Please enable JavaScript.

Coggle requires JavaScript to display documents.

UNIT 6 COMPUTERS - Coggle Diagram

- - - - 1 Terminals:
        
        TINS (Terminal identification numbers) (Username);
        
        Limited access to system (to specific applications);
        
        Automatic log off after 5 minutes of non-use;
        
        Shut down after 3 unsuccessful login attempts;
        
        Limited to 1 workstation log on
        
        Investigation into each disconnection;
        
        Simultaneous login prohibited
      - 2 Identification of users:
        
        User ID’s & passwords
        
        Verify IP address
        
        Magnetic cards;
        
        Voice recognition / fingerprints (use of biometric data).
      - 3 Authorization of users:
        
        Logon ID’s;
        
        Passwords;
        
        Multilevel passwords;
        
        User matrixes;
        
        Passwords for specific authorised levels
      - 4 Monitor access and processing:
        
        Audit trails reviewed for daily activities;
        
        Console logs and activity registers
        
        Application software (unauthorised access);
        
        Firewalls.
      - 5 Communication lines and networks:
        
        Passwords;
        
        Dial & dial back
        
        Identification data;
        
        Different routes for sensitive data;
        
        Encryption of data.
      - 6 Password control:
        Password strength
        
        Minimum 6 characters (Minimum length);
        
        Alpha /numerical
        
        CAPITAL LETTERS AND small caps;
        
        and other - ! @ # *;
        
        Not easily guessed not shown on screen;
        
        Changed regularly;
        
        Automatic system request;
        
        Re-use of password prohibited.
        
        Confidentiality emphasised;
        
        Cancelled on resignation/ dismissal;
        
        Cancelled after period of inactivity
        
        Use for authorisation
        
        Limit access to part of system;
        
        Limit access to certain times of day;
        
        Authorization levels linked
      - 7 Program libraries
        
        Access to backup programs controlled by access software;
        
        Passwords;
        
        Updating authorised.
      - 8 Utilities:
        (These include antivirus, backup, disk repair, file management, security, and networking programs)
        
        Stored separately
        -Use logged and reviewed.
  - - - A self developed system consist of 5 sub-sections (as explained below from a-e):
        
        a Project authorisation and management;
        
        -There should be an IT Steering Committee.
        
        The IT Steering committee, is made up of senior management from both user and computer departments.
        
        The steering committee must ensure that :
        
        The project is authorised;
        
        Timetables are adhered to;
        
        Budgets are achieved;
        
        Quality requirements are met.
        
        There should be involvement from the following departments during development:
        -User department:
        departmental requirements are incorporated in new system and internal/external auditors are involved.
        -Data processing department:
        assist with technical soundness, system is compatible and test operational aspects
        -Quality control department:
        correct standard of design, proper testing and programme is documented.
        
        A feasibility study should be performed to determine if the company should buy / self-develop a programme. A cost versus benefit analysis should also be done.
        
        A project team will do the following:
        1 The day to day management of the project
        2 Ensure the project is developed in stages
        3 Prepare timetables for each stage of the development.
        
        Project should be authorised after feasibility study is conducted.
        
        b System specification and user needs;
        
        There are two methods of specifying systems:
        
        Prototype systems:
        
        Design a prototype
        
        Allow the user department to try it out;
        
        Refine the design through a series of prototypes.
        
        Traditional method:
        
        Written systems specification by means of discussions between the data processing department and users
        
        c System design and programming standards;
        
        These standards will ensure:
        -interacts properly with existing systems and system software;
        -appropriate control-related programmed procedures are built in;
        -supervision over system design
        -complies with predetermined standards;
        -It should always be done on a program library and not live data.
        
        d Testing of new system; and
        
        Carried out in 3 stages:
        
        Program testing
        Checking the logic of the program to their specs
        
        System testing
        Ensure the logic of various individual programs links together to form a system in-line with the detailed system description.
        
        Live testing:
        Parallel running:
        New system in parallel with old system.
        Pilot running:
        Introduce system for only small portion.
        
        e Conversion to new system.
        
        1 Planning and preparation
        
        Prepare timetables for conversion;
        
        Define methods used (e.g. parallel / pilot);
        
        Determine cut-off dates;
        
        Prepare data files for conversion (e.g. Standing data);
        
        Training of staff;
        
        Balance files on old system ;
        
        Prepare premises (constant power / air-con).
        
        2 Control over conversion of data by data control group:
        -Supervision by senior management;
        -Auditor involvement
        
        3 Update system documentation:
        
        System flowcharts
        
        System descriptions
        
        Operating manuals
        
        4 Testing:
        
        Balancing old files with new files;
        
        Third party confirmations
        
        Follow up of exception reports
        
        Comparison with data run on old system (parallel);
        
        Manual comparison of data;
        
        Approval by users.
        
        5 Backup of new system.
        
        6 Post-implementation review.
    - - A purchased package system consist of 2 sub-sections (as explained below from a-b):
        
        a Specification and selection of packages; and
        
        Discussions with other users;
        
        Observing operation of package;
        
        Questioning other users of package
        
        b Implementation and testing of packages.
        
