Upload File

ch 09 revised

prev
next
out of 19
Download Ch 09 Revised

Upload: jacquilam

Post on 03-Jun-2018

220 views

Category:

Documents


0 download

Report

TRANSCRIPT

  • 8/12/2019 Ch 09 Revised

    1/19

    Controlling

    Information

    Systems:

    Business Process

    Controls

  • 8/12/2019 Ch 09 Revised

    2/19

    Learning Objectives Understand steps in control

    framework

    Know how to prepare controlmatrix

    Comprehend the generic

    business process control plansintroduced in this chapter

    Be able to describe how thebusiness process controlsaccomplish control goals

    Appreciate the importance ofcontrols to organizations withenterprise systems

    Appreciate the importance ofcontrols to organizationsengaging in e-Business

    BusinessProcess

    Controls

  • 8/12/2019 Ch 09 Revised

    3/19

    3

    The Control Matrix

    The control matrix is a tool designed to

    assist you in analyzing a systems

    flowchart and related narrative. It establishes the criteria to be used in

    evaluating the controls in a particular

    business process.

  • 8/12/2019 Ch 09 Revised

    4/19

    4

    Sample

    Control

    Matrix

  • 8/12/2019 Ch 09 Revised

    5/19

    5

    Available Control Plans for Data

    Input 1: Document Designsource document is

    designed to easily complete and key data

    2: Written Approvalssignature or initialsindicating approval of event processing

    3: Preformatted Screensdefinesacceptable format for each data field (e.g.,

    9 numeric characters for SSN) 4: Online Promptingrequests user input

    or asks questions, e.g., message box

  • 8/12/2019 Ch 09 Revised

    6/19

    6

    Available Control Plans for Data

    Input, Contd.

    5: Programmed Edit Checks Automatically performed by data entry programs upon

    entry of data Reasonableness checks (limit checks)tests input for values

    within predetermined limits

    Document/record hash totalscompares computer total tomanually calculated total

    Mathematical accuracy checkscompare calculations

    performed manually to computer calculations, e.g., compareinvoice total to manually entered to computer calculated total

    Check Digit verificationa functionally dependent extra digit isappended to a number; if miskeying occurs, a check digitmismatch occurs and the system rejects the input

  • 8/12/2019 Ch 09 Revised

    7/19

    7

    Available Control Plans for Data Input

    6: Procedures for rejected inputrejected inputs

    are corrected and resubmitted for processing

    7: Keying correctionsclerk corrects inputs

    8: Interactive feedback checkscomputer informs

    clerk that input has been accepted/rejected 9: Record inputrecord is recorded in transaction

    data rather than being re-keyed at another time

    10: Key verificationdata is keyed by two differentindividuals then compared by the computer

  • 8/12/2019 Ch 09 Revised

    8/19

    8

    Recommended Control Plans with

    Master Data

    11: Enter data close to originating source Input data is entered directly and immediately it reduces

    input costs, inputs are less likely to be lost, errors areless likely and can more easily corrected

    Online transaction entry (OLTE), online real-timeprocessing (OLRT), and online transaction processing(OLTP) are all examples of this processing strategy.

    12: Digital signatures Authenticate that the sender of the message has the

    authority to send it and detects messages that havebeen altered in transit

    an application of public key cryptography involving theuse of a private encryption key to sign the datatransmitted

  • 8/12/2019 Ch 09 Revised

    9/19

    9

    Recommended Control Plans with

    Master Data

    13: Populate input with master data User enters an entitys ID code and the system then

    retrieves certain data about that entity from existingmaster data.

    User might be prompted to enter the customer ID (code). By accessing the customer master data, the system

    automatically provides data such as the customersname and address, the salespersons name, and thesales terms.

    This reduces the number of keystrokes required, makingdata entry quicker, more accurate, and more efficient.

    Therefore, the system automatically populates inputfields with existing data

  • 8/12/2019 Ch 09 Revised

    10/19

    10

    Recommended Control Plans with Master Data 14: Compare input data with master datathe system compares inputs with

    standing (master) data to ensure their accuracy and validity

    Input/master data dependency checks

    These edits test whether the contents of two or more data elementsor fields on an event description bear the correct logical relationship.

