C
HAPTER 8
Information Systems Controls
for System Reliability
Part 2: Confidentiality, Privacy,
Processing Integrity, and
Availability
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
1 of 136
INTRODUCTION
• Questions to be addressed in this chapter
include:
– What controls are used to protect the confidentiality of
sensitive information?
– What controls are designed to protect privacy of
customers’ personal information?
– What controls ensure processing integrity?
– How are information systems changes controlled to
ensure that the new system satisfies all five principles
of systems reliability?
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
2 of 136
INTRODUCTION
• Reliable systems satisfy
five principles:
AVAILABILITY
PROCESSING INTEGRITY
PRIVACY
CONFIDENTIALITY
SYSTEMS
RELIABILITY
– Information Security
(discussed in Chapter 7)
– Confidentiality
– Privacy
– Processing integrity
– Availability
SECURITY
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
3 of 136
CONFIDENTIALITY
AVAILABILITY
PROCESSING INTEGRITY
PRIVACY
CONFIDENTIALITY
SYSTEMS
RELIABILITY
 Reliable systems
maintain the
confidentiality of
sensitive information.
SECURITY
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
4 of 136
CONFIDENTIALITY
 Table 8-1 in your textbook summaries key
controls to protect confidentiality of information:
Situation
Storage
Controls
Encryption and access controls
Transmission
Disposal
Encryption
Shredding, thorough erasure, physical
destruction
Overall
Categorization to reflect value and training
in proper work practices
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
5 of 136
CONFIDENTIALITY
• Encryption is a fundamental control procedure
for protecting the confidentiality of sensitive
information.
• Confidential information should be encrypted:
– While stored
– Whenever transmitted
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
6 of 136
CONFIDENTIALITY
• The Internet provides inexpensive transmission,
but data is easily intercepted.
• Encryption solves the interception issue.
• If data is encrypted before sending it, a virtual
private network (VPN) is created.
– Provides the functionality of a privately owned
network
– But uses the Internet
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
7 of 136
CONFIDENTIALITY
• It is critical to encrypt any sensitive information
stored in devices that are easily lost or stolen,
such as laptops, PDAs, cell phones, and other
portable devices.
– Many organizations have policies against storing
sensitive information on these devices.
– 81% of users admit they do so anyway.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
8 of 136
CONFIDENTIALITY
• Encryption alone is not sufficient to protect
confidentiality. Given enough time, many encryption
schemes can be broken.
• Access controls are also needed:
– To prevent unauthorized parties from obtaining the encrypted
data; and
– Because not all confidential information can be encrypted in
storage.
• Strong authentication techniques are necessary.
• Strong authorization controls should be used to limit the
actions (read, write, change, delete, copy, etc.) that
authorized users can perform when accessing
confidential information.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
9 of 136
CONFIDENTIALITY
• Access to system outputs should also be controlled:
– Do not allow visitors to roam through buildings unsupervised.
– Require employees to log out of any application before leaving
their workstation unattended, so other employees do not have
unauthorized access.
– Workstations should use password-protected screen savers that
automatically engage when there is no activity for a specified
period.
– Access should be restricted to rooms housing printers and fax
machines.
– Reports should be coded to reflect the importance of the
information therein, and employees should be trained not to
leave reports with sensitive information laying in plain view.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
10 of 136
CONFIDENTIALITY
• Special procedures are needed for information stored on
magnet and optical media.
– Using built-in operating system commands to delete the
information does not truly delete it, and utility programs will often
be able to recover these files.
– De-fragmenting a disk may actually create multiple copies of a
“deleted” document.
– Consequently, special software should be used to “wipe” the
media clean by repeatedly overwriting the disk with random
patterns of data (sometimes referred to as “shredding” a disk).
– Magnetic disks and tapes can be run through devices to
demagnetize them.
– The safest alternative may be to physically destroy disks with
highly sensitive data.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
11 of 136
CONFIDENTIALITY
• Phone conversations have also been affected by
technology.
