Chapter 9Controlling Information Systems: Business Process Controls

TRUE/FALSE 1. Specifying control goals is the first step in building a control matrix. ANS: T 2. In the control matrix the M stands for present controls. ANS: F 3. A control matrix is a tool that assists in evaluating the control goals and recommended control plans of an information system. ANS: T 4. Control efficiency addresses whether the control goals are being achieved. ANS: F 5. Control effectiveness addresses how individual control plans achieve multiple control goals. ANS: F 6. The purpose of security controls is to ensure that entity resources are protected from loss, destruction, disclosure, copying, sale, or other misuse. ANS: T 7. The following symbol represents a computer process.

ANS: F 8. The following symbol represents a manual process.

ANS: F

183

184

Chapter 9

9. The following symbol represents manual keying.

ANS: T 10. The following symbol represents automated keying.

ANS: F 11. Control redundancy addresses whether multiple control plans are directed toward the same control goal. ANS: T 12. The purpose of input goals is to ensure input validity, input completeness and input accuracy. ANS: T 13. The use of the letter P in a control matrix represents a missing control plan. ANS: F 14. The most error prone and inefficient steps in an operations or information process is master file updates. ANS: F 15. A control plan that makes it easier to prepare the document initially and later to input data from the document is called document design. ANS: T 16. Written approval takes the form of a signature or initials on a document to indicate that the proper person has authorized the event. ANS: T 17. Online prompting helps guide the online entry of data by defining the acceptable length of each data field and often dictating the acceptable format of certain fields. ANS: F

Controlling Information Systems: Business Process Controls

185

18. Preformatted screens describes a computer system's asking the user for input or asking questions that the user must answer. ANS: F 19. Programmed edit checks are edits automatically performed by data entry programs upon entry of the input data. ANS: T 20. Another name for a reasonableness check is a credit limit check. ANS: F 21. Dollar totals represent a summarization of any numeric data field within the input document or record. ANS: F 22. The edit that compares calculations performed manually with those performed by the computer to determine if a document has been entered correctly is referred to as mathematical accuracy checks. ANS: T 23. A check digit is an extra digit that is added to an identification number to help control the accuracy with which the number is entered into a computer system. ANS: T 24. Interactive feedback checks help ensure input completeness by informing the user that the input has been accepted and recorded. ANS: T 25. The control plan called data verification is designed to reduce the possibility that one person will misread or miskey data. ANS: F 26. A dependency check employs data encryption--specifically public-key cryptography--to authenticate a system user's identity and to verify the integrity of a message transmitted by that user. ANS: F 27. A digital signature tests whether the contents of two or more data fields bear the correct logical relationship. ANS: F 28. An exception and summary report reflects the transactions that were accepted by the system and processed and those that were rejected by the system.

186

Chapter 9

ANS: T 29. Master data control plans regulate transaction processing by calculating control totals at various points in a processing run and subsequently comparing these totals. ANS: F 30. Document/record counts are simple counts of the number of documents entered. ANS: T 31. A count of the number of invoices being paid by all of the customer remittances is a type of batch control total called a line or item count. ANS: T 32. The total dollar value of all invoice totals in a batch of sales invoices is called a hash total. ANS: F 33. A hash total is the general term to describe the summation of data that would not normally be totaled except for control purposes. ANS: T 34. A turnaround document is a document that is printed as an output of multiple computer processes and is used to capture and input a previous transaction. ANS: F 35. Batch control plans regulate information processing by calculating control totals at various points in a processing run and subsequently comparing those totals. ANS: T 36. In order to implement either a batch sequence check or cumulative sequence check, transactions must be captured on prenumbered documents. ANS: T 37. Dollar totals are a summarization of the dollar value of items in the batch. ANS: T 38. In a batch sequence check a computer program sorts the transactions into numerical order, checks the documents against the sequence number range, and reports missing, duplicate, and out-of-range event data. ANS: T 39. The cumulative sequence check provides input control in those situations in which the serial numbers are assigned within the organization but later are not entered in perfect serial number sequence.

