hash before and after transmission

Parity checking▫Bit added to each character transmitted, the characters can then be verified for accuracy

10-6


Output Controls•Message Acknowledgment Techniques for data transmission (let the sender of an electronic message know that a message was received)▫Echo Check When data are transmitted, the system calculates a summary statistic , receiving unit performs the same calculation and sends back to source. If they agree, accuracy is assumed

▫Trailer Record sending unit stores control totals in a trailer record

receiving unit uses that information to verify that the entire message was received

10-7


Processing Integrity Controls(Spreadsheets)

•Spreadsheets usually developed by end user

•Lack of application controls•Solutions

▫Multiple people evaluate all cells for possible error

▫Cell formulas. Do not hardwireUse cell references

▫input/output section

10-8


Controls Ensuring Availability•Systems or information need to be available 24/7▫It is not possible to ensure this so:

10-9


Availability Controls• Preventive maintenance• Fault tolerance

▫Use of redundant components

• Data center location and design▫Raised floor▫Fire suppression▫Air conditioning▫Uninterruptible power

supply (UPS) or back-up generator

▫Surge protection• Patch management and

antivirus software

• Backup procedures▫Full(probably weekly)▫Incremental

Copies only items that have changed since last partial backup

▫Differential backup Copies all changes made

since last full backup• Disaster recovery plan

(DRP)▫Procedures to restore

organization’s IT function Cold site Hot site

• Business continuity plan (BCP)▫How to resume all

operations, not just IT

10-10


11

10-11


Disaster Recovery Plan (DRP)

•Procedures to restore an organization’s IT function in the event that its data center is destroyed▫Cold Site An empty building that is prewired for necessary telephone and Internet access, plus a contract with one or more vendors to provide all necessary equipment within a specified period of time

▫Hot Site A facility that is not only prewired for telephone and Internet access but also contains all the computing and office equipment the organization needs to perform its essential business activities

▫Second Data-CenterUsed for back-up and site mirroring

10-12


Recovery

•Business Continuity Plan (BCP)▫How to resume not only IT operations, but all business processesRelocating to new officesHiring temporary replacements

10-13


DRP & BCP

•Documentation▫Plan, responsibilities, procedures to resume operations should be documented

•Testing▫Test to make sure it works as intended▫Revise as needed▫Should test at least on an annual basis

10-14

Copyright © 2015 Pearson Education, Inc. 15

Virtualization & Cloud Computing•Virtualization

▫Can reduce time to recover from hardware problems Install files to new box

▫Support real time mirroring•Cloud Computing

▫Use redundant banks of servers in multiple locations Reduces risk of system downtime and data loss

▫Potential problem Data retrieval if public cloud provider goes belly-up

Policy of making regular back-ups and storing somewhere other than cloud necessary

▫Assess long-run financial viability of cloud provider before taking the plunge

Date post:	04-Jan-2016
Category:	Documents
Upload:	dawn
View:	74 times
Download:	1 times

Processing Integrity and Availability Controls

Documents