• The use of voice-over-the-Internet (VoIP)
technology means that phone conversations are
routed in packets over the Internet.
– Because this technology makes wiretapping much
easier, conversations about sensitive topics should be
encrypted.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
12 of 136
CONFIDENTIALITY
• Employee use of email and instant messaging
(IM) probably represents two of the greatest
threats to the confidentiality of sensitive
information.
– It is virtually impossible to control its distribution once
held by the recipient.
– Organizations need to develop comprehensive
policies governing the appropriate and allowable use
of these technologies for business purposes.
– Employees need to be trained on what type of
information they can and cannot share, especially
with IM.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
13 of 136
CONFIDENTIALITY
• Many organizations are taking steps to address
the confidentiality threats created by email and
IM.
– One response is to mandate encryption of all email
with sensitive information.
– Some organizations prohibit use of freeware IM
products and purchase commercial products with
security features, including encryption.
– Users sending emails must be trained to be very
careful about the identity of their addressee.
• EXAMPLE: The organization may have two employees
named Allen Smith. It’s critical that sensitive information go to
the correct Allen Smith.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
14 of 136
PRIVACY
AVAILABILITY
PROCESSING INTEGRITY
PRIVACY
CONFIDENTIALITY
SYSTEMS
RELIABILITY
• In the Trust Services
framework, the privacy
principle is closely related to
the confidentiality principle.
• Primary difference is that
privacy focuses on protecting
personal information about
customers rather than
organizational data.
• Key controls for privacy are
the same that were
previously listed for
confidentiality.
SECURITY
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
15 of 136
PROCESSING INTEGRITY
• COBIT control objective
SECURITY
© 2008 Prentice Hall Business Publishing
AVAILABILITY
PROCESSING INTEGRITY
PRIVACY
CONFIDENTIALITY
SYSTEMS
RELIABILITY
DS 11.1 addresses the
need for controls over the
input, processing, and
output of data.
• Identifies six categories of
controls that can be used
to satisfy that objective.
• Six categories are grouped
into three for discussion.
Accounting Information Systems, 11/e
Romney/Steinbart
16 of 136
PROCESSING INTEGRITY
• Three categories/groups of integrity
controls are designed to meet the
preceding objectives:
– Input controls
– Processing controls
– Output controls
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
17 of 136
PROCESSING INTEGRITY
• Three categories of integrity controls are
designed to meet the preceding
objectives:
– Input Controls
– Processing controls
– Output controls
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
18 of 136
PROCESSING INTEGRITY
• Input Controls
– If the data entered into a system is inaccurate or
incomplete, the output will be, too. (Garbage in 
garbage out.)
– Companies must establish control procedures to
ensure that all source documents are authorized,
accurate, complete, properly accounted for, and
entered into the system or sent to their intended
destination in a timely manner.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
19 of 136
PROCESSING INTEGRITY
• The following input controls regulate integrity of
input:
– Forms design
• Source documents and other forms should be
designed to help ensure that errors and omissions
are minimized (Chapter 18).
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
20 of 136
PROCESSING INTEGRITY
• The following input controls regulate integrity of
input:
– Forms design
• Pre-numbered forms sequence test
• Pre-numbering helps verify that no items are
missing.
• When sequentially pre-numbered input
documents are used, the system should be
programmed to identify and report missing or
duplicate form numbers.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
21 of 136
PROCESSING INTEGRITY
• The following input controls regulate integrity of
input:
– Forms design
– Pre-numbered forms sequence test
• Turnaround documents
• Documents sent to external parties that are prepared
in machine-readable form to facilitate their
subsequent processing as input records.
• Example: the stub that is returned by a customer
when paying a utility bill.
• Are more accurate than manually-prepared input
records.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
22 of 136
PROCESSING
INTEGRITY
• Documents that have been
entered should be
•
canceled
– Paper documents are stamped “paid” or
The following
inputdefaced
controls regulate integrity of
otherwise
input: – A flag field is set on electronic documents.
• Canceling
– Forms
design documents does not mean destroying
documents.