Controlling Information Systems: Business Process Controls

ANS: T

187

40. Data encryption is a process that employs mathematical algorithms and keys to encode data so that it is unintelligible to the human eye. ANS: T MULTIPLE CHOICE 1. The two primary steps in preparing the control matrix include a. specifying control goals, recommending control plans b. specifying control plans, specifying input goals c. specifying the control environment, identifying information process goals d. specifying control procedures, identifying process goals ANS: A 2. The purpose of __________ control goals is to ensure the successful accomplishment of the goals set forth for the business process under consideration. a. efficiency b. effectiveness c. security d. input ANS: B 3. The purpose of __________ control goals is to ensure that all resources used throughout the business process are being employed in the most productive manner. a. efficiency b. effectiveness c. security d. input ANS: A 4. The purpose of __________ control goals is to ensure that entity resources are protected from loss, destruction, disclosure, copying, sale, or other misuse.. a. efficiency b. effectiveness c. security d. input ANS: C 5. Immediately endorsing incoming checks satisfies the control goal of a. ensure effectiveness of operations b. update completeness and accuracy c. input accuracy d. ensure security of resources ANS: D

188

Chapter 9

6. The purpose of input goals is to ensure that a. input validity, completeness, and accuracy b. update completeness and accuracy c. input accuracy d. none of the above ANS: A 7. In a control matrix the coding P-1 means a. process 1 b. process 1 is present c. process 1 is missing d. none of the above ANS: B 8. In a the columns representing control goals in a control matrix, the coding M-1 means a. a major control plan b. a missing control plan c. process 1 is missing d. none of the above ANS: C 9. The most error prone and inefficient steps in an operations or information process is a. report generation b. master data update c. data entry d. none of the above ANS: C 10. The columns in a control matrix contain headings describe the system's: a. control goals b. control plans c. control environment d. control procedures ANS: A 11. In the control matrix, the rows represent: a. control goals of the operations system b. recommended control plans including present and missing controls c. control goals of the information system d. control goals of the management system ANS: B 12. Having too many control plans directed at the same control goal is called: a. control efficiency b. control effectiveness c. control redundancy d. control completeness

Controlling Information Systems: Business Process Controls

ANS: C 13. Which of the following symbols represents manual keying? a.

189

b.

c.

d.

a. b. c. d.

Symbol a. Symbol b. Symbol c. Symbol d.

ANS: B 14. Which of the following symbols represents a manual process? a.

b.

c.

190

Chapter 9

d.

a. b. c. d.

Symbol a. Symbol b. Symbol c. Symbol d.

ANS: C 15. Which of the following symbols represents a computer process? a.

b.

c.

d.

a. b. c. d.

Symbol a. Symbol b. Symbol c. Symbol d.

ANS: A

Controlling Information Systems: Business Process Controls

191

16. As an exception to the general rule, which one of the following is not necessarily included in the systems flowchart? a. control plan for input accuracy b. control plan for ensuring efficient employment of resources c. control plan for ensuring effective employment of resources d. none of the above ANS: B 17. Which of the following control plans does not address the control goal of input accuracy? a. document design b. written approvals c. preformatted screens d. online prompting ANS: B 18. Which of the following is a control plan in which the source document is designed to make it easier to prepare the document for input? a. document design b. written approval c. preformatted screens d. online prompting ANS: A 19. Which of the following is a control plan that takes the form of signatures or initials on a document to indicate that a person has authorized the event? a. document design b. written approval c. preformatted screens d. online prompting ANS: B 20. Which of the following is a control plan that controls the entry of data by defining the acceptable format of each data field? a. document design b. written approval c. preformatted screens d. online prompting ANS: C 21. Which of the following is a control plan that requests user input or asks questions that the user must answer? a. document design b. written approval c. preformatted screens d. online prompting ANS: D

192

Chapter 9

22. A user mistakenly enters the data June 31. The programmed edit check that will detect this error is: a. online prompting b. mathematical accuracy check c. preformatted screen d. reasonableness check ANS: D 23. Which of the following reflects a summarization of any numeric data field within the input document or record? a. reasonableness check or limit check b. document/record hash totals c. mathematical accuracy check d. check digit verification ANS: B 24. Which of the following compares manual calculations to computer calculations? a. reasonableness check or limit check b. document/record hash totals c. mathematical accuracy check d. check digit verification ANS: C 25. A control that can be used to ensure that all of the characters of a social security number are entered by a data entry clerk is: a. dependency check b. rejection procedures c. preformatted screens d. turnaround documents ANS: C 26. A written approval in the form of a signature or initials on a document indicating that a person has authorized the event achieves the control goal of: a. input validity b. input completeness c. input accuracy d. update accuracy ANS: A 27. A control that can be used to reduce the likelihood of a transposition occurring when an account number is entered through a remote terminal is: a. check digit verification b. data encryption c. preformatted screens d. reasonableness checks ANS: A

