Beruflich Dokumente
Kultur Dokumente
Information
Systems
9th Edition
Marshall B. Romney
Paul John Steinbart
8-1
Computer Controls
and Security
Chapter 8
8-2
Learning Objectives
1.
2.
3.
8-3
Learning Objectives
4.
5.
6.
8-4
Introduction
During his fifth month at Northwest
Industries, Jason Scott is assigned to
audit Seattle Paper Products (SPP).
Jasons task is to review randomly
selected payable transactions, track
down all supporting documents, and
verify that all transactions have been
properly authorized.
8-5
Introduction
Jason is satisfied that many of the
transactions are valid and accurate.
However, some transactions involve the
purchase of services from Pacific Electric.
These transactions were processed on
the basis of vendor invoices approved by
management.
Five of these invoices bear the initials
JLC.
8-6
Introduction
JLC is Jack Carlton, the general
supervisor.
Carlton denies initialing the invoices,
and claims he has never heard of
Pacific Electric.
What questions does Jason have?
Is
8-7
Introduction
If
8-8
Learning Objective 1
8-9
3.
4.
8-10
2.
3.
8-11
Learning Objective 2
8-12
8-13
8-14
Learning Objective 3
8-15
Availability
Availability
Minimizing
Systems Downtime
Preventive maintenance
UPS
Fault tolerance
Disaster Recovery Plan
Minimize the extent of disruption, damage, and
loss
Temporarily establish an alternative means of
processing information
Resume normal operations as soon as possible
8-16
Availability
Disaster Recovery, continued
Train and familiarize personnel with emergency
operations
Priorities for the recovery process
Insurance
Backup data and program files
Electronic vaulting
Grandfather-father-son concept
Rollback procedures
Specific assignments
Backup computer and telecommunication facilities
Periodic testing and revision
Complete documentation
2003 Prentice Hall Business
Publishing,
8-17
Learning Objective 4
8-18
8-19
8-20
Systems administration
Network management
Security management
Change management
Users
Systems analysis
Programming
Computer operations
Information system library
Data control
2003 Prentice Hall Business
Publishing,
8-21
8-22
8-23
passwords
physical possession identification
biometric identification
compatibility tests
2003 Prentice Hall Business
Publishing,
8-24
8-25
8-26
8-27
passwords
encryption technology
routing verification procedures
2003 Prentice Hall Business
Publishing,
8-28
8-29
Learning Objective 5
8-30
Maintainability
8-31
Master Plan
Project Controls
Data Processing Schedule
System Performance Measurements
Postimplementation Review
2003 Prentice Hall Business
Publishing,
8-32
Change Management
Controls
8-33
Change Management
Controls, continued
8-34
Change Management
Controls, continued
8-35
Learning Objective 6
8-36
Integrity
8-37
Integrity:
Source Data Controls
Companies must establish control
procedures to ensure that all source
documents are authorized, accurate ,
complete and properly accounted for,
and entered into the system or sent ot
their intended destination in a timely
manner.
Source data controls include:
2003 Prentice Hall Business
Publishing,
8-38
Integrity:
Source Data Controls
Forms design
Prenumbered forms sequence test
Turnaround documents
Cancellation and storage of documents
Authorization and segregation of duties
Visual scanning
Check digit verification
Key verification
2003 Prentice Hall Business
Publishing,
8-39
Integrity:
Input Validation Routines
Input validation routines are programs the check
the integrity of input data. They include:
Sequence check
Limit check
Field check
Range check
Sign check
Reasonableness test
Validity check
Capacity check
2003 Prentice Hall Business
Publishing,
8-40
Integrity:
On-line Data Entry Controls
The goal of on-line data entry control is
to ensure the integrity of transaction
data entered from on-line terminals
and PCs by minimizing errors and
omissions.
They include:
8-41
Integrity:
On-line Data Entry Controls
8-42
8-43
8-44
Output Controls
The data control functions should
review all output for reasonableness
and proper format and should
reconcile corresponding output and
input control totals.
Data control is also responsible for
distributing computer output to the
appropriate user departments.
8-45
Output Controls
Users are responsible for carefully
reviewing the completeness and
accuracy of all computer output that
they receive.
A shredder can be used to destroy
highly confidential data.
8-46
8-47
8-48
8-49
8-50
Case Conclusion
Were Jason and his supervisor able to
identify the source of the fictitious
invoices? No.
They asked the police to identify the
owner of the Pacific Electric bank
account. What did the police
discover? Patricia Simpson, a data
entry clerk at SPP, was the owner of
the account.
8-51
End of Chapter 8
8-52
8-53