ACC 3530 Chapter 13: Processing Integrity and Availability Controls

Processing Integrity Controls

this category of controls are implemented to allow the user of an AIS to entrust that their information is trustworthy and may be used for decision-making

Input Process Stage Controls

• forms design (e.g. sequentially renumbered documents, turnaround documents if receiving info or payment from a third party)

• cancellation and storage of source documents (e.g. mark as paid or entered)

• data entry controls

Data Entry Controls

• field check

• sign check

• limit check

• range check

• size check

• completeness check

• validity check

• reasonableness test

• check digit verification

Field Check

characters in a field are the proper type

Sign Check

data in a field is the appropriate arithmetic sign (i.e. positive or negative)

Limit Check

tests numerical amount against a fixed value

Range Check

tests numerical amount against lower and upper limits

Size Check

input data fits into the field

Completeness Check

verifies that all required data is entered

Validity Check

compares data from the transaction file to that of the master file to verify existence (e.g. ID code)

Reasonableness Test

correctness of logical relationship between two data items

Check Digit Verification

recalculating check digit to verify data entry error hasn’t been made

Sequence Check

test of batch data in proper numerical or alphabetical sequence

Batch Totals

• summarize numeric values for a batch of input records

  • financial total

  • hash total

  • record count

Prompting Controls

system prompts you for input (i.e. online completeness check)

Closed-Loop Verification

checks accuracy of input data by using it to retrieve and display other related information (e.g. customer account number retrieves the customer name)

Processing Controls

• data matching

• file labels

• recalculation of batch totals

• cross-footing

• zero-balance tests

• write-protection mechanisms

• concurrent update controls

Data Matching

two or more items must be matched before an action takes place (e.g. invoice and payment)

File Labels

• ensures correct and most update file is used

• header records (filename, expiration)

• trailer records (summary info, batch totals)

Cross-Footing

verifies accuracy by comparing two alternative ways of calculating the same total

Zero-Balance Tests

ensures proper value in control accounts (e.g. payroll clearing)

Write-Protection Mechanisms

protect against overwriting or erasing data

Concurrent Update Controls

prevent error of two or more users updating the same record at the same time

Output Controls

• user review of output

• reconciliation procedures

• data transmission controls

Reconciliation Procedures

• procedures to reconcile to control reports (e.g. general ledger A/R account reconciled to A/R subsidiary ledger)

• external data reconciliation (e.g. inventory count, external payroll system)

Data Transmission Controls

• checksum (using hash to verify accuracy)

• parity bit (extra bit added to each chunk of data)

• blockchain (ensure validation transactions and documents are not altered)

Controls to Minimize Downtime

• preventative maintenance

• fault tolerance

• data centre location and design

• training

• patch management and antivirus software

Fault Tolerance

• redundant arrays of independent disks (RAID) spreads data across multiple disks to survive failure

• clustering or load balancing

Data Center Location and Design

• raised floor

• fire suppression

• air conditioning

• uninterruptible power supply

• surge protection

Time and Cost Tradeoff of AIS Availability

• how much data are we willing to recreate from source documents (if they exist) or potentially lose (if no source documents exist)

• how long can we function without our information system

Recovery Point Objective (RPO)

how much data is potentially lost between time of last backup and the problem occurring

Recovery Time Objective (RTO)

how long the system was down between time of the problem and system restoration

Full Backup

exact copy of an entire database

Incremental Backup

partial backup which copies only items that have changed since last partial backup

Differential Backup

partial backup which copies all changes made since last full backup

Modern Backup Systems

• all servers backed up to a dedicated backup server

• initial backup of server is full

• perpetual incremental backups

• old data is pushed out based on retention time or disk space limits

• backup software allows restore of data from any point still stored

  • no tracking of full/differential/incremental

Hot Site

completely operational site with all necessary hardware and software

Cold Site

prewired site but would need to purchase hardware and software to operate

Business Continuity Plan (BCP)

• specifies how to resume all business processes in the event of a major calamity

• companies should regularly test their BCP to identify unanticipated risks and overlooked details