Controlling Information Systems: Business Process Controls

28. Which of the following control plans is designed to achieve the goal of input completeness? a. key verification b. interactive feedback check c. programmed edit check d. written approvals ANS: B 29. A control whose primary purpose is to ensure greater input accuracy is: a. tickler file b. preformatted screens c. interactive feedback checks d. procedures for rejected inputs ANS: B

193

30. Not knowing whether input data has been accepted by the information system, the user enters the data again, resulting in duplicate event data. The control plan that helps to prevent this error is: a. key verification b. interactive feedback check c. check digit verification d. online prompting ANS: B 31. Which of the following control plans is designed to achieve the goal of input accuracy? a. key verification b. interactive feedback check c. batch sequence check d. cumulative sequence check ANS: A 32. A control in which two people key the same inputs into a system where they are automatically compared is called: a. online prompting b. key verification c. computer matching procedures d. a redundancy check ANS: B 33. Which of the following control plans is designed both to authenticate a system user's identity and to verify the integrity of a message transmitted by that user? a. coding schemes b. digital signature c. preformatted screens d. checking of digit verification ANS: B

194

Chapter 9

34. A control that is primarily directed at ensuring input validity is: a. digital signature b. preformatted screens c. interactive feedback checks d. online prompting ANS: A 35. In the control matrix for data entry with master data, digital signatures addresses all of the following control goals except: a. ensure security of resources b. input completeness c. input validity d. input accuracy ANS: C 36. A sales representative enters the customer's account number and the system retrieves certain data about the customer from master data. This control plan addresses all of the control goals except: a. ensure efficient employment of resources b. input completeness c. input accuracy d. update completeness ANS: D 37. A digital signature is aimed primarily at ensuring which of the following information system control goals? a. input validity b. input completeness c. input accuracy d. update completeness ANS: A 38. All of the following are types of programmed edit checks except: a. a proximity check b. a document/record hash total c. a mathematical accuracy check d. a reasonableness check ANS: A 39. Which of the following is not a programmed edit check? a. online prompting b. check digit verification c. dependency checks d. limit checks ANS: A

Controlling Information Systems: Business Process Controls

40. A control report generated by a system that shows data about transactions that were accepted or rejected during a transaction processing step is called a(n): a. violation report b. exception and summary report c. variance report d. program change log ANS: B

195

41. Which of the following is a batch control total that represents the minimum level of control for input completeness? a. dollar totals b. record counts c. hash totals d. item counts ANS: B 42. A summation of customer account numbers taken from a batch of sales invoices would be classified as a: a. record count b. line count c. dollar total d. hash total ANS: D 43. Which batch control total generally has no other purpose than control? a. dollar totals b. record counts c. hash totals d. item counts ANS: C 44. Which of the following types of batch totals is likely to be most effective in assuring the control goal of input accuracy? a. line counts b. document/record counts c. item counts d. hash totals ANS: D 45. When they are sent to a customer and returned with the payment, remittance advices are examples of: a. batch control totals b. computer-prepared documents c. written approval controls d. turnaround documents ANS: D

196

Chapter 9

46. Which of the following activities is not part of the computer agreement of batch totals: a. A batch total is manually computed prior to data entry. b. Data shown on source documents are key entered or scanned. c. The computer produces a report that includes a batch total. d. A person reconciles the manual and computer batch totals. ANS: D 47. Which of the following controls requires that documents be prenumbered before it can be implemented? a. completeness check b. sequence check c. batch total matching d. key verification ANS: B 48. Inputting a range of numbers comprising a batch and then inputting each serially numbered document is characteristic of the control plan called: a. cumulative sequence check b. batch sequence check c. suspense file of missing numbers d. computer agreement of batch totals ANS: B 49. Which of the following statements related to tickler files is false? a. A tickler file is reviewed on a regular basis for items that do not clear the file on a timely basis. b. A tickler file can consist of documents or computer records. c. A tickler file addresses the control goal of update accuracy. d. A tickler file addresses the control goal of input completeness. ANS: C 50. The process of encoding data so that it may only be read by someone having a key is called: a. a coding scheme b. encryption c. dependency checks d. check digit verification ANS: B 51. Plaintext and ciphertext are terms associated with __________. a. coding schemes b. hash totals c. programmed edit checks d. data encryption ANS: D

Controlling Information Systems: Business Process Controls

COMPLETION 1. Specifying ___________________ is the first step in building a control matrix. ANS: control goals 2. In the control matrix the P stands for __________ controls. ANS: present 3. A _______________ is a tool that assists in evaluating the control goals and recommended control plans of an information system. ANS: control matrix 4. Control ________________ addresses whether the control goals are being achieved. ANS: effectiveness

197

5. Control ______________ addresses how well individual control plans achieve multiple control goals. ANS: efficiency 6. The purpose of __________ controls is to ensure that entity resources are protected from loss, destruction, disclosure, copying, sale, or other misuse. ANS: security 7. The following symbol represents a(n) ______________.