    For example, input sales events can be tested to determine whetherthe salesperson works in the customers territory.

    If these two items dont match, there is some evidence that thecustomer number or the salesperson identification was input

    erroneously. Input/master data validity and accuracy checks

    These edits test whether master

    data supports the validity and accuracy of the input. For example, thisedit

    might prevent the input of a shipment when no record of acorresponding customer

    order exists. If no match is made, we may have input some dataincorrectly,

    or the shipment might simply be invalid. We might also compareelements

    within the input and master data.

  • 8/12/2019 Ch 09 Revised

    11/19

    11

    Data Entry with Batches

    Data entry with batches involves collectinginputs into work units called batches; batchedinputs are then keyed into system as a batch Implies some delay between the economic event

    and its reflection in the system

    Allows for controls focusing on the batch, e.g.,batch control totals (hash or other totals from

    batch) Batch entry is often followed by an exception and

    summary report

  • 8/12/2019 Ch 09 Revised

    12/19

    12

    Batch Control Plans Batch control procedures start by grouping event data and calculating totals for

    the group: Several different types of batch control totals can be calculated Document/record countsare simple counts of the number of documents entered in a

    batch This procedure represents the minimum level required to control input completeness.

    Because one document could be intentionally replaced with another, this control is noteffective for ensuring input validity and says nothing about input accuracy.

    Item or line counts Counts number of items or lines entered, such as a count of the number of invoices being

    paid by all the customer remittances.

    By reducing the possibility that line items or entire documents could be added to the batch

    or not be input, this control improves input validity, completeness, and accuracy. Remember, a missing event record is a completeness error and a data set missing from an

    event record is an accuracy error.

    Dollar totals Sum of dollar value of items in batch

    By reducing the possibility that entire documents could be added to or lost from the batch orthat dollar amounts were incorrectly input, this control improves input validity,completeness, and accuracy.

    Hash totals Are a summation of any numeric data existing for all documents in the batch, such as a total

    of customer numbers or invoice numbers in the case of remittance advices.

    Unlike dollar totals, hash totals normally serve no purpose other than control.

    Hash totals can be a powerful batch control because they can determine if inputs havebeen altered, added, or deleted.

    These batch hash totals operate for a batch in a manner similar to the operation ofdocument/record hash totals for individual inputs.

  • 8/12/2019 Ch 09 Revised

    13/19

    13

    P-1: use of turnaround

    documents Turnaround documents are used to capture and

    input a subsequent event.

    Picking tickets, inventory count cards, remittance

    advice stubs attached to customer invoices, andpayroll time cards are all examples of turnarounddocuments.

    For example, we have seen picking tickets that are

    printed by the computer, used to pick the goods,and sent to shipping where the bar code on thepicking ticket is scanned to trigger the recording ofthe shipment.

  • 8/12/2019 Ch 09 Revised

    14/19

    14

    P-2: batch totals control Calculation of batch totals ensures that the

    data input arises from legitimate events

    (input validity) and that all events in the

    batch are captured (input completeness).

  • 8/12/2019 Ch 09 Revised

    15/19

    15

    P-3: Reconciliation of Batch Totals

    The manual reconciliation of batch totals control

    plan operates in the following manner:

    a. First, one or more of the batch totals are established

    manually

    b. As individual event descriptions are scanned, the data

    entry program accumulates independent batch totals.

    c. The computer produces reports (or displays) with the

    relevant control totals that must be manually reconciled to

    the totals established prior to the particular process.

    d. The person who reconciles the batch total must determine

    why the totals do not agree and make corrections as

    necessary to ensure the integrity of the input data

  • 8/12/2019 Ch 09 Revised

    16/19

    16

    P-4: Reconcile input and output batch totals

    (agreement of run-to-run totals) This is a variation of the agreement of batch totals controls.

    With agreement of run-to-run totals, totals prepared before acomputer process has begun are compared, manually or by thecomputer, to totals prepared at the completion of the computerprocess.

    These post-process controls are often found on an error andsummary report.

    When totals agree, we have evidence that the input and theupdate took place correctly.

    This control is especially useful when there are several

    intermediate steps between the beginning and the end of theprocess and we want to be assured of the integrity of eachprocess.

