1 / 15

Processing Integrity and Availability Controls

Processing Integrity and Availability Controls. Chapter 10. Processing Integrity Controls. Input Forms design Sequentially prenumbered Control to identify potential missing transaction Cut down on errors by making data entry easier Turnaround documents Eliminate errors in data entry.

dawn
Download Presentation

Processing Integrity and Availability Controls

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Processing Integrity and Availability Controls Chapter 10

  2. Processing Integrity Controls • Input • Forms design • Sequentially prenumbered • Control to identify potential missing transaction • Cut down on errors by making data entry easier • Turnaround documents • Eliminate errors in data entry

  3. Processing Integrity: Data Entry Controls • Field check • Characters in a field are proper type • Sign check • Data in a field is appropriate sign (positive/negative) • Limit check • Tests numerical amount against a fixed value • Range check • Tests numerical amount against lower and upper limits • Size check • Input data fits into the field • Completeness check • Verifies that all required data is entered • Validity check • Compares data from transaction file to that of master file to verify existence • Reasonableness test • Correctness of logical relationship between two data items • Check digit verification • Recalculating check digit to verify data entry error has not been made

  4. Additional Data Entry Controls • Batch processing • Sequence check • Test of batch data in proper numerical or alphabetical sequence • Error logs • Batch totals • Summarize numeric values for a batch of input records • Financial total • Hash total • Record count • Online • Employee Access controls • Automatic data entry • Prompting • System prompts you for input (online completeness check) • Closed-loop verification • Checks accuracy of input data by using it to retrieve and display other related information (e.g., customer account # retrieves the customer name) • Transaction logs • Error Messages

  5. Processing Controls • Data matching • Two or more items must be matched before an action takes place • File labels • Ensures correct and most updated file is used • Recalculation of batch totals • Cross-footing • Verifies accuracy by comparing two alternative ways of calculating the same total • Zero-balance tests • For control accounts (e.g., payroll clearing) • Write-protection mechanisms • Protect against overwriting or erasing data • Concurrent update controls • Prevent error of two or more users updating the same record at the same time

  6. Output Controls • User review of output • Reconciliation • Procedures to reconcile to control reports (e.g., general ledger A/R account reconciled to Accounts Receivable Subsidiary Ledger) • External data reconciliation • Data transmission controls • Check sums • Hash of file transmitted, comparison made of hash before and after transmission • Parity checking • Bit added to each character transmitted, the characters can then be verified for accuracy

  7. Output Controls • Message Acknowledgment Techniques for data transmission (let the sender of an electronic message know that a message was received) • Echo Check • When data are transmitted, the system calculates a summary statistic , receiving unit performs the same calculation and sends back to source. If they agree, accuracy is assumed • Trailer Record • sending unit stores control totals in a trailer record • receiving unit uses that information to verify that the entire message was received

  8. Processing Integrity Controls(Spreadsheets) • Spreadsheets usually developed by end user • Lack of application controls • Solutions • Multiple people evaluate all cells for possible error • Cell formulas. • Do not hardwire • Use cell references • input/output section

  9. Controls Ensuring Availability • Systems or information need to be available 24/7 • It is not possible to ensure this so:

  10. Availability Controls • Preventive maintenance • Fault tolerance • Use of redundant components • Data center location and design • Raised floor • Fire suppression • Air conditioning • Uninterruptible power supply (UPS) or back-up generator • Surge protection • Patch management and antivirus software • Backup procedures • Full(probably weekly) • Incremental • Copies only items that have changed since last partial backup • Differential backup • Copies all changes made since last full backup • Disaster recovery plan (DRP) • Procedures to restore organization’s IT function • Cold site • Hot site • Business continuity plan (BCP) • How to resume all operations, not just IT

  11. 10-11

  12. Disaster Recovery Plan (DRP) • Procedures to restore an organization’s IT function in the event that its data center is destroyed • Cold Site • An empty building that is prewired for necessary telephone and Internet access, plus a contract with one or more vendors to provide all necessary equipment within a specified period of time • Hot Site • A facility that is not only prewired for telephone and Internet access but also contains all the computing and office equipment the organization needs to perform its essential business activities • Second Data-Center • Used for back-up and site mirroring

  13. Recovery • Business Continuity Plan (BCP) • How to resume not only IT operations, but all business processes • Relocating to new offices • Hiring temporary replacements

  14. DRP & BCP • Documentation • Plan, responsibilities, procedures to resume operations should be documented • Testing • Test to make sure it works as intended • Revise as needed • Should test at least on an annual basis

  15. Virtualization & Cloud Computing • Virtualization • Can reduce time to recover from hardware problems • Install files to new box • Support real time mirroring • Cloud Computing • Use redundant banks of servers in multiple locations • Reduces risk of system downtime and data loss • Potential problem • Data retrieval if public cloud provider goes belly-up • Policy of making regular back-ups and storing somewhere other than cloud necessary • Assess long-run financial viability of cloud provider before taking the plunge

More Related