B0047 : Explain the different control issues in management information systems.

Control Issues in Management Information Systems.

Answer : Control
Control is the process through which manager assures that actual activities are according to standards leading to achieving of
common goals. The control process consists of measurement of progress, achieving of common goals and detects the deviations if
any in time and takes corrective action before things go beyond control. Information systems operate in real world situations which
are always changing and there are lots of problems. Information systems are vulnerable to various threats and abuses. Some of the
points are memory, communications links, microwave signal, telephone lines etc.
Security Control
The resources of information systems like hardware, software, and data, need to be protected preferably by build in control to
assure their quality and security.
Types of Security Control:
Administrative control
Information systems control
Procedural control
Physical facility control
Administrative Control
Systems analysts are actually responsible for designing and implementing but these people need the help of the top management in
executing the control measure. Top executives provide leadership in setting the control policy. Without their full support, the control
system cannot achieve its goal.

Information System Control

Information system control assures the accuracy, validity and proprietary of information system activities. Control must be there to
ensure proper data entry processing techniques, storage methods and information output. Accordingly management information
system control are designed to see or monitor and maintain quality, security of the input process, output and storage activities of
an information system.
Input Control
As we know whatever we give to computer the computer processes that and returns the result to us. Because of this very fact,
there is a need to control the data entry process. The types of input control are:
Transaction Codes: Before any transaction can be input into the system, a specific code should be assigned to it. This
aids in its authorization.
Forms: a source document or screen forms should be used to input data and such forms must adhere to certain rules.
Verification: Source document prepared by one clerk can be verified by another clerk to improve accuracy.
Controltotals: Data entry and other system activities are frequently monitored by the use of control-total. For
example, record count is a control-total that consist of counting the total number of source documents or other input records and
compare them at other stage of data entry. If totals do not match, then a mistake is indicated.
Check digit: These are used for checking important codes such as customer number to verify the correctness.
Labels: It contains data such as file name, and date of creation so that a check can be made that correct file is used for
processing.
Character and field checking: Characters are checked for proper mode numeric, alphabetic, alphanumeric fields to
see if they are filled in properly.
Processing Control
Input and processing data are so interrelated that we can take them as first line of defense. Once data is fed into the computer,
controls are embedded in various computer programs to help, detect not only input errors but also processing errors. Processing
controls are included to check arithmetic calculations and logical operations. They are also used to ensure that data are not lost or
do not go unprocessed. Processing control is further divided into hardware and software control.
Output Control
These are developed to ensure that processed information is correct, complete and is transmitted to authorized user in a timely
manner. The output control are mostly of same kind as input control e.g. Output documents and reports are thoroughly and visually
verified by computer personnel and they are properly logged and identified with rout slips
Storage Control
Control responsibility of files of computer programs and databases is given to librarian or database administrator. They are
responsible for maintaining and controlling access to the information. The databases and files are protected from unauthorized
users as accidental users. This can be achieved with the help of security monitor. The method includes assigning the account code,
password and other identification codes. A list of authorized users is provided to computer system with details such as type of
information they are authorized to retrieve or receive from it.
Procedural Control
These methods provide maximum security to operation of the information system. Standard procedures are developed and
maintained manually and built in software help display so that every one knows what to do. It promotes uniformity and minimize
the chance of error and fraud. It should be kept up-to-date so that correct processing of each activity is made possible.
Physical Facility Control

Physical facility control is methods that protect physical facilities and their contents from loss and destruction. Computer centers are
prone to many hazards such as accidents, thefts, fire, natural disasters, destructions etc. Therefore physical safeguards and various
control procedures are required to protect the hardware, software and vital data resources of computer using organizations.
Physical Protection Control
Many type of controlling techniques such as one in which only authorized personnel are allowed to access to the computer centre
exist today. Such techniques include identification badges of information services, electronic door locks, security alarm, security
policy, closed circuit TV and dust control etc., are installed to protect the computer centre.
Telecommunication Controls
The telecommunication processor and control software play a vital role in the control of data communication activity. Data can be
transmitted in coded from and it is decoded in the computer centre itself. The process is called as encryption.
Computer Failure Controls
Computers can fail for several reasons like power failures, electronic circuitry malfunctions, mechanical malfunctions of peripheral
equipment and hidden programming errors. To protect from these failure precaution, any measure with automatic and remote
maintenance capabilities may be required