Chapter 10 Information Systems Controls for System Reliability—Part 3: Processing Integrity and Availability Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

Learning Objectives Identify and explain controls designed to ensure processing integrity. Identify and explain controls designed to ensure systems availability. Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

Trust Services Framework Security (Chapter 8) Access to the system and its data is controlled and restricted to legitimate users. Confidentiality (Chapter 8) Sensitive organizational information (e.g., marketing plans, trade secrets) is protected from unauthorized disclosure. Privacy (Chapter 9) Personal information about customers is collected, used, disclosed, and maintained only in compliance with internal policies and external regulatory requirements and is protected from unauthorized disclosure. Processing Integrity Data are processed accurately, completely, in a timely manner, and only with proper authorization. Availability System and its information are available to meet operational and contractual obligations. Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

Controls Ensuring Processing Integrity Input Process Output Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

Input Controls “Garbage-in Garbage-out” Form Design All forms should be sequentially numbered Verify missing documents Use of turnaround documents Eliminate input errors Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

Input Controls Data Entry Checks Field check Characters proper type? Text, integer, date, and so on Sign check Proper arithmetic sign? Limit check Input checked against fixed value? Range check Input within low and high range value? Size check Input fit within field? Completeness check Have all required data been entered? Validity check Input compared with master data to confirm existence Reasonableness check Logical comparisons Check digit verification Computed from input value to catch typo errors Prompting Input requested by system Close-loop verification Uses input data to retrieve and display related data Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

Batch Input Controls Batch Processing Batch Totals Input multiple source documents at once in a group Batch Totals Compare input totals to output totals Financial Sums a field that contains monetary values Hash Sums a nonfinancial numeric field Record count Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

Processing Controls Data Matching File Labels Multiple data values must match before processing occurs. File Labels Ensure correct and most current file is being updated. Batch Total Recalculation Compare calculated batch total after processing to input totals. Cross-Footing and Zero Balance Tests Compute totals using multiple methods to ensure the same results. Write Protection Eliminate possibility of overwriting or erasing existing data. Concurrent Update Locking records or fields when they are being updated so multiple users are not updating at the same time. Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

Output Controls User Review Reconciliation Data Transmission Controls Verify reasonableness, completeness, and routed to intended individual Reconciliation Data Transmission Controls Check sums Hash of file transmitted, comparison made of hash before and after transmission Parity checking Bit added to each character transmitted, the characters can then be verified for accuracy Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

Controls Ensuring Availability Systems or information need to be available 24/7 It is not possible to ensure this so: Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

Minimize Risks Preventive Maintenance Fault Tolerance Cleaning, proper storage Fault Tolerance Ability of a system to continue if a part fails Data Center Location Minimize risk of natural and human created disasters. Training Less likely to make mistakes and will know how to recover, with minimal damage, from errors they do commit Patch Management Install, run, and keep current antivirus and anti-spyware programs Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

Quick Recovery Back-up Business Continuity Plan (BCP) Incremental Copy only data that changed from last partial back-up Differential Copy only data that changed from last full back-up Business Continuity Plan (BCP) How to resume not only IT operations, but all business processes Relocating to new offices Hiring temporary replacements Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

Change Control Formal process used to ensure that modifications to hardware, software, or processes do not reduce systems reliability Changes need to be documented. Changes need to be approved by appropriate manager. Changes need to be tested before implementations. All documentation needs to be updated for changes. Back-out plans need to be adopted. User rights and privileges need to be monitored during change. Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

Disaster Recovery Plan (DRP) Procedures to restore an organization’s IT function in the event that its data center is destroyed Cold Site An empty building that is prewired for necessary telephone and Internet access, plus a contract with one or more vendors to provide all necessary equipment within a specified period of time Hot Site A facility that is not only prewired for telephone and Internet access but also contains all the computing and office equipment the organization needs to perform its essential business activities Second Data-Center Used for back-up and site mirroring Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall