Chapter 11 Designing Inputs, Outputs, and Controls

Objectives Explain the importance of integrity controls Identify required integrity controls for inputs, outputs, and processing Understand the range of inputs and outputs necessary for a system Define inputs and outputs based on the requirements of the application program Design printed and on-screen reports appropriate for system users

Overview The design of controls is crucial in today’s open environment A major consideration is to provide access to information while protecting it User interfaces are especially vulnerable to damage since they are the point of access for most systems

Integrity Controls Mechanisms and procedures built into a system to safeguard it and the information contained within Most violations occur from inappropriate access Not limited to input and output controls Required in most normal business activities

Objectives of Integrity Controls Ensure that only appropriate and correct business transactions occur Ensure that transactions are recorded and processed correctly Protect and safeguard assets of the organization Software Hardware Data

System Access Controls Integrity controls that determine who has access to a system and its data Manage user access by classification Unauthorized Registered Privileged Physically secure locations Controlled access with visibility

Users and Access Roles Figure 11-1

Input Integrity Controls Used with all input mechanisms to verify data and reduce input data errors Common control techniques Field combination controls, value limit controls, completeness controls, data validation controls Transaction logging Technique to record details about database updates Discourages fraud and provides a recovery mechanism

Output Integrity Controls Ensures output arrives at proper destination and is correct, accurate, complete, and current Destination controls - output is channeled to correct people Completeness, accuracy, and corrrectness controls Appropriate information present on output

Design of System Inputs Identify devices and mechanisms used to enter input Identify all system inputs and develop a list of data content with each Determine types of controls necessary for each system input Design and prototype electronic forms and other inputs

Identifying Input Devices Capture data as close to origination as possible Use electronic device and automation whenever possible Avoid human involvement when possible Avoid data re-entry Validate at entry point

System-to-System Interface with XML Figure 11-2

Developing List of Inputs and Related Data Requirements Ensure all data inputs are identified and specified correctly Use structured models Identify automation boundary Use DFD fragments Segment by program boundaries Examine Structure Charts Analyze each module and data couple List individual data fields

Automation Boundary on DFD Figure 11-3

with Automation Boundary Create New Order DFD with Automation Boundary Figure 11-4

Customer Support System List of Inputs for the Customer Support System Figure 11-5

Structure Chart for Create New Order Figure 11-6

Data Flow and Data Elements Making Up an Input Figure 11-7

Using OO Models Identify inputs using OO diagrams Sequence diagrams Design class diagrams Analyze steps in sequence Examine messages

Sequence Diagram for Create New Order Figure 11-8

Input Message and Data Parameters from Sequence Diagram Figure 11-9

Customer and Order Classes with Interfaces for Input Forms Figure 11-10

Designing and Prototyping Input Forms Paper forms are documents used to collect information from users May be entered into computer at later time Paper form and electronic counterpart should have same general layout Design together Consider readability and good design principles

RMO Catalog Order Figure 11-11

Design of System Outputs Determine each type of output Make a list of specific outputs required based on application design Specify any necessary controls to protect the information based on the output Design and prototype the report layout

Determining the Type of Output Electronic vs. paper Type of reports Detailed reports Summary reports Executive reports Internal vs. external outputs

RMO Inventory Report Figure 11-12

Sample Employee Benefit Report Figure 11-13

Screen Output Most often like printed reports, only displayed electronically Can be dynamic Links to further information Drill down Hot links Graphical and multimedia

Summary Report with Drill Down to Detailed Report Figure 11-14

Sample Bar Chart and Pie Chart Reports Figure 11-15

Listing Reports Based on Application Outputs are responses in event tables Use diagrams to determine required outputs Structured DFDs Structure charts OO Sequence diagrams Class methods

Table of System Outputs with Data Requirements Figure 11-16

Prototyping Reports What is report objective Who is the intended audience Avoid information overload Format considerations