• Pre-numbered forms sequence test
• They should be retained as long as needed to satisfy
• Turnaround documents
legal and regulatory requirements.
– Cancellation and storage of documents
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
23 of 136
PROCESSING INTEGRITY
• The following input controls regulate integrity of
input:
– Forms design
• Pre-numbered forms sequence test
• Turnaround documents
– Cancellation and storage of documents
– Authorization and segregation of duties
• Source documents should be prepared only by
authorized personnel acting within their authority.
• Employees who authorize documents should not be
assigned incompatible functions.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
24 of 136
PROCESSING INTEGRITY
• The following input controls regulate integrity of
input:
–
–
–
–
–
–
Forms design
Pre-numbered forms sequence test
Turnaround documents
Cancellation and storage of documents
Authorization and segregation of duties
Visual scanning
• Documents should be scanned for reasonableness
and propriety.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
25 of 136
PROCESSING INTEGRITY
• The following input controls regulate integrity of
input:
–
–
–
–
–
–
–
–
Forms design
Pre-numbered forms sequence test
Turnaround documents
Cancellation and storage of documents
Authorization and segregation of duties
Visual scanning
Check digit verification
RFID security
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
26 of 136
PROCESSING INTEGRITY
• Five categories of integrity controls are
designed to meet the preceding
objectives:
– Input controls
• Data entry controls
– Processing controls
– Output controls
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
27 of 136
PROCESSING INTEGRITY
• Once data is collected, data entry control procedures are
needed to ensure that it’s entered correctly. Common
tests to validate input include:
– Field check
• Determines if the characters in a field are of the
proper type.
• Example: The characters in a social security field
should all be numeric.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
28 of 136
PROCESSING INTEGRITY
• Once data is collected, data entry control procedures are
needed to ensure that it’s entered correctly. Common
tests to validate input include:
– Field check
– Sign check
• Determines if the data in a field have the appropriate
arithmetic sign.
• Example: The number of hours a student is enrolled
in during a semester could not be a negative number.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
29 of 136
PROCESSING INTEGRITY
• Once data is collected, data entry control procedures are
needed to ensure that it’s entered correctly. Common
tests to validate input include:
– Field check
– Sign check
– Limit check
• Tests whether an amount exceeds a predetermined
value.
• Example: A university might use a limit check to
make sure that the hours a student is enrolled in do
not exceed 21.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
30 of 136
PROCESSING INTEGRITY
• Once data is collected, data entry control procedures are
needed to ensure that it’s entered correctly. Common
tests to validate input include:
–
–
–
–
Field check
Sign check
Limit check
Range check
• Similar to a field check, but it checks both ends of a
range.
• Example: Perhaps a wage rate is checked to ensure
that it does not exceed $15 and is not lower than the
minimum wage rate.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
31 of 136
PROCESSING INTEGRITY
• Once data is collected, data entry control procedures are
needed to ensure that it’s entered correctly. Common
tests to validate input include:
–
–
–
–
–
Field check
Sign check
Limit check
Range check
Size (or capacity) check
• Ensures that the data will fit into the assigned field.
• Example: A social security number of 10 digits would
not fit in the 9-digit social security field.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
32 of 136
PROCESSING INTEGRITY
• Common tests to validate input include:
–
–
–
–
–
–
Field check
Sign check
Limit check
Range check
Size (or capacity) check
Completeness check
• Determines if all required items have been entered.
• Example: Has the student’s billing address been
entered along with enrollment details?
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
33 of 136
PROCESSING INTEGRITY
• Once data is collected, data entry control procedures are
needed to ensure that it’s entered correctly. Common
tests to validate input include:
–
–
–
–
–
–
–
Field check
Sign check
Limit check
Range check
Size (or capacity) check
Completeness check
Validity check
• Compares the value entered to a file of acceptable
values.
• Example: Does the state code entered for an address
match one of the 50 valid state codes?
© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart
34 of 136
PROCESSING INTEGRITY
• Once data is collected, data entry control procedures are
needed to ensure that it’s entered correctly. Common
tests to validate input include:
–
–
–
–
–
–
–
–
Field check
Sign check
Limit check
Range
• check
Determines whether a logical relationship seems to
Size (or be
capacity)
check
correct.
Completeness
check
• Example:
A freshman with annual financial aid of
$60,000 is probably not reasonable.
Validity check
Reasonableness test
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
35 of 136
PROCESSING INTEGRITY
• Once data is collected, data entry control procedures are
• An additional digit called a check digit can be
needed toappended
ensure that
it’s entered correctly. Common
to account numbers, policy numbers, ID
tests to validate
input
numbers,
etc.include:
–
–
–
–
–
–
–
–
–
Field •check
Data entry devices then perform check digit
Sign check
verification by using the original digits in the number
to recalculate the check digit.
Limit check
• check
If the recalculated check digit does not match the
Range
recorded
Size (or digit
capacity)
checkon the source document, that result
suggests that an error was made in recording or
Completeness check
entering the number.
Validity check
Reasonableness test
Check digit verification
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
36 of 136
PROCESSING INTEGRITY
• The preceding tests are used for batch
processing and online real-time
processing.
• Both processing approaches also have
some additional controls that are unique to
each approach.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
37 of 136
PROCESSING INTEGRITY
• Additional Batch Processing Data Entry
Controls
– In addition to the preceding controls, when
using batch processing, the following data
entry controls should be incorporated.
• Sequence check
• Tests whether the data is in the proper numerical or
alphabetical sequence.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
38 of 136
PROCESSING
INTEGRITY
• Records information about data input or processing
errors (when they occurred, cause, when they were
corrected and resubmitted).
• Errors should be investigated, corrected, and
resubmitted on a timely basis (usually with the next
Controls
batch) and subjected to the same input validation
– In addition
to the preceding controls, when
routines.
• batch
The log processing,
should be reviewed
ensure
using
the periodically
following to
data
that all errors
have been
corrected and then used to
entry controls
should
be incorporated.
prepare an error report, summarizing errors by record
• Sequence
check
type, error
type, cause, and disposition.
• Additional Batch Processing Data Entry
• Error log
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
39 of 136
PROCESSING
INTEGRITY
• Summarize key values for a batch of input records.
Commonly used batch totals include:
– Financial totals—sums of fields that contain dollar
values, such as total sales.
Controls– Hash totals—sums of nonfinancial fields, such as
the sum of all social security numbers of
– In addition
to the preceding
employees
being paid. controls, when
using batch
processing,
the
following
data
– Record
count—count
of the
number of
records in
a batch.
entry controls
should be incorporated.
• These batch totals are calculated and recorded when
• Sequence
check
data is entered and used later to verify that all input
• Errorwas
log processed correctly.
• Additional Batch Processing Data Entry
• Batch totals
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
40 of 136
PROCESSING INTEGRITY
• Additional online data entry controls
– Online processing data entry controls include:
• Automatic entry of data
• Whenever possible, the system should automatically
enter transaction data, such as next available
document number or new ID number.
• Saves keying time and reduces errors.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
41 of 136
PROCESSING INTEGRITY
• Additional online data entry controls
– Online processing data entry controls include:
• Automatic entry of data
• Prompting
• System requests each input item and waits for an
acceptable response.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
42 of 136
PROCESSING INTEGRITY
• Additional online data entry controls
– Online processing data entry controls include:
• Automatic entry of data
• Prompting
• Pre-formatting
• Fields that need to be completed are highlighted.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
43 of 136
PROCESSING INTEGRITY
• Additional online data entry controls
– Online processing data entry controls include:
•
•
•
•
Automatic entry of data
Prompting
Pre-formatting
Closed-loop verification
• Checks accuracy of input data by retrieving related
information.