  • 8/12/2019 Ch 09 Revised

    17/19

    17

    P-5: use of tickler file and one-for-one checking

    This has two purposes:

    1. One is to ensure that all picking tickets are linked to an associatedpacking slip,

    2. The other is to ensure that all items on related picking tickets andpacking slips match.

    We regularly review a tickler file, to clear items from that file. Tickler files may be digitized reflecting events that need to be completed,

    such as open sales orders, open purchase orders, and so forth. Should tickler file documents remain in the file too long, the person or

    computer monitoring will determine the nature and extent of the delay.

    Picking tickets are compared to their associated packing slipsusing one-for-one checking to determine that they agree.

    Differences may indicate errors in input or update. This procedure provides us detail as to what is incorrect within a batch.

    Being very expensive to perform, one-for-one checking should bereserved for low-volume, high-value events.

  • 8/12/2019 Ch 09 Revised

    18/19

    18

    P-6: Automated Sequence Checks Whenever documents are numbered sequentially, a sequence check can

    be automatically applied to those documents.

    Batch sequence checkswork best when we can control the input process

    and the serial numbers of the input data, such as payroll checks. In a batch sequence check, the event data within a batch are checked as follows:

    a. The range of serial numbers constituting the batch is entered.

    b. Each individual, serially pre-numbered event data is entered.

    c. The computer program sorts the event data into numerical order; checks thedocuments against the sequence number range; and reports missing, duplicate, andout-of-range event data.

    Cumulative sequence check provides input control when the serialnumbers are not entered in sequence (i.e., picking tickets might containbroken sets of numbers). Matching of individual event data (picking ticket #s) is made to a file that contains

    all document numbers (all sales order numbers). Periodically, reports of missing numbers are produced for manual follow-up.

    Reconciling a checkbook is another example of a situation where the checknumbers are issued in sequence.

    However, the bank statement we receive may not contain a complete sequence ofchecks.

    Our check register assists us in performing a cumulative sequence check to make surethat all checks are eventually cleared.

  • 8/12/2019 Ch 09 Revised

    19/19

    19

    P-7: Computer Agreement of Batch Totals

    The computer agreement of batch totals plan works in the

    following manner: a. First, one or more of the batch totals are established manually (i.e., in

    the user department in Figure 9.9).

    b. Then, the manually prepared total is entered into the computer and iswritten to the computer batch control totals data.

    c. As individual event descriptions are entered, a computer programaccumulates independent batch totals and compares these totals to theones prepared manually and entered at the start of the processing.

    d. The computer prepares a report, which usually contains details ofeach batch, together with an indication of whether the totals agreed ordisagreed.

    Batches that do not balance are normally rejected, and discrepancies aremanually investigated and included in a summary report


Ch 01 Revised Financial management by IM Pandey

Ch 03 Revised

Ch 09 Revised (1)

Revised ch. 1 sec. 4

holt chemistry ch 09

09 AMM CH 12

Ch 14 Revised

Decision Making1 Ch-09

RRM Ch 8 - revised-1

Boynton SM Ch.09

Tbp ch 8 revised

Ch 02 the Firm and Its Goals - Revised

BUMEDINST 6600.10A, CH-2, Revised 3 Jan 96

Intro Ch 09 B

Ch 09 Student

Ch 04 Ppt Lecture-revised

CH-148 Shake Crab Reduction revised

Ch 04 Revised

Ch 19 14th Cen Italian Art Revised

Ch 09 Systim Hexagonal

Ch. 5 Revised

09 DGModelingGuidelines Revised

Mbad 5110 - Ch 13 Revised

Ch 17 Revised

Martin if AP 7 Ch 52 Revised

Ch 02 Revised Financial management by IM Pandey

Class IX Maths Notes-09 Ch-2Class IX Maths Notes-09 Ch-2 Author CamScanner Subject Class IX Maths Notes-09 Ch-2

Human Resource Mgmt Ch 2 Revised

Copy of Ch 08 Revised

ch 07 - 09 (1)

Ch 10 Revised

Revised IRR.ra9184 09

Ch 8 top 10 questions (Revised)

Savitch Ch 09

CNI5e Ch 09