Copyright © 2015 Pearson Education, Inc. Processing Integrity and Availability Controls Chapter

Copyright © 2015 Pearson Education, Inc. Learning Objectives Identify and explain controls designed to ensure processing integrity. Identify and explain controls designed to ensure systems availability. 10-2

Copyright © 2015 Pearson Education, Inc. PROCESSING INTEGRITY A reliable system produces information that is accurate, timely, reflects results of only authorized transactions, and includes outcomes of all activities engaged in by the organization during a given period of time. Requires controls over both data input quality and the processing of the data. SECURITY CONFIDENTIALITY PRIVACY PROCESSING INTEGRITY AVAILABILITY SYSTEMS RELIABILITY

Copyright © 2015 Pearson Education, Inc. Processing Integrity Controls Input ▫Forms design  Sequentially prenumbered/sequence test ▫Turnaround documents 10-4

Copyright © 2015 Pearson Education, Inc. Processing Integrity: Data Entry Controls Field check ▫Characters in a field are proper type Sign check ▫Data in a field is appropriate sign (positive/negative) Limit check ▫Tests numerical amount against a fixed value Range check ▫Tests numerical amount against lower and upper limits Size check ▫Input data fits into the field Completeness check ▫Verifies that all required data is entered Validity check ▫Compares data from transaction file to that of master file to verify existence Reasonableness test ▫Correctness of logical relationship between two data items Check digit verification ▫Recalculating check digit to verify data entry error has not been made Key verification ▫Requires entering key data in twice to verify its accuracy 10-5

Copyright © 2015 Pearson Education, Inc. Input Controls The preceding tests are used for batch processing and online real-time processing. Both processing approaches also have some additional controls that are unique to each approach.

Copyright © 2015 Pearson Education, Inc. Batch Input Controls Batch Processing ▫Input multiple source documents at once in a group In addition to the preceding controls, when using batch processing, the following data entry controls should be incorporated.  Sequence check  Error log  Batch totals

Copyright © 2015 Pearson Education, Inc. Batch Input Controls Batch Totals ▫Compare input totals to output totals  Financial  Sums a field that contains monetary values  Hash  Sums a nonfinancial numeric field  Record count  The number of records in a batch

Copyright © 2015 Pearson Education, Inc. Online Data Entry Controls Prompting ▫System prompts you for input (online completeness check) Closed-loop verification ▫Checks accuracy of input data by using it to retrieve and display other related information (e.g., customer account # retrieves the customer name) Transaction logs

Copyright © 2015 Pearson Education, Inc. Processing Controls Data matching ▫Two or more items must be matched before an action takes place File labels ▫Ensures correct and most updated file is used Recalculation of batch totals Cross-footing ▫Verifies accuracy by comparing two alternative ways of calculating the same total Zero-balance tests ▫For control accounts (e.g., payroll clearing) Write-protection mechanisms ▫Protect against overwriting or erasing data Concurrent update controls ▫Prevent error of two or more users updating the same record at the same time 10-10

Copyright © 2015 Pearson Education, Inc. Output Controls User review of output Reconciliation ▫Procedures to reconcile to control reports (e.g., general ledger A/R account reconciled to Accounts Receivable Subsidiary Ledger) ▫External data reconciliation Data transmission controls 1.Checksums – hash of file transmitted, comparison made of hash before and after transmission 2.Parity checking 10-11

Copyright © 2015 Pearson Education, Inc. Output Controls Parity checking ▫Computers represent characters as a set of binary digits (bits). ▫For example, “5” is represented by the seven-bit pattern ▫When data are transmitted some bits may be lost or received incorrectly. ▫Two basic schemes to detect these events are referred to as even parity and odd parity. ▫In either case, an additional bit is added to the digit being transmitted.

Copyright © 2015 Pearson Education, Inc. AVAILABILITY Reliable systems are available for use whenever needed. Threats to system availability originate from many sources, including: ▫Hardware and software failures ▫Natural and man-made disasters ▫Human error ▫Worms and viruses ▫Denial-of-service attacks and other sabotage SECURITY CONFIDENTIALITY PRIVACY PROCESSING INTEGRITY AVAILABILITY SYSTEMS RELIABILITY

Copyright © 2015 Pearson Education, Inc. Availability Controls Preventive maintenance Fault tolerance ▫Use of redundant components Data center location and design ▫Raised floor ▫Fire suppression ▫Air conditioning ▫Uninterruptible power supply (UPS) ▫Surge protection Training Patch management and antivirus software Backup procedures ▫Incremental  Copies only items that have changed since last partial backup ▫Differential backup  Copies all changes made since last full backup Disaster recovery plan (DRP) ▫Procedures to restore organization’s IT function Business continuity plan (BCP) ▫How to resume all operations, not just IT 10-14

Copyright © 2015 Pearson Education, Inc. AVAILABILITY Disaster Recovery and Business Continuity Planning Objectives: ▫Minimize the extent of the disruption, damage, and loss ▫Temporarily establish an alternative means of processing information ▫Resume normal operations as soon as possible ▫Train and familiarize personnel with emergency operations Recovery point objective (RPO) Recovery time objective (RTO)

Copyright © 2015 Pearson Education, Inc. AVAILABILITY Organizations have three basic options for replacing computer and networking equipment. ▫Cold sites ▫Hot sites ▫Real-time mirroring

Copyright © 2015 Pearson Education, Inc. AVAILABILITY Documentation ▫An important and often overlooked component. Should include:  The disaster recovery plan itself, including instructions for notifying appropriate staff and the steps to resume operation, needs to be well documented.  Assignment of responsibility for the various activities.  Vendor documentation of hardware and software.  Documentation of modifications made to the default configuration (so replacement will have the same functionality).  Detailed operating instructions. ▫Copies of all documentation should be stored both on- site and off-site.

Copyright © 2015 Pearson Education, Inc. AVAILABILITY Testing ▫Periodic testing and revision is probably the most important component of effective disaster recovery and business continuity plans.  Most plans fail their initial test, because it’s impossible to anticipate everything that could go wrong.  The time to discover these problems is before the actual emergency and in a setting where the weaknesses can be carefully analyzed and appropriate changes made.