• Example: When a customer’s account number is
entered, the associated customer’s name is displayed
on the screen so the user can verify that entries are
being made for the correct account.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
44 of 136
• Maintains a detailed record of all transaction data,
including:
– A unique transaction identifier
– Date and time of entry
– Terminal from which entry is made
– Transmission line
Online processing
data entry controls include:
– Operator identification
• Automatic
entry of in
data
– Sequence
which transaction is entered
• The log can be used to reconstruct a file that is
• Prompting
damaged or can be used to ensure transactions are
• Pre-formatting
not lost or entered twice if a malfunction shuts down
the system.
• Closed-loop
verification
PROCESSING INTEGRITY
• Additional online data entry controls
–
• Transaction logs
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
45 of 136
PROCESSING INTEGRITY
• Additional online data entry controls
– Online processing data entry controls include:
•
•
•
•
•
•
Automatic entry of data
Prompting
Pre-formatting
Closed-loop verification
Transaction logs
Error messages
• Should indicate when an error occurred, which item,
and how it should be corrected.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
46 of 136
PROCESSING INTEGRITY
• Three categories of integrity controls are
designed to meet the preceding
objectives:
– input controls
– Processing controls
– Output controls
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
47 of 136
PROCESSING INTEGRITY
• Processing Controls
– Processing controls to ensure that data is
processed correctly include:
• Data matching
• Two or more items must match before processing
can proceed.
• Example: The quantity billed on the vendor invoice
must match the quantity ordered on the purchase
order and the quantity received on the receiving
report.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
48 of 136
PROCESSING INTEGRITY
• Processing Controls
– Processing controls to ensure that data is
processed correctly include:
• Data matching
• File labels
• External labels should be checked visually to ensure the correct and
most current files are being updated.
• There are also two important types of internal labels to be checked.
– The header record, located at the beginning of each file, contains
the file name, expiration date, and other identification data.
– The trailer record at the end of the file contains the batch totals
calculated during input.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
49 of 136
• Batch totals should be recomputed as processing takes place.
• These totals should be compared to the totals in the trailer record.
• Discrepancies indicate processing errors, such as:
– If the recomputed record count is smaller than the original count,
one or more records were not processed.
– If the recomputed record count is larger than the original, then
unauthorized
transactions
were
processed
–additional
Processing
controls
to ensure
that
data isor some
authorized transactions were processed twice.
processed correctly include:
– If the discrepancy between totals is evenly divisible by 9, there
• Data
matching
was
probably
a transposition error (two adjacent digits were
reversed).
• File labels
PROCESSING INTEGRITY
• Processing Controls
• Recalculation of batch totals
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
50 of 136
PROCESSING INTEGRITY
• Processing Controls
– Processing controls to ensure that data is
processed correctly include:
•
•
•
•
Data matching
File labels
Recalculation of batch totals
Cross-footing balance test
• Compares arithmetic results produced by two different
methods to verify accuracy.
• EXAMPLE: Compute the sum of column totals in a
spreadsheet and compare it to a sum of the row totals.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
51 of 136
PROCESSING INTEGRITY
• Processing Controls
– Processing controls to ensure that data is
processed correctly include:
•
•
•
•
•
Data matching
File labels
Recalculation of batch totals
Cross-footing balance test
Write-protection mechanisms
• Protect against accidental writing over or erasing of
data files but are not foolproof.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
52 of 136
PROCESSING INTEGRITY
• Processing Controls
– Processing controls to ensure that data is
processed correctly include:
••
•
•
•
•
•
•
Data
Manymatching
businesses are replacing bar codes and manual
tagslabels
with radio frequency identification (RFID) tags
File
that can store up to 128 bytes of data.
Recalculation of batch totals
These tags should be write-protected so that
Cross-footing
balance test
unscrupulous customers
cannot change price
information on merchandise.
Write-protection
mechanisms
RFID security
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
53 of 136
PROCESSING INTEGRITY
• Database systems use database administrators, data
dictionaries, and concurrent update controls to
ensure controls
processingto
integrity.
Processing
ensure that data is
• The administrator establishes and enforces
processed
correctly
include:
procedures for accessing and updating the database.
• Data
matching
• The
data dictionary ensures that data items are
defined and used consistently.