        Testng
        
        Independent testing;
        
        Review of experiences of other users.
        
        Implementation:
        Involvement of:
        
        User departments;
        
        Data processing;
        
        Management;
        
        Quality assurance.
  - - - Staff
        
        Inform staff members against dangers;
        
        Train users of microcomputers
        
        Reporting procedures in case of infection;
        
        Limit the use of microcomputers to authorised staff.
      - Data file protection:
        
        Install virus detection software
        
        Test data files for viruses before use
        
        Regular backups.
      - Software protection:
        
        Software purchases from should be done from a reputable supplier
        
        Take care with use of “free” of “public domain” programs;
        
        Do not lend out program disks;
        
        Do not use illegal copies.
      - Supervision and review:
        
        By CIS manager, divisional managers, section heads;
        
        System investigations by internal and external audit.
  - - - Complete;
      - All changes are valid;
      - All changes are properly tested;
      - All information is backed-up and recovery procedures are in place.
    - - Change forms are to be pre-numbered and locked away when not required
      - Any change requests made by the users of the system:
        
        must be approved by the Line Manager of the user; and
        
        a reason as to why the change is necessary must be provided.
      - All change forms need to be signed by Management or the Computer Steering Committee prior to the change being effected;
        
        After the change has been made, an IT expert is to test the change to determine if it has been made as per the approved change request and is working effectively.
- - - - 1 Reconciliations:
        
        Input to output
        2 Review of outputs
        
        By CIS users
        
        Check for obvious errors
        
        Accuracy of calculations
        
        Postings from sub ledgers to GL
        
        Completeness of Output
        
        1 Reports:
        Should be sequentially numbered
        Contain end of report messages
        Have page counts
        2 Reconciliations:
        Input to output
        3 Sequence checks:
        On page numbers or document numbers
        4 Review of reports:
        
        By users
        They should inspect for:
        
        Numerical sequence
        
        Missing items
        
        Follow up with senior management
- - - - Accuracy of Input
        
        1 Matching by the computer:
        
        Input transactions with data on file
        
        Info generated by computer e.g. prices
        
        Any unmatched items should be printed on an exception report and should be followed up by senior management
        2 Review by users or senior staff
        3 Edit Checks
        4 Staff training
        
        All the users need to be given training on how to use the system.
        
        Operating and instruction manuals should also be provided.
        5 Control over documents
        
        should be well designed to minimize errors
        6 Control over screens
        – should be user friendly to minimize errors
        
        Edit Checks
        
        These are controls that have been built into the system and will be performed by the computer.
        The following are edit checks:
        1 Field presence checks;
        2 Formatting check;
        3 Screen check (only check that is a manual check);
        4 Validity or existence check
        5 Limit or reasonableness check
        6 Dependency check
        7 Field size check
        8 Screen prompts
        9 Logic check
        10 Sign check
        11 Specific character check; and
        12 Arithmetic check
        
        Completeness of Input
        
        1 Stationary controls
        2 Matching by the computer
        3 Sequential testing by the computer
        
        Numeric sequence; and
        
        Any missing numbers should be printed on an exception report and followed up by senior management
        4 Review of output reports by users:
        -To ensure there is numeric sequence
        
        Follow up on missing numbers; and
        
        Balancing of inputs with outputs
        5 Examining of processing logs:
        -For missing entries
        
        Any missing entries should be printed on an exception report and should be followed up by senior management
        6 Control totals:
        These controls are built into the computer system Three types, namely
        1 Financial Totals
        
        Ensures that the totals of the fields that hold monetary value is equal to the total that has been entered
        2 Hash Totals
        
        Ensures that the totals of the fields that are numeric is equal to all the numeric fields that have been entered
        3 Record counts
        
        Ensures that the total number of records are equal to the total number of records you have submitted
- - - - Accuracy of Processing
        
        1 Operator manuals and instructions:
        
        Should be in place
        2 Controls over hardware:
        
        To ensure accurate operating of the hardware
        3 Edit checks
        4 Physical checking of accuracy by users
        5 Review and follow up on exception reports
        6 Recons and balancing:
        Through control totals
        7 Scrutiny by users of processed info for accuracy
        8 Checking postings by users:
        
        To ensure that the transactions have been posted to the correct accounting document
        9 Supervision and review:
        
        By senior management
        
        Completeness of Processing
        
        Control totals
        Reconciliations of accounts and balances:
        To ensure the subsidiary ledgers recons with the GL
        Sequential testing by the computer:
        Numeric sequence
        Any missing or duplicate number should be printed on an exception reports and should be followed up by senior management
        Processing logs:
        Should be reviewed by senior management if there are any interruptions
        Breakpoint re-runs:
        If processing stop or is interrupted this function will ensure that it will restart at the correct point
        Error reports:
        Should be processed and reviewed by senior management
        Adequate back up procedures:
        Regular backups on rotational basis
        On-line/Real-time backups
        Store back-up files on separate premises
        Store in fireproof safe
        Retention of files / records for required times