ANS: manual process 8. The following symbol represents a(n) ______________.

ANS: computer process 9. The following symbol represents ______________.

ANS: manual keying

198

Chapter 9

10. Control _________________ addresses whether multiple control plans are directed toward the same control goal. ANS: redundancy 11. The purpose of input goals is to ensure input validity, input ___________, and input _________. ANS: completeness, accuracy 12. The use of the letter M in a control matrix represents a(n) ____________________. ANS: missing control or missing control plan 13. The most error prone and inefficient steps in an operations or information process is (are) ____________. ANS: data entry or when humans enter data into the system 14. A control plan that makes it easier to prepare the document initially and later to input data from the document is called ____________________. ANS: document design 15. ____________________ takes the form of a signature or initials on a document to indicate that the proper person has authorized the event. ANS: Written approval 16. ____________________ help guide the online entry of data by defining the acceptable length of each data field and often dictating the acceptable format of certain fields. ANS: Preformatted screens 17. ____________________ describes a computer system's asking the user for input or asking questions that the user must answer. ANS: Online prompting 18. ____________________ are edits automatically performed by data entry programs upon entry of the input data. ANS: Programmed edit checks 19. Another name for a(n) ____________________ check is a limit check. ANS: reasonableness 20. ____________________ represent a summarization of any numeric data field within the input document or record. ANS: Hash totals

Controlling Information Systems: Business Process Controls

199

21. The edit that compares calculations performed manually with those performed by the computer to determine if a document has been entered correctly is referred to as ____________________. ANS: mathematical accuracy checks 22. A(n) ____________________ digit is an extra digit that is added to an identification number to help control the accuracy with which the number is entered into a computer system. ANS: check 23. ____________________ help ensure input completeness by informing the user that the input has been accepted and recorded. ANS: Interactive feedback checks 24. The control plan called ____________________ is designed to reduce the possibility that one person will misread or miskey data. ANS: key verification 25. A(n) ____________________ employs data encryption--specifically public-key cryptography--to authenticate a system user's identity and to verify the integrity of a message transmitted by that user. ANS: digital signature 26. A(n) _____________ and ______________ report is a computer-generated report that reflects the events--either in detail, summary total, or both--that were accepted by the system and rejected by the system. ANS: exception and summary 27. ____________________ regulate transaction processing by calculating control totals at various points in a processing run and subsequently comparing those totals. ANS: Batch control plans 28. ____________________ are simple counts of the number of documents entered. ANS: Document/record counts 29. A count of the number of invoices being paid by all of the customer remittances is a type of batch control total called a(n) ____________________. ANS: line or item count 30. The total dollar value of all invoice totals in a batch of sales invoices is called a(n) ____________________. ANS: dollar total

200

Chapter 9

31. A(n) ____________________ is the general term to describe the summation of data that would not normally be totaled except for control purposes. ANS: hash total 32. A(n) ____________________ is a document that is printed as an output of one computer process and is used to capture and input a subsequent transaction. ANS: turnaround document 33. In the control matrix for data entry with batches, the control plan compare picking tickets and packing slips helps to ensure the control goals of effectiveness of operations and ensure ________________. ANS: security of resources 34. In order to implement either a batch sequence check or cumulative sequence check, transactions must be captured on ____________________ documents. ANS: prenumbered 35. _______________ are a summarization of the dollar value of items in the batch. ANS: Dollar totals 36. In a(n) ____________________ a computer program sorts the transactions into numerical order, checks the documents against the sequence number range, and reports missing, duplicate, and out-ofrange event data. ANS: batch sequence check 37. The ____________________ provides input control in those situations in which the serial numbers are assigned within the organization but later are not entered in perfect serial number sequence. ANS: cumulative sequence check 38. ____________________ is a process that employs mathematical algorithms and keys to encode data so that it is unintelligible to the human eye. ANS: Data encryption

Controlling Information Systems: Business Process Controls

201

PROBLEM 1. The workings of the control plan computer agreement of batch totals are described in Chapter 9 as follows (paraphrased): First, one or more of the batch totals discussed in Chapter 9 are established manually (assume this is done in the billing department). Then, the manually prepared total must be entered into the computer and is written to a computer batch control totals file (assume that the keying is done in a data entry unit of the data center). As individual transactions are entered, a computer program accumulates independent batch totals and compares these totals with the ones prepared manually and entered at the start of the processing. The computer then prepares an "Error and Summary Report," which usually contains details of each batch, together with an indication of whether the totals agreed or disagreed.

