Please enable JavaScript.
Coggle requires JavaScript to display documents.
CHAPTER 10 -Processing Integrity and Availability Controls - Coggle…
CHAPTER 10 -Processing Integrity and
Availability Controls
Processing Integrity
INPUT CONTROLS
FORMS DESIGN
Two particularly important forms design controls involve:
All source documents should be
sequentially prenumbered
. Prenumbering improves control by making it possible to verify that no documents are missing.
A
turnaround document
is a record of company data sent to an external party and then returned by the external party for subsequent input to the system. Turnaround documents are prepared in machine-readable form to facilitate their subsequent processing as input records.
CANCELLATION AND STORAGE OF SOURCE DOCUMENTS
Source documents that have been entered into the system should be canceled so they cannot be inadvertently or fraudulently reentered into the system.
DATA ENTRY CONTROLS
this manual control must be supplemented with automated data entry controls, such as the following:
● A
field check
determines whether the characters in a field are of the proper type.
● A
sign check
determines whether the data in a field have the appropriate arithmetic sign.
● A
limit check
tests a numerical amount against a fixed value.
● A
range check
tests whether a numerical amount falls between predetermined lower and
upper limits.
● A
size check
ensures that the input data will fit into the assigned field.
● A
completeness check (or test
verifies that all required data items have been entered.
● A
validity check
compares the ID code or account number in transaction data with
similar data in the master file to verify that the account exists.
● A
reasonableness test
determines the correctness of the logical relationship between
two data items.
● ID codes (such as part numbers) can contain a
check digit
that is computed from the
other digits.
ADDITIONAL BATCH PROCESSING DATA ENTRY CONTROLS
sequence check
- An edit check that determines if a transaction file is in the proper numerical or alphabetical sequence.
batch totals
- The sum of a numerical item for a batch of documents, calculated prior to processing the batch, when the data are entered, and subsequently compared with computer-generated totals after each processing step to verify that the data was processed correctly
The following are three commonly used batch totals:
A
financial total
sums a field that contains monetary values, such as the total dollar
amount of all sales for a batch of sales transactions.
A
hash total
sums a nonfinancial numeric field, such as the total of the quantityordered field in a batch of sales transactions.
A
record count
is the number of records in a batch.
ADDITIONAL ONLINE DATA ENTRY CONTROLS
Prompting
- An online data entry completeness check that requests each required item of input data and then waits for an acceptable response before requesting the next required item.
closed-loop verification
- An input validation method that uses data entered into the system to retrieve and display other related information so that the data entry person can verify the accuracy of the input data.
“garbage in, garbage out” highlights the importance of input controls. If the data
entered into a system are inaccurate, incomplete, or invalid, the output will be too.
PROCESSING CONTROLS
Important processing controls include the following:
●
Data matching.
In certain cases, two or more items of data must be matched before an action can take place.
●
File labels.
File labels need to be checked to ensure that the correct and most current
files are being updated.
Two important types of internal labels are
header
and
trailer records
header record
- Type of internal label that appears at the beginning of each file and contains the file name, expiration date, and other file identification information.
trailer record
- Type of internal label that appears at the end of a file; in transaction files, the trailer record contains the batch totals calculated during input.
●
Recalculation of batch totals.
Batch totals should be recomputed as each transaction record is processed, and the total for the batch should then be compared to the values in the trailer record
●
Cross-footing and zero-balance tests.
Often totals can be calculated in multiple ways.
cross-footing balance test
- A processing control that verifies accuracy by comparing two alternative ways of calculating the same total.
zero-balance test
- A processing control that verifies that the balance of a control account equals zero after all entries to it have been made.
●
Write-protection mechanisms.
These protect against overwriting or erasing of data
files stored on magnetic media.
●
Concurrent update controls.
Errors can occur when two or more users attempt to update
the same record simultaneously.
Concurrent update controls
prevent such errors by locking out one user until the system has finished processing the transaction entered by the other.
OUTPUT CONTROLS
Important output controls include the following:
●
User review of output.
Users should carefully examine system output to verify that it is
reasonable, that it is complete, and that they are the intended recipients.
●
Reconciliation procedures.
Periodically, all transactions and other system updates
should be reconciled to control reports, file status/update reports, or other control mechanisms
●
External data reconciliation.
Database totals should periodically be reconciled with
data maintained outside the system.
●
Data transmission controls.
Organizations also need to implement controls designed to
minimize the risk of data transmission errors.
Two other common data transmission controls are:
Checksums.
When data are transmitted, the sending device can calculate a hash of
the file, called a checksum
Parity bits.
