1 / 63

Computer Based Information Systems Control

Learn about preventive, detective, and corrective controls in Chapter 7 of UAA ACCT 316 Fall 2003. Explore key reliability, availability, security, and maintainability controls to ensure a reliable system. Discover measures for organizational independence within the firm's information systems function.

jimbo
Download Presentation

Computer Based Information Systems Control

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer Based Information Systems Control UAA – ACCT 316 – Fall 2003 Accounting Information Systems Dr. Fred Barbee 8 Chapter

  2. SAS 29 (1958) This Chapter Text Chapter 7

  3. Encourage adherence to management policies and procedures. • Promote operational efficiency. • Safeguard assets • Ensure accuracy of accounting data and information.

  4. Preventive, Detective, and Corrective Controls Input Output Process Sensor Detective and Corrective Controls Corrective Controls Bench- mark

  5. Discover the occurrence of adverse events. Tend to be active in nature. After the fact controls Detective

  6. Corrective • Lead to the righting of effects caused by adverse events. • Tend to be more active than detective controls.

  7. Block adverse events, such as errors or losses from occurring. Tend to be passive in nature. Preventive

  8. Ensure that overall IS is stable and well maintained. • Ensure the accuracy of specific applications, inputs, files, programs & outputs.

  9. What Constitutes A Reliable System

  10. What Constitutes Reliability? • Availability • Security • Maintainability • Integrity

  11. Maintainability Availability Security Integrity Control Classifications By Objectives By Settings By Risk Aversion Administrative Accounting General Application Input Processing Output Corrective Preventive Detective

  12. Controls – The Text Approach • Key General Reliability Controls (> than one reliability principle) - Table 8-1 • Key Availability Controls - Table 8-2 • Key Security Controls - Table 8-3 • Key Maintainability Controls - Table 8-4 • Key Integrity Controls – Table 8-5

  13. General Reliability Controls • Strategic Planning & Budgeting • Developing a System Reliability Plan • Documentation

  14. Key Availability Controls • Minimizing System Downtime • Disaster Recovery Plan

  15. Key Security Controls • Segregation of Duties in Systems Function

  16. The Text Notes . . . • In a highly integrated AIS, procedures that used to be performed by separate individuals are combined. • Therefore, any person who has unrestricted access to the computer, its programs, and live data could have the opportunity to both perpetrate and conceal fraud.

  17. The Text Notes . . . • To combat this threat, organizations must implement compensating control procedures such as the effective segregation of duties within the AIS function.

  18. Organizational Independence Within the Information Systems Function of a Firm using Computer-Based processing Source: AIS, Wilkinson & Cerullo

  19. Tasks which CREATE systems. Tasks which OPERATE systems. Planning Staff Information Systems Manager Steering Committee Systems Development Manager Technical Services Manager Data-Base Administrator Data Processing Manager These two functions need to be ORGANIZATIONALLY and PHYSICALLY separated Programming Systems Analysis & Projects Information Center WHY? Data Preparation Computer Operations Data Library Data Control

  20. Flow of batched data within several units of an organization using computer-based processing. Source: AIS, Wilkinson & Cerullo

  21. Computer-Based Data Processing Department User Departments Control Section Data Preparation Section Computer Operations Data Library Data Input Receive & Log Convert Data Process Files • Record input data in control log. • Follow progress of processing. • Maintains control totals • Reconciles totals during processing. • Distribute output. • Monitors correction of errors. Independent of Log & Distribute Outputs Outputs Files Errors to be corrected Error Listing

  22. Computer-Based Data Processing Department User Departments Control Section Data Preparation Section Computer Operations Data Library Data Input Receive & Log Convert Data Process Files • Prepare and verify data for entry into processing. • What controls do we have here? • Batch controls • Various computer input controls. Log & Distribute Outputs Outputs Files Errors to be corrected Error Listing

  23. Computer-Based Data Processing Department User Departments Control Section Data Preparation Section Computer Operations Data Library Data Input Receive & Log Convert Data Process Files • Processes data to produce outputs. • What controls do we have here? • Various computer processing controls. Log & Distribute Outputs Outputs Files Errors to be corrected Error Listing

  24. Simplified organizational separation in a computer-based system using on-line processing. Source: AIS, Wilkinson & Cerullo

  25. User Departments Computer Operations On-Line Files (Data Library) Data Inputs Batch Files Process Displayed Outputs On- Line Files Printed Outputs

  26. Subdivisions of transaction (application) controls and typical control points. Source: AIS, Wilkinson & Cerullo

  27. Processing Controls Output Controls Input Controls Editing Computer-Based Data Processing Source Document Convert To MRF Trans. Data Source Document User Manual Entry Transaction Via Terminal Soft-Copy Output User Control Point

  28. Key Security Controls • Segregation of Duties in Systems Function • Physical Access Controls

  29. Perimeter Control Building Controls Computer Facility Controls Physical Access Controls

  30. Key Security Controls • Segregation of Duties in Systems Function • Physical Access Controls • Logical Access Controls

  31. Logical Access Controls Identification Authentication Access Rights Threat Monitoring

  32. Key Security Controls • Protection of Personal Computers and Client/Server Networks • Internet and e-commerce Controls

  33. Key Maintainability Controls • Project Development and Acquisition Controls. • Change Management Controls

  34. Ensure that overall IS is stable and well maintained. • Ensure the accuracy of specific applications, inputs, files, programs & outputs.

  35. Objectives of Application Controls • To prevent, detect, and correct errors in transactions • as they flow through the various stages of a specific data processing program. Input Output Process

  36. Objectives of Application Controls • The text correctly notes . . . • If application controls are weak • AIS output is likely to contain errors. • Erroneous data leads to significant potential problems

  37. Key Integrity Controls • Source Data Controls • Input Validation Controls • On-Line Data Entry Controls • Data Processing and Storage Controls

  38. Key Integrity Controls • Output Controls • Data Transmission Controls

  39. Input Output Process

  40. Key Integrity Controls Source Data Controls

  41. Source Data Controls • Ensure that all source documents are authorized, accurate, complete, properly accounted for and entered into the system or sent to their intended destinations in a timely manner.

  42. Source Data Controls • Forms Design • Prenumbered Forms Sequence Test • Turnaround Documents • Cancelation and Storage of Documents

  43. Source Data Controls • Authorization and Segregation of Duties • Visual Scanning • Check Digit Verification • Key Verification

  44. Key Integrity Controls Input Validation Controls

  45. Input Validation Routines • Routines that check the integrity of input data as the data are entered into the system. • Edit Programs • Edit Checks

  46. Input Validation Routines • Sequence Check • Field Check • Sign Check • Validity Check • Limit Check

  47. Input Validation Routines • Range Check • Reasonableness Test • Redundant Data Check • Capacity Check

  48. Key Integrity Controls On-Line Data Entry Controls

  49. On-Line Data Entry Controls • To ensure the integrity of transaction data entered from on-line terminals and PCs by minimizing errors and omissions.

More Related