Required: Prepare a system flowchart to diagram the above process. Assume that batches of transactions are input through a network computer device located in the billing department; the network computer is wired directly to a centralized mainframe computer. ANS:

202

Chapter 9

2. The workings of the control plan batch sequence check are described in Chapter 9 as follows (paraphrased): First, the range of serial numbers composing a batch of documents is entered (assume that key entry is done in a data entry unit of the data center). Then, data from each individual, serially prenumbered document is entered. Finally, the computer program sorts the event data into numerical order, checks the document numbers against the sequence number range, and prints a "Report of Missing, Duplicate, and Out-of-Range Numbers."

Required: Prepare a system flowchart to diagram the above process. Assume that batches of documents are input through a network computer (NC) device located in the billing department; the NC is connected directly to a centralized mainframe computer.

Controlling Information Systems: Business Process Controls

ANS:
Data center

203

Data entry

Computer

Prenumbered source documents

Key serial number range

Record Number Change

Number table

Prenumbered source documents Check documents against sequence number range & print report of missing, duplicate, and out of range numbers

Key individual events

Record event data

Event data

Report of missing, duplicate, or out of range numbers

Sort events into numerical order

Sorted event data

3. Figure TB-9.3 shows eight flowchart segments taken from the Chapter 9 flowcharts. The segments-identified A through I--have been stripped of almost all labels.

204

Chapter 9
Segment D Segment G

Segment A

Segment B

Segment E

Segment H

Segment C

Segment F

Segment I

Required: On the blank line to the left of each numbered description that follows, place the capital letter of the flowchart segment from Figure TB-9.4 that best matches that description. Since there are ten descriptions, one answer space will be left blank. FLOWCHART DESCRIPTION Answers _____ 1. After resolving discrepancies, a data entry clerk keys corrections. The computer processes the corrections and a screen message confirms that the corrections were accepted. 2. The computer edits/validates input by reference to data residing in a master data, records event data and prints a single error and summary report. 3. The user resolves discrepancies displayed by the computer system and keys in any corrections that are necessary.

_____ _____

Controlling Information Systems: Business Process Controls

205

_____ _____ _____

4. The computer records events in event data, updates the master data, and a screen message confirms that the input has been accepted. 5. An employee in a user department assembles source documents into batches and prepares batch totals. 6. At a remote location, a user enters data into a central computer system. The system edits the input and displays a message on screen informing the user of any errors. 7. A data entry clerk enters batch totals and the data from source documents. The master data is updated and a screen message is displayed. 8. A data entry clerk enters data on a source documents. The computer edits the input and a screen message is displayed for any input errors. 9. A user compares output totals shown on an error and summary report with input totals shown on a batch control tape.

_____ _____ _____ ANS: Description Number 1. 2. 3. 4. 5. 6. 7. 8. 9.

Flowchart Segment F C G A B H I E D

4. The following is a list of 14 control plans. A. B. C. D. E. F. G. H. I. Control Plans Enter data close to the originating source Preformatted screens Interactive feedback checks Programmed edit checks Document design Key verification Written approvals Digital signatures Rejection procedures