Computers represent characters as a set of binary digits called bits
ILLUSTRATIVE EXAMPLE: CREDIT SALES PROCESSING
INPUT CONTROLS
Validity checks identify transactions with invalid account numbers or invalid
inventory item numbers. Field checks verify that the quantity-ordered and price fields contain only numbers and that the date field follows the correct MM/DD/YYYY format.
PROCESSING CONTROLS
The system reads the header records for the customer and inventory master files and verifies that the most current version is being used. As each sales invoice is processed, limit checks are used to verify that the new sale does not increase that customer’s account balance beyond the pre-established credit limit
OUTPUT CONTROLS
Billing and shipping documents are routed to only authorized employees in the accounting and shipping departments, who visually inspect them for obvious errors. A control report that summarizes the transactions that were processed is sent to the sales, accounting, and inventory control managers for review
Processing these transactions includes the following steps:
(1) entering and editing the transaction data
(2) updating the customer and inventory records (the amount of the credit purchase is added to the customer’s balance; for each inventory item, the quantity sold is subtracted from the quantity on hand)
(3) preparing and distributing shipping and/or
billing documents
PROCESSING INTEGRITY CONTROLS IN SPREADSHEETS
Careful testing of spreadsheets before use could have prevented these kinds of costly mistakes. Although most spreadsheet software contains built-in “audit” features that can easily detect common errors, spreadsheets intended to support important decisions need more thorough testing to detect subtle errors.
Availability
MINIMIZING RISK OF SYSTEM DOWNTIME
fault tolerance
- The capability of a system to continue performing when there is a hardware failure.
redundant arrays of independent drives (RAID)
- A fault tolerance technique that records data on multiple disk drives instead of just one to reduce the risk of data loss.
Common design features include the following:
● Raised floors provide protection from damage caused by flooding.
● Fire detection and suppression devices reduce the likelihood of fire damage.
● Adequate air-conditioning systems reduce the likelihood of damage to computer equipment due to overheating or humidity.
● Cables with special plugs that cannot be easily removed reduce the risk of system damage due to accidental unplugging of the device.
● Surge-protection devices provide protection against temporary power fluctuations that
might otherwise cause computers and other network equipment to crash.
● An uninterruptible power supply (UPS) system provides protection in the event of a prolonged power outage, using battery power to enable the system to operate long enough to back up critical data and safely shut down
● Physical access controls reduce the risk of theft or damage.
RECOVERY AND RESUMPTION OF NORMAL OPERATIONS
DATA BACKUP PROCEDURES
full backup
- Exact copy of an
entire database.
the two types of daily partial backups:
incremental backup
- A type of partial backup that involves copying only the data items that have changed since the last partial backup. This produces a set of incremental backup files, each containing the results of one day’s transactions.
differential backup
- A type of partial backup that involves copying all changes made since the last full backup. Thus, each new differential backup file contains the cumulative effects of all activity since the last full backup
DISASTER RECOVERY AND BUSINESS CONTINUITY PLANNING
disaster recovery plan (DRP)
- A plan to restore an organization’s IT capability in the event that its data center is destroyed.
cold site
- A disaster recovery option that relies on access to an alternative facility that is prewired for necessary telephone and Internet access, but does not contain any computing equipment.
hot site
- A disaster recovery option that relies on access to a completely operational alternative data center that is not only prewired but also contains all necessary hardware and software.
real-time mirroring
- Maintaining complete copies of a database at two separate data centers and updating both copies in real-time as each transaction occurs.
business continuity plan (BCP)
- A plan that specifies how to resume not only IT operations but all business processes in the event of a major calamity
EFFECTS OF VIRTUALIZATION AND CLOUD COMPUTING
Virtualization
can significantly improve the efficiency and effectiveness of disaster recovery and resumption of normal operations
reduces the time needed to recover
(RTO) from hardware problems.
can also be used to support real-time mirroring in which two copies of each virtual machine are run in tandem on two separate physical hosts
Cloud computing
providers typically utilize banks of redundant servers in multiple locations, thereby reducing the risk that a single catastrophe could result in system downtime and the loss of all data.
if a public cloud provider goes out of business, it may be difficult, if not impossible,
to retrieve any data stored in the cloud.
accountants need to assess the long-run financial viability of a cloud provider before their organization commits to outsource any of its data or applications to a public cloud.
When a problem occurs, data about everything that has happened since the last backup is lost unless it can be reentered into the system. Thus, management’s answer to the first question determines the organization’s
recovery point objective (RPO)
, which represents the maximum amount of data that the organization is willing to have to reenter or potentially lose.
recovery time objective (RTO)
- The maximum tolerable time to restore an organization’s information system following a disaster, representing the length of time that the organization is willing to attempt to function without its information system.