Upload
marmahhadi
View
231
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Process control principles
Citation preview
Chapter 9
Controlling Controlling
Information Information Systems:Systems:
Process ControlsProcess Controls
Learning Objectives
To be able to prepare a control matrix
To describe the generic process control plans introduced in this chapter
To describe how these process controls accomplish control goals
To describe why these generic process controls are important to organizations with enterprise systems and those that are engaged in e-business
Control Matrix
Tool to determine appropriate control plans and relate them to control goals
Elements of matrix: Control Goals Recommended Control Plans Cell entries Explanations / details for each plan
Elements of the
Control Matrix
FIGURE 9.1FIGURE 9.1
Causeway Company Annotated Systems Flowchart
FIGURE 9.2FIGURE 9.2
Steps in Preparing the Control Matrix Review system flowchart and related
narrative Identify business process Important resources Input, output, storage Master data being updated
List goals related to process List set of recommended control plans
Steps in Preparing the Control Matrix (cont’d) Examine flowchart and narrative
Try to identify problem/weak spots, opportunities for control For implemented control plan, indicate “P-1, P-2, etc” For missing control plan, enter “M-1, M-2, etc”
At bottom of control matrix Provide short statement about how each existing control
plan satisfies related control goal. Provide statement about the significance of each missing
control plan.
Systems Flowchart Data Entry Without
Master Data Available
FIGURE 9.3FIGURE 9.3
FIGURE 9.4FIGURE 9.4
Control Matrix for Data Entry
Without Master Data
KEY:Possible operations process goals include:A = To ensure timely processing of (blank) event dataB = (describe)
IV = input validityIC = input completenessIA = input accuracyUC = update completenessUA = update accuracy
Online Processing Control Plans P-1: Document design
Source document is designed in such a way that makes it easier to prepare initially and later to input data from the document.
P-2: Written approvals Requiring a signature or initials on a document to
indicate that a person has authorized the event.
Online Processing Control Plans (cont.) P-3: Preformatted screens
Help guide entry of data. Data type, field length, input masks. Cursor moves to fields. Goal – reduce mistakes
P-4: Online prompting Program prompts user to work in sequence and
asks questions that control operations. Context-sensitive help (intelligent agent) Lookup wizards
Online Processing Control Plans (cont.) P-5: Programmed edit checks
Automatically performed when data entered. Reasonableness (limit checks): tests whether
data fall within predetermined limits (e.g.,< $5,000/week pay).
Check digit verification – control built into account numbers. Example – account #123 becomes #1236
Math accuracy: does math independently; checks user’s calculations.
Online Processing Control Plans (cont’d) P-5: Programmed edit checks (cont’d)
Format checks—tests format on input Missing data Alpha in alpha fields; numbers in numeric fields Input field proper size Input field within set range (example: customer gender)
P-6: Interactive feedback checks Feedback to user that entry is accepted/rejected.
Online Processing Control Plans (cont’d) P-7: Procedures for rejected inputs
Designed to ensure that rejected data (not accepted for processing) are corrected and resubmitted for processing.
M-1: Key verification Documents keyed by one individual and rekeyed
by another individual. Very expensive technique
Additional issues in data entry controls Automation – scanning of documents, bar
codes Entry of customer data may be unnecessary
if EDI or e-business methods are used Integrated IS and ERP systems eliminate
need for data entry between different parts of organization
Security Controls
Critical in e-business VISA recommends the following items:
network firewall security patches encryption of stored and transmitted data use of updated anti-virus software access controls – user IDs / passwords screening of employees with access to data secured access to hardware / disks destroy unneeded records
Systems Flowchart Data Entry with
Master Data Available
Control Matrix for Data Entry
with Master Data
FIGURE 9.6FIGURE 9.6
IV = Input validityIC = Input completenessIA = Input accuracyUC = Update completenessUA = Update accuracy
Key: Operations ProcessPossible operations include:A = Ensure timely processing of order event dataB = (describe)
Systems Flowchart Data Entry with
Batches
FIGURE 9.7FIGURE 9.7
Control Matrix for Data Entry with Batches
FIGURE 9.8FIGURE 9.8
KEY: Operations processPossible operations process include:A = To ensure timely processing of shipping event dataB = (describe)
IV = input validityIC = input completenessIA = input accuracyUC = update completenessUA = update accuracy
Control Plans: Batch Calculate batch totals -
Document/record counts Item or line counts Dollar totals Hash totals - total of fields not normally totaled
Example: invoices, parts, and social security numbers.
Computer agreement of batch totals Batch total calculated manually and entered with
batch. Computer accumulates batch total during processing. Computer generates report comparing totals.
Control Plans: Batch (cont.) Manual agreement of batch totals
Similar to above except manually calculated batch totals not submitted to computer.
Computer produces report with batch total. Person compares two and takes appropriate action.
Sequence checks Controlling sequentially numbered documents
Accounting for all numbers in sequence to find missing documents.
Applies to sequentially numbered batches of documents to ensure they are in order.
Control Plans: Batch (cont’d) Key verification
Extremely expensive control plan where a second data entry person keys in source data to compare with data already entered. Rarely used in practice.
Written approvals A requirement that handwritten signatures be affixed
to documents indicating approval/authorization. Computer preparation of business documents
Part of output of computer process More efficient (and legible) than manual processes
Control Plans - Batch (cont’d) Rejection procedures
Establish procedures to be followed when errors are entered and erroneous records rejected by computer.
Rejected records may written to a suspense file and require periodic follow-up.
Prerecorded data Examples: serial numbers, MICR a/c #s, dept. #s Printed on forms so that manual entry is not required. Turnaround documents
Prerecorded data to capture input on subsequent processing. Example: RA stub attached to invoice.
Computer Agreement of Batch Totals Control Plan
FIGURE 9.9FIGURE 9.9