Chapter 13: Processing Integrity and Availability controls

Crypto accounting treatment under IAS 38

Companies are to use the revaluation model as most companies hold crypto that is actively traded and fair value can be reliably measure.

How should Crypto gains be treated.

Recognize any FV movements above the cost in OCI through a revaluation surplus account.

How should Crypto losses be treated.

Fair value movements below the cost are recognized in profit or loss.

Processing integrity

Data are processed accurately, completely, timely, and only with proper authorization.

Availability

System and information are available to meet obligations.

Field Check

If characters in a field are of the proper type

Sign Check

If data in a field have appropriate sign (positive/negative)

Limit (Range) check

Tests numerical amount against lower and upper limits

Reasonableness test

Check correctness of logical relationship between multiple data items

Completeness check

Verifies that all required data are entered

Size check

Input data must fit into the assigned field

Prevent buffer overflow vulnerability

Validity check

Compares data in transactions with similar data in master files to verify the existence

Check digit verification

Recalculating “check digit” (e.g., the 10th digit) to identify data entry error

Closed-loop verification

Checks the accuracy of input data (e.g., account number) by using it to retrieve and display other related information (e.g., account name).

What are input controls used for?

Data entery Controls

What are the types of input controls

Field check, Sign check, Limit (Range) check, Reasonableness test, Completeness check, Size check, Validity check, Check digit verification and Closed-loop verification.

What are processing controls used for?

Ensure Processing Integrity

Data matching

Two or more items must be matched (e.g., invoice matches with purchase order and receiving report) before an action (e.g., payment) takes place

File labels

Programs should read the file header prior to processing, to ensure the correct file is used

batch totals

to ensure that ALL records in a batch are processed correctly:

• Financial total

• Hash total (for non-financial numerical field)

• Record count

Cross-footing test

Verifies accuracy by comparing two alternative ways of calculating the same total

Write-protection mechanisms

Protect against overwriting or erasing data

Concurrent update controls

Prevent two or more users updating the same record at the same time

what are outputs controls used fro

detect processing errors

What do output controls detect?

User review of output;

Reconciliation within the system (e.g., general ledger reconciled to subsidiary ledgers);

External data reconciliation with data maintained outside the system (e.g., inventory physical count reconciled to quantities recorded in the database);

Data transmission controls

minimize errors during data transmission (e.g., checksums, blockchain).

Availability objectives

To minimize risk of system downtime

Quick and complete recovery and resumption of normal operations.

Availability Key Controls

Preventive maintenance, Fault tolerance, Data center location and design, Training, Patch management, antivirus software, Backup procedures, Disaster recovery plan (DRP), Business continuity plan (BCP)

Two objectives of recovery

recovery point objective (RPO) and Recovery time objective (RTO)

RPO

Determines how much data is potential lost and how much data can be lost

RTO

determines how long system is down for and how long they can be down for

What are the two main requriments when designing a plan

backup procedures (e.g., daily, hourly; incremental or differential)

disaster recovery plan (cold site, hot site, real-time mirroring)

How does clout computing help system availability

disaster recovery is set up in a different region. All data and apps are updated in real-time on both sites

Fault tolerance

system remain up despite failures of some components;

Scalability

during peak demand, cloud vendor can (automatically) add more resources, preventing crashes from overload

Disaster recovery

quickly recover from serious system disruptions