Upload
stella-finch
View
24
Download
1
Embed Size (px)
DESCRIPTION
Information Systems Development MIS331. Internal Controls for Inputs and Outputs. Agenda. Control Types Control Systems Input Controls Check digit calculations Output Controls. Why Control?. Inputs Helps ensure that the data input to the system is accurate. - PowerPoint PPT Presentation
Citation preview
04/19/23 MIS331 2
Agenda
• Control Types
• Control Systems
• Input Controls– Check digit calculations
• Output Controls
04/19/23 MIS331 3
Why Control?• Inputs
– Helps ensure that the data input to the system is accurate.
– Helps protect the system from accidental and/or intentional errors and abuse, including fraud.
• Outputs– Helps ensure reliability and distribution of
outputs generated by the system.
04/19/23 MIS331 4
Control Types
• Preventive control– Intention is to create a mechanism by
which the undesired state is never realized.– If 100% effective, risk is completely
eliminated by one or more appropriate preventive controls.
• Examples?
04/19/23 MIS331 5
Control Types
• Detective control– Intention is to create a mechanism by
which the undesired state, when present, is detected.
– If 100% effective, risk is completely detectable and identifiable by one or more appropriate detective controls.
• Examples?
04/19/23 MIS331 6
Control Types
• Corrective control– Intention is to create a mechanism by
which the undesired state, when detected, is is returned to a desired state or set of conditions.
– If 100% effective, risk is completely correctable by one or more appropriate corrective controls.
• Examples?
04/19/23 MIS331 7
Control Systems
• The key issue is that no single preventive control will be 100% effective in managing the risk or undesired state.
• What is needed is some combination of control types that serve to effectively manage the risk in question.
04/19/23 MIS331 8
Effective versus Efficient
• Effective means the control accomplishes the goal or objective.
• Efficient means that it accomplishes this goal in an affordable, manageable, and timely manner.– Sometimes there must be a tradeoff based
on probability of occurrence of the risk in question.
04/19/23 MIS331 9
Exposure Occurrence Rates
• Human errors– Data entry errors– Console entry errors– Wrong file or program– File damaged in handling
04/19/23 MIS331 10
Exposure Occurrence Rates
• Hardware/Software Failures– Loss of data– Logic error– Interrupt operation
04/19/23 MIS331 11
Exposure Occurrence Rates• Computer Abuse
– Theft
– Embezzlement
– Fraud
– Espionage
– Invasion of Privacy (cracking)
– Maliciousness (hacking)
04/19/23 MIS331 13
Input Controls
• Monitor number of inputs to system– transaction logging– batch control slips– one-for-one checking
• match each source document with a corresponding historical report detail line confirming that the document was entered and processed.
04/19/23 MIS331 14
Input Controls
• Data validity checks– completeness check
• Have all required fields been entered?
– Limit and range check• Does the input data fall within a legitimate set or range
of values.
– Combination check• Determines whether a known relationship or set of
relationships between two fields is valid.– Ex: if VEHICLE MAKE is “Pontiac”, then VEHICLE
MODEL must be one of the models made by Pontiac.
04/19/23 MIS331 15
Input Controls
• Picture Checks– Does the data entered “look like” the
prescribed pattern for this field?• If field expects XX999AA (2 of anything, 3
numbers, and 2 letters) then 127A121C as a data entry does not match the picture.
– Self-checking digits (check digit)• Can be used to determine data entry errors on
primary keys, checking account numbers, etc.
04/19/23 MIS331 16
Modulus 11 Check Digit
STEP 1: Determine the size of the field in digits
24135 = 5 digits
STEP 2: Number each digit location from either right or left beginning with the number “2.”
2 4 1 3 5
6 5 4 3 2
STEP 3: Multiply each digit in the field by its assigned location number.
2 x 6 = 12
4 x 5 = 20
1 x 4 = 4
3 x 3 = 9
5 x 2 = 10
04/19/23 MIS331 17
Modulus 11 Check Digit
STEP 4: Sum the products from step 3.
12 + 20 + 4 + 9 + 10 = 55
STEP 5: Divide the sum from step 4 by 11
55/11 = 5 remainder 0
STEP 6: If the remainder is less than 10, append the remainder digit to the field.
If the remainder is equal to 10, append the character “X” to the field.
241350
04/19/23 MIS331 18
Output Controls
• Specify the timing and volume of each output precisely.– Daily reports? Daily when?– On demand? 24-7?
• Specify the distribution or access to each output.– Who gets, or can get, what report and
when?
04/19/23 MIS331 19
Output Controls
• Password control for certain output functions.
• Use control totals where appropriate.– The number of records input or delivered
as the result of a query should equal the number of records output by the process.
• In other words, did we get all that we asked for?