206

Chapter 9

Required: Listed below are eight system failures that have control implications. On the blank line to the left of each number, insert the capital letter from the list above of the best control plan to prevent the system failure from occurring. (If you can't find a control that will prevent the failure, then choose a detective plan or, as a last resort, a corrective control plan). A letter should be used only once. SYSTEM FAILURES Answers _____ 1. A clerk logged on to an online cash receipts system by entering the date of April 38, 20XX, instead of the correct date of April 28, 20XX. As a result, all cash receipts recorded that day were posted under an incorrect date. Wabash Company enters shipping notices in batches. Upon entry, the computer performs certain edits to eliminate those notices that have errors. As a result, many actual shipments never get recorded. At Nouveau Boutique, several different sales clerks prepare sales slips during the day. The sales slips are then keyed into the computer at Nouveau Boutique at the end of the day. However, numerous errors occur because the layout of the sales slips is difficult for the data entry clerk to follow. Pitney Co. recently converted to an online order entry system. Clerks key in customer order data at one of several PCs. In the first week of operations, every sales order produced by the system was missing the data for the customer's "ship to" address. A computer hacker gained access to the computer system of East Suburban Bank and entered a transaction to transfer funds to her bank account in the British West Indies. Data entry clerks at the Videotron Company use key-to-disk units to prepare a variety of inputs for entry into the computer and the computer performs an agreement of batch totals. Recently, a number of errors have been found in key numeric fields. The supervisor would like to implement a control to reduce the transcription errors being made by the clerks. At Cosmo Co., field salespersons call on customers and take customer orders by recording them on sales order forms. The forms are mailed by each salesperson each night to Cosmo's central data center for processing. The company has been besieged by customer complaints about how long it takes to receive their orders and about being shipped incorrect goods. Ajax, Inc., recently installed a new cash receipts system. A clerk keys in remittance data through a terminal located in the accounts receivable department. On the first day of operations, because of a program bug, all remittances entered failed to get posted to the accounts receivable master file. Although the computer performs an agreement of batch totals, the clerk had no idea that the system did not perform the master data update process.

_____

2.

_____

3.

_____

4.

_____

5.

_____

6.

_____

7.

_____

8.

Controlling Information Systems: Business Process Controls

207

_____

9.

At Infotech Inc., data entry clerks receive a variety of inputs from many departments throughout the company. In some cases, unauthorized inputs are keyed and entered into the computer.

ANS: System Failure 1. 2. 3. 4. 5. 6. 7. 8. 9. Answer D I E B H F A C G

5. The following is a list of 8 control plans: Control Plans A. Populate inputs with master data B. Cumulative sequence check C. Turnaround documents D. Document/record counts Required: Listed below are eight statements describing either the achievement of a control goal (i.e., a system success) or a system deficiency. On the blank line to the left of each number, insert the capital letter from the list above of the best control plan to achieve the described goal or to address the system deficiency. A letter should be used only once, with four letters left over. CONTROL GOALS OR SYSTEM DEFICIENCIES Answers _____ _____ 1. 2. Helps to achieve the information systems control goal of input accuracy by ensuring that dates are properly entered as MM/DD/YY. According the control matrix for data entry with batches, by using a prerecorded bar code to trigger an event, this control plan ensures effectiveness of operations and improves efficiency by reducing the amount of data that must be input and by improving the speed and productivity of data entry. In addition, this control plan improves input validity, and improves input accuracy. This control plan could help prevent the entry of inconsistent data elements, such as entering a tax code for a customer to whom sales should be E. Document design F. Preformatted screens G. Dependency check H. Hash total

_____

3.

208

Chapter 9
nontaxable.

_____

4.

According to the control matrix for data entry with master data, when the order entry clerk types in the customer number, the system automatically retrieves the customer's name, address, and other standing data from the customer master data. In this way, resources are used more efficiently. This control plan should prevent a field salesperson from omitting data elements when filling in the sales order form on his/her notebook computer. In entering a batch of remittance advices into the computer, an operator made several errors in keying the customer identification numbers. However, the errors were detected when the total of the customer ID numbers that were input did not agree with the corresponding total calculated from the source documents. This control plan helps to identify duplicate, missing, and out-of-range document numbers by comparing input numbers with a previously stored number range. This batch control total does not help to ensure input accuracy, nor would it detect the fact that one record in a batch was removed and substituted with another.

_____ _____

5. 6.

_____

7.

_____

8.

ANS: Control Goal/ System Deficiency 1. 2. 3. 4. Control Goal/ System Deficiency 5. 6. 7. 8.

Answer F C G A

Answer E H B D

6. The following is a systems flowchart for data entry with master data available. Create a control matrix based on this flowchart.

Controlling Information Systems: Business Process Controls

209

Use the following columns for your control matrix from left to right: 1. Recommended control plans Control Goals for the Operations Process 2. Ensure effectiveness of operations 3. Ensure efficient employment of resources 4. Ensure security of resources Control Goals for the Information Process 5. For the (blank) inputs, ensure: Divide this column up into IV, IC, IA columns 6. For the (blank) master data, ensure: Divide this column up into UC, UA columns Use a legend: IV = Input Validity IC = Input completeness IA = Input accuracy UC = Update completeness UA = Update accuracy ANS:

210

Chapter 9