Scribd Logo
Importer

Bienvenue sur Scribd !

  • Controlling Information Systems: Process Controls Chapter 9

    Transféré par

    marmah_hadi
    42 vues25 pages
    This document discusses process controls for information systems. It describes control matrices which relate control goals to recommended control plans. Various generic process control plans are introduced, including online edit checks, batch total verification, and security measures. The document provides examples of control matrices mapping these plans to processes for data entry with and without master data available.

    Description originale:

    Process control principles

    Titre original

    Ch09 - Process Control in MIS-Gelinas

    Copyright

    © © All Rights Reserved

    Formats disponibles

    PPT, PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    This document discusses process controls for information systems. It describes control matrices which relate control goals to recommended control plans. Various generic process control plans are introduced, including online edit checks, batch total verification, and security measures. The document provides examples of control matrices mapping these plans to processes for data entry with and without master data available.

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PPT, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    42 vues25 pages

    Controlling Information Systems: Process Controls Chapter 9

    Transféré par

    marmah_hadi
    This document discusses process controls for information systems. It describes control matrices which relate control goals to recommended control plans. Various generic process control plans are introduced, including online edit checks, batch total verification, and security measures. The document provides examples of control matrices mapping these plans to processes for data entry with and without master data available.

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PPT, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 25

    Controlling

    Information
    Systems:
    Process Controls

    Chapter 9

    Learning Objectives

    To be able to prepare a control matrix

    To describe the generic process control plans introduced


    in this chapter

    To describe how these process controls accomplish


    control goals

    To describe why these generic process controls are


    important to organizations with enterprise systems and
    those that are engaged in e-business

    Control Matrix

    Tool to determine appropriate control plans


    and relate them to control goals
    Elements of matrix:

    Control Goals
    Recommended Control Plans
    Cell entries
    Explanations / details for each plan

    Elements
    of the
    Control
    Matrix

    FIGURE 9.1

    Causeway Company Annotated


    Systems Flowchart

    FIGURE 9.2

    Steps in Preparing the


    Control Matrix

    Review system flowchart and related


    narrative

    Identify business process


    Important resources
    Input, output, storage
    Master data being updated

    List goals related to process


    List set of recommended control plans

    Steps in Preparing the


    Control Matrix (contd)

    Examine flowchart and narrative

    Try to identify problem/weak spots, opportunities for control


    For implemented control plan, indicate P-1, P-2, etc
    For missing control plan, enter M-1, M-2, etc

    At bottom of control matrix

    Provide short statement about how each existing control


    plan satisfies related control goal.
    Provide statement about the significance of each missing
    control plan.

    Systems Flowchart
    Data Entry Without
    Master Data Available

    FIGURE 9.3

    Control Matrix
    for Data Entry
    Without
    Master Data

    KEY:
    Possible operations process goals include:
    A = To ensure timely processing of (blank) event data
    B = (describe)

    IV = input validity
    IC = input completeness
    IA = input accuracy
    UC = update completeness
    UA = update accuracy

    FIGURE 9.4

    Online Processing Control


    Plans

    P-1: Document design

    Source document is designed in such a way that


    makes it easier to prepare initially and later to
    input data from the document.

    P-2: Written approvals

    Requiring a signature or initials on a document to


    indicate that a person has authorized the event.

    Online Processing Control


    Plans (cont.)

    P-3: Preformatted screens

    Help guide entry of data.


    Data type, field length, input masks.
    Cursor moves to fields.
    Goal reduce mistakes

    P-4: Online prompting

    Program prompts user to work in sequence and


    asks questions that control operations.
    Context-sensitive help (intelligent agent)
    Lookup wizards

    Online Processing Control


    Plans (cont.)

    P-5: Programmed edit checks

    Automatically performed when data entered.


    Reasonableness (limit checks): tests whether
    data fall within predetermined limits (e.g.,<
    $5,000/week pay).
    Check digit verification control built into
    account numbers. Example account #123
    becomes #1236
    Math accuracy: does math independently;
    checks users calculations.

    Online Processing Control


    Plans (contd)

    P-5: Programmed edit checks (contd)

    Format checkstests format on input

    Missing data
    Alpha in alpha fields; numbers in numeric fields
    Input field proper size
    Input field within set range (example: customer gender)

    P-6: Interactive feedback checks

    Feedback to user that entry is accepted/rejected.

    Online Processing Control


    Plans (contd)

    P-7: Procedures for rejected inputs

    Designed to ensure that rejected data (not


    accepted for processing) are corrected and
    resubmitted for processing.

    M-1: Key verification

    Documents keyed by one individual and rekeyed


    by another individual.
    Very expensive technique

    Additional issues in data entry


    controls

    Automation scanning of documents, bar


    codes
    Entry of customer data may be unnecessary
    if EDI or e-business methods are used
    Integrated IS and ERP systems eliminate
    need for data entry between different parts of
    organization

    Security Controls

    Critical in e-business
    VISA recommends the following items:

    network firewall
    security patches
    encryption of stored and transmitted data
    use of updated anti-virus software
    access controls user IDs / passwords
    screening of employees with access to data
    secured access to hardware / disks
    destroy unneeded records

    Systems Flowchart
    Data Entry with
    Master Data
    Available

    Control Matrix
    for Data Entry
    with
    Master Data

    Key: Operations Process


    Possible operations include:
    A = Ensure timely processing of order event data
    B = (describe)

    IV = Input validity
    IC = Input completeness
    IA = Input accuracy
    UC = Update completeness
    UA = Update accuracy

    FIGURE 9.6

    Systems Flowchart
    Data Entry with
    Batches

    FIGURE 9.7

    Control Matrix
    for Data Entry
    with Batches

    KEY: Operations process


    Possible operations process include:
    A = To ensure timely processing of shipping event data
    B = (describe)

    IV = input validity
    IC = input completeness
    IA = input accuracy
    UC = update completeness
    UA = update accuracy

    FIGURE 9.8

    Control Plans: Batch

    Calculate batch totals Document/record counts


    Item or line counts
    Dollar totals
    Hash totals - total of fields not normally totaled
    Example: invoices, parts, and social security
    numbers.
    Computer agreement of batch totals
    Batch total calculated manually and entered with batch.
    Computer accumulates batch total during processing.
    Computer generates report comparing totals.

    Control Plans: Batch (cont.)

    Manual agreement of batch totals


    Similar to above except manually calculated batch
    totals not submitted to computer.
    Computer produces report with batch total.
    Person compares two and takes appropriate action.
    Sequence checks
    Controlling sequentially numbered documents
    Accounting for all numbers in sequence to find
    missing documents.
    Applies to sequentially numbered batches of
    documents to ensure they are in order.

    Control Plans: Batch (contd)

    Key verification
    Extremely expensive control plan where a second
    data entry person keys in source data to compare with
    data already entered. Rarely used in practice.
    Written approvals
    A requirement that handwritten signatures be affixed
    to documents indicating approval/authorization.
    Computer preparation of business documents
    Part of output of computer process
    More efficient (and legible) than manual processes

    Control Plans - Batch (contd)

    Rejection procedures
    Establish procedures to be followed when errors are
    entered and erroneous records rejected by computer.
    Rejected records may written to a suspense file and
    require periodic follow-up.
    Prerecorded data
    Examples: serial numbers, MICR a/c #s, dept. #s
    Printed on forms so that manual entry is not required.
    Turnaround documents
    Prerecorded data to capture input on subsequent
    processing. Example: RA stub attached to invoice.

    Computer Agreement of Batch Totals Control Plan

    FIGURE 9.9

    Vous aimerez peut-être aussi