0% found this document useful (0 votes)
167 views14 pages

Ais Chapter 10

Uploaded by

CiaRa Gineta
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
167 views14 pages

Ais Chapter 10

Uploaded by

CiaRa Gineta
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 14

CHAPTER 10

Information Systems Controls for


System Reliability—Part 3:
Processing Integrity and
Availability

10-1
LEARNING OBJECTIVES
Identify and explain controls designed
to ensure processing integrity.
Identify and explain controls designed
to ensure systems availability.

COPYRIGHT © 2012 PEARSON EDUCATION 10-2


TRUST SERVICES FRAMEWORK
Security (Chapter 8)
 Access to the system and its data is controlled and restricted to
legitimate users.
Confidentiality (Chapter 8)
 Sensitive organizational information (e.g., marketing plans, trade
secrets) is protected from unauthorized disclosure.
Privacy (Chapter 9)
 Personal information about customers is collected, used, disclosed,
and maintained only in compliance with internal policies and
external regulatory requirements and is protected from
unauthorized disclosure.
Processing Integrity
 Data are processed accurately, completely, in a timely manner,
and only with proper authorization.
Availability
 System and its information are available to meet operational and
contractual obligations.

10-3
CONTROLS ENSURING PROCESSING INTEGRITY

Input
Process
Output

10-4
INPUT CONTROLS
“Garbage-in Garbage-out”
Form Design
 All forms should be sequentially numbered
 Verify missing documents
 Use of turnaround documents
 Eliminate input errors

COPYRIGHT © 2012 PEARSON EDUCATION 10-5


INPUT CONTROLS
Data Entry Checks  Validity check
 Field check  Input compared with
 Characters proper type? master data to confirm
Text, integer, date, and so
on existence
 Sign check  Reasonableness check
 Proper arithmetic sign?  Logical comparisons
 Limit check  Check digit verification
 Input checked against fixed
value?  Computed from input
 Range check value to catch typo errors
 Input within low and high  Prompting
range value?  Input requested by system
 Size check
 Input fit within field?  Close-loop verification
 Completeness check  Uses input data to
 Have all required data retrieve and display
been entered? related data

10-6
BATCH INPUT CONTROLS
Batch Processing
Input multiple source documents at once in
a group
Batch Totals
Compare input totals to output totals
 Financial
 Sums a field that contains monetary values
 Hash
 Sums a nonfinancial numeric field
 Record count
 Sums a nonfinancial numeric field

10-7
PROCESSING CONTROLS
Data Matching
 Multiple data values must match before processing occurs.
File Labels
 Ensure correct and most current file is being updated.
Batch Total Recalculation
 Compare calculated batch total after processing to input totals.
Cross-Footing and Zero Balance Tests
 Compute totals using multiple methods to ensure the same
results.
Write Protection
 Eliminate possibility of overwriting or erasing existing data.
Concurrent Update
 Locking records or fields when they are being updated so
multiple users are not updating at the same time.
10-8
OUTPUT CONTROLS
User Review
Verify reasonableness, completeness, and routed
to intended individual
Reconciliation
Data Transmission Controls
Check sums
 Hash of file transmitted, comparison made of hash before and
after transmission
Parity checking
 Bit added to each character transmitted, the characters can then
be verified for accuracy

COPYRIGHT © 2012 PEARSON EDUCATION 10-9


CONTROLS ENSURING AVAILABILITY
Systems or information need to be available 24/7
 It is not possible to ensure this so:

COPYRIGHT © 2012 PEARSON EDUCATION 10-10


MINIMIZE RISKS
Preventive Maintenance
 Cleaning, proper storage
Fault Tolerance
 Ability of a system to continue if a part fails
Data Center Location
 Minimize risk of natural and human created disasters.
Training
 Less likely to make mistakes and will know how to
recover, with minimal damage, from errors they do
commit
Patch Management
 Install, run, and keep current antivirus and anti-spyware
programs
10-11
QUICK RECOVERY
Back-up
Incremental
 Copy only data that changed from last partial back-up
Differential
 Copy only data that changed from last full back-up

Business Continuity Plan (BCP)


How to resume not only IT operations, but
all business processes
 Relocating to new offices
 Hiring temporary replacements
10-12
CHANGE CONTROL
Formal process used to ensure that
modifications to hardware, software, or
processes do not reduce systems reliability
 Changes need to be documented.
 Changes need to be approved by appropriate manager.
 Changes need to be tested before implementations.
 All documentation needs to be updated for changes.
 Back-out plans need to be adopted.
 User rights and privileges need to be monitored during
change.

10-13
DISASTER RECOVERY PLAN (DRP)
Procedures to restore an organization’s IT function
in the event that its data center is destroyed
 Cold Site
 An empty building that is prewired for necessary
telephone and Internet access, plus a contract with one
or more vendors to provide all necessary equipment
within a specified period of time
 Hot Site
 A facility that is not only prewired for telephone and
Internet access but also contains all the computing and
office equipment the organization needs to perform its
essential business activities
 Second Data-Center
 Used for back-up and site mirroring

10-14

You might also like