1 / 20

Information Systems Development MIS331

Information Systems Development MIS331. Internal Controls for Inputs and Outputs. Agenda. Control Types Control Systems Input Controls Check digit calculations Output Controls. Why Control?. Inputs Helps ensure that the data input to the system is accurate.

stella-finch
Download Presentation

Information Systems Development MIS331

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information Systems DevelopmentMIS331 Internal Controls for Inputs and Outputs MIS331

  2. Agenda • Control Types • Control Systems • Input Controls • Check digit calculations • Output Controls MIS331

  3. Why Control? • Inputs • Helps ensure that the data input to the system is accurate. • Helps protect the system from accidental and/or intentional errors and abuse, including fraud. • Outputs • Helps ensure reliability and distribution of outputs generated by the system. MIS331

  4. Control Types • Preventive control • Intention is to create a mechanism by which the undesired state is never realized. • If 100% effective, risk is completely eliminated by one or more appropriate preventive controls. • Examples? MIS331

  5. Control Types • Detective control • Intention is to create a mechanism by which the undesired state, when present, is detected. • If 100% effective, risk is completely detectable and identifiable by one or more appropriate detective controls. • Examples? MIS331

  6. Control Types • Corrective control • Intention is to create a mechanism by which the undesired state, when detected, is is returned to a desired state or set of conditions. • If 100% effective, risk is completely correctable by one or more appropriate corrective controls. • Examples? MIS331

  7. Control Systems • The key issue is that no single preventive control will be 100% effective in managing the risk or undesired state. • What is needed is some combination of control types that serve to effectively manage the risk in question. MIS331

  8. Effective versus Efficient • Effective means the control accomplishes the goal or objective. • Efficient means that it accomplishes this goal in an affordable, manageable, and timely manner. • Sometimes there must be a tradeoff based on probability of occurrence of the risk in question. MIS331

  9. Exposure Occurrence Rates • Human errors • Data entry errors • Console entry errors • Wrong file or program • File damaged in handling MIS331

  10. Exposure Occurrence Rates • Hardware/Software Failures • Loss of data • Logic error • Interrupt operation MIS331

  11. Exposure Occurrence Rates • Computer Abuse • Theft • Embezzlement • Fraud • Espionage • Invasion of Privacy (cracking) • Maliciousness (hacking) MIS331

  12. Exposure Occurrence Rates • Catastrophe • Fire • Water • Wind • Civil disorder MIS331

  13. Input Controls • Monitor number of inputs to system • transaction logging • batch control slips • one-for-one checking • match each source document with a corresponding historical report detail line confirming that the document was entered and processed. MIS331

  14. Input Controls • Data validity checks • completeness check • Have all required fields been entered? • Limit and range check • Does the input data fall within a legitimate set or range of values. • Combination check • Determines whether a known relationship or set of relationships between two fields is valid. • Ex: if VEHICLE MAKE is “Pontiac”, then VEHICLE MODEL must be one of the models made by Pontiac. MIS331

  15. Input Controls • Picture Checks • Does the data entered “look like” the prescribed pattern for this field? • If field expects XX999AA (2 of anything, 3 numbers, and 2 letters) then 127A121C as a data entry does not match the picture. • Self-checking digits (check digit) • Can be used to determine data entry errors on primary keys, checking account numbers, etc. MIS331

  16. Modulus 11 Check Digit STEP 1: Determine the size of the field in digits 24135 = 5 digits STEP 2: Number each digit location from either right or left beginning with the number “2.” 2 4 1 3 5 6 5 4 3 2 STEP 3: Multiply each digit in the field by its assigned location number. 2 x 6 = 12 4 x 5 = 20 1 x 4 = 4 3 x 3 = 9 5 x 2 = 10 MIS331

  17. Modulus 11 Check Digit STEP 4: Sum the products from step 3. 12 + 20 + 4 + 9 + 10 = 55 STEP 5: Divide the sum from step 4 by 11 55/11 = 5 remainder 0 STEP 6: If the remainder is less than 10, append the remainder digit to the field. If the remainder is equal to 10, append the character “X” to the field. 241350 MIS331

  18. Output Controls • Specify the timing and volume of each output precisely. • Daily reports? Daily when? • On demand? 24-7? • Specify the distribution or access to each output. • Who gets, or can get, what report and when? MIS331

  19. Output Controls • Password control for certain output functions. • Use control totals where appropriate. • The number of records input or delivered as the result of a query should equal the number of records output by the process. • In other words, did we get all that we asked for? MIS331

  20. Upcoming Classes ... • Group C on Tuesday • economic feasibility analysis • No Class on Thursday, 4/3 • Group D on Tuesday, 4/8 • Ethics Discussion on 4/10 MIS331

More Related