• File labels
• Concurrent update controls protect records from
• Recalculation
of batch totals
being updated by two users simultaneously.
• Cross-footing
balance
testuntil the other has finished
– Locks one
user out
processing.
• Write-protection
mechanisms
• Processing Controls
–
• Database processing integrity procedures
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
54 of 136
PROCESSING INTEGRITY
• Three categories of integrity controls are
designed to meet the preceding
objectives:
– Input controls
– Processing controls
– Output controls
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
55 of 136
PROCESSING INTEGRITY
• Output Controls
– Careful checking of system output
provides additional control over
processing integrity.
– Output controls include:
• User review of output
• Users carefully examine output for reasonableness,
completeness, and to assure they are the intended
recipient.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
56 of 136
PROCESSING INTEGRITY
• Output Controls
– Careful checking of system output
provides additional control over
• Periodically, all transactions and other system updates
processing
integrity.
should be reconciled to control reports, file
status/update
or other control mechanisms.
– Output
controlsreports,
include:
• Control accounts should also be reconciled to
User
reviewaccount
of output
subsidiary
totals.
•
• Reconciliation procedures
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
57 of 136
PROCESSING INTEGRITY
• Output Controls
– Careful checking of system output
provides additional control over
processing integrity.
• Database totals should periodically be reconciled with data
– Output
controls
maintained
outsideinclude:
the system.
•
EXAMPLE: Compare number of employee records in the
• User
review
of output
payroll
file to number
in the human resources file. (Excess
records in payroll suggests a “ghost” employee.)
• Reconciliation
procedures
• External data reconciliation
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
58 of 136
AVAILABILITY
AVAILABILITY
PROCESSING INTEGRITY
PRIVACY
CONFIDENTIALITY
SYSTEMS
RELIABILITY
• Reliable systems are available
for use whenever needed.
• Threats to system availability
originate from many sources,
including:
–
–
–
–
–
Hardware and software failures
Natural and man-made disasters
Human error
Worms and viruses
Denial-of-service attacks and
other sabotage
SECURITY
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
59 of 136
AVAILABILITY
• Proper controls can minimize the risk of
significant system downtime caused by the
preceding threats.
• It is impossible to totally eliminate all
threats.
• Consequently, organizations must develop
disaster recovery and business continuity
plans to enable them to quickly resume
normal operations after such an event.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
60 of 136
AVAILABILITY
– COBIT control objective DS 13.5 identifies the
need for preventive maintenance. Examples:
• Cleaning disk drivers
• Properly storing magnetic and optical media
– Use of redundant components can provide
fault tolerance, which enables the system to
continue functioning despite failure of a
component. Examples of redundant
• components:
Surge protection devices provide protection
against temporary power fluctuations.
• Dual processors
• Arrays of multiple hard drives.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
61 of 136
AVAILABILITY
• COBIT control objectives DS 12.1 and 12.4
address the importance of proper location and
design of rooms housing mission-critical servers
and databases.
– Raised floors protect from flood damage.
– Fire protection and suppression devices reduce
likelihood of fire damage.
– Adequate air conditioning reduces likelihood of
damage from over-heating or humidity.
– Cables with special plugs that cannot be easily
removed reduce risk of damage due to accidentally
unplugging.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
62 of 136
AVAILABILITY
– An uninterruptible power supply (UPS)
provides protection from a prolonged power
outage and buys the system enough time to
back up critical data and shut down safely.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
63 of 136
AVAILABILITY
• Training is especially important.
– Well-trained operators are less likely to make
mistakes and more able to recover if they do.
– Security awareness training, particularly concerning
safe email and Web-browsing practices, can reduce
risk of virus and worm infection.
• Anti-virus software should be installed, run, and
• Ccurrent.
OBIT control objective DS 13.1 stresses the
kept
importance of defining and documenting
• Email should be scanned for viruses at both the
operational procedures and ensuring that
server
and desktop levels.
operations staff understand their
• Newly
acquired software and disks, CDs, or
responsibilities.
