Scribd
Upload
132 views14 pages

10 IS Control For System Reliability Part 3 - Processing Integrity and Availability

Uploaded by

Muhammad Taufik Hidayat
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
132 views14 pages

10 IS Control For System Reliability Part 3 - Processing Integrity and Availability

Uploaded by

Muhammad Taufik Hidayat
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 14

Chapter 10

Information Systems Controls for System Reliability—Part 3: Processing Integrity


and Availability 10-1
Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall
Learning Objectives

 Identify and explain controls designed to ensure


processing integrity.

 Identify and explain controls designed to ensure systems


availability.

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 10-2


Trust Services Framework
 Security (Chapter 8)
 Access to the system and its data is controlled and restricted to legitimate
users.

 Confidentiality (Chapter 8)
 Sensitive organizational information (e.g., marketing plans, trade secrets) is
protected from unauthorized disclosure.

 Privacy (Chapter 9)
 Personal information about customers is collected, used, disclosed, and
maintained only in compliance with internal policies and external regulatory
requirements and is protected from unauthorized disclosure.

 Processing Integrity
 Data are processed accurately, completely, in a timely manner, and only with
proper authorization.

 Availability
 System and its information are available to meet operational and contractual
obligations.

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 10-3


Controls Ensuring Processing Integrity

 Input

 Process

 Output

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 10-4


Input Controls

 “Garbage-in Garbage-out”

 Form Design
 All forms should be sequentially numbered
 Verify missing documents
 Use of turnaround documents
 Eliminate input errors

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 10-5


Input Controls
 Data Entry Checks  Validity check
 Field check  Input compared with
 Characters proper type? master data to confirm
Text, integer, date, and so existence
on  Reasonableness check
 Sign check  Logical comparisons
 Proper arithmetic sign?  Check digit verification
 Limit check  Computed from input
 Input checked against value to catch typo errors
fixed value?  Prompting
 Range check  Input requested by system
 Input within low and high  Close-loop verification
range value?  Uses input data to retrieve
 Size check and display related data
 Input fit within field?
 Completeness check
 Have all required data
been entered?

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 10-6


Batch Input Controls

 Batch Processing
 Input multiple source documents at once in a group

 Batch Totals
 Compare input totals to output totals
 Financial
 Sums a field that contains monetary values
 Hash
 Sums a nonfinancial numeric field
 Record count
 Sums a nonfinancial numeric field

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 10-7


Processing Controls

 Data Matching
 Multiple data values must match before processing occurs.

 File Labels
 Ensure correct and most current file is being updated.

 Batch Total Recalculation


 Compare calculated batch total after processing to input totals.

 Cross-Footing and Zero Balance Tests


 Compute totals using multiple methods to ensure the same results.

 Write Protection
 Eliminate possibility of overwriting or erasing existing data.

 Concurrent Update
 Locking records or fields when they are being updated so multiple users are
not updating at the same time.

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 10-8


Output Controls

 User Review
 Verify reasonableness, completeness, and routed to
intended individual

 Reconciliation

 Data Transmission Controls


 Check sums
 Hash of file transmitted, comparison made of hash before
and after transmission
 Parity checking
 Bit added to each character transmitted, the characters
can then be verified for accuracy

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 10-9


Controls Ensuring Availability

 Systems or information need to be available 24/7


 It is not possible to ensure this so:

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 10-10


Minimize Risks
 Preventive Maintenance
 Cleaning, proper storage

 Fault Tolerance
 Ability of a system to continue if a part fails

 Data Center Location


 Minimize risk of natural and human created disasters.

 Training
 Less likely to make mistakes and will know how to recover, with minimal
damage, from errors they do commit

 Patch Management
 Install, run, and keep current antivirus and anti-spyware programs

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 10-11


Quick Recovery

 Back-up
 Incremental
 Copy only data that changed from last partial back-up
 Differential
 Copy only data that changed from last full back-up

 Business Continuity Plan (BCP)


 How to resume not only IT operations, but all business
processes
 Relocating to new offices
 Hiring temporary replacements

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 10-12


Change Control

 Formal process used to ensure that modifications to


hardware, software, or processes do not reduce systems
reliability
 Changes need to be documented.
 Changes need to be approved by appropriate manager.
 Changes need to be tested before implementations.
 All documentation needs to be updated for changes.
 Back-out plans need to be adopted.
 User rights and privileges need to be monitored during
change.

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 10-13


Disaster Recovery Plan (DRP)
 Procedures to restore an organization’s IT function in the
event that its data center is destroyed
 Cold Site
 An empty building that is prewired for necessary telephone
and Internet access, plus a contract with one or more
vendors to provide all necessary equipment within a
specified period of time
 Hot Site
 A facility that is not only prewired for telephone and Internet
access but also contains all the computing and office
equipment the organization needs to perform its essential
business activities
 Second Data-Center
 Used for back-up and site mirroring

Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 10-14

You might also like