DVDs should be scanned and tested first on a
machine that is isolated from the main network.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
64 of 136
AVAILABILITY
• Disaster Recovery and Business
Continuity Planning
– Disaster recovery and business continuity
plans are essential if an organization hopes to
survive a major catastrophe.
–•Being
without
an IS for
even
a short which
period of
Experience
suggests
that
companies
experience
major
disaster resulting
in loss
of
time
can be aquite
costly—some
report
as high
of atheir
information
system
for more than a
asuse
half
million
dollars per
hour.
fewmany
days large
have aU.S.
greater
than 50%do
chance
of
– Yet
companies
not have
going outdisaster
of business.
adequate
recovery and business
continuity plans.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
65 of 136
AVAILABILITY
• The objectives of a disaster recovery and
business continuity plan are to:
– Minimize the extent of the disruption, damage,
and loss
– Temporarily establish an alternative means of
processing information
– Resume normal operations as soon as
possible
– Train and familiarize personnel with
emergency operations
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
66 of 136
AVAILABILITY
• Key components of effective disaster
recovery and business continuity plans
include:
– Data backup procedures
– Provisions for access to replacement
infrastructure (equipment, facilities, phone
lines, etc.)
– Thorough documentation
– Periodic testing
– Adequate insurance
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
67 of 136
AVAILABILITY
• Key components of effective disaster
recovery and business continuity plans
include:
– Data backup procedures
– Provisions for access to replacement
infrastructure (equipment, facilities, phone
lines, etc.)
– Thorough documentation
– Periodic testing
– Adequate insurance
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
68 of 136
AVAILABILITY
• Data Backup Procedures
– Data need to be backed up regularly and
frequently.
– A backup is an exact copy of the most current
version of a database. It is intended for use in
the event of a hardware or software failure.
– The process of installing the backup copy for
use is called restoration.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
69 of 136
AVAILABILITY
• Several different backup procedures exist.
– A full backup is an exact copy of the data
recorded on another physical media (tape,
magnetic disk, CD, DVD, etc.)
– Restoration involves bringing the backup copy
online.
– Full backups are time consuming, so most
organizations:
• Do full backups weekly
• Supplement with daily partial backups.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
70 of 136
AVAILABILITY
• Two types of partial backups are
possible:
– Incremental backup
• Involves copying only the data items that have
changed since the last backup.
• Produces a set of incremental backup files, each
containing the results of one day’s transactions.
• Restoration:
– First load the last full backup.
– Then install each subsequent incremental
backup in the proper sequence.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
71 of 136
AVAILABILITY
• Two types of partial backups are
possible:
– Incremental backup
– Differential backup
• All changes made since the last full backup are copied.
• Each new differential backup file contains the cumulative
effects of all activity since the last full backup.
• Will normally take longer to do the backup than when
incremental backup is used.
• Restoration:
– First load the last full backup.
– Then install the most recent differential backup file.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
72 of 136
AVAILABILITY
• Whichever backup procedure is used,
multiple backup copies should be created:
– One can be stored on-site for use in minor
incidents.
(maintaining
two copies
the database
at two
–• AtMirroring
least one
additional
copy ofshould
be stored
separate data centers) is an alternative to these traditional
off-site
to be safe should a disaster occur
backup methods. Mirroring is used by financial institutions
and airlines, that cannot afford to lose transactions.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
73 of 136
AVAILABILITY
• The offsite copies can be transported to
remote storage physically or electronically.
– The same security controls should apply as to
original copies.
• Sensitive data should be encrypted in storage and
during transmission.
• Access to the backup files should be carefully
controlled and monitored.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
74 of 136
AVAILABILITY
• • Tape
or disk?are
Diskretained
backup is faster
and disks
are less
easily
Backups
for only
a fixed
period
oflost.
Tape, however, is cheaper, easier to transport, and more durable.
time.
Many organizations use both. Data is first backed up to disk, for
and then transferred
Archives aremaster
usually stored
• speed,
An archive
is a copytooftape.
a database,
file, on
tape.
or software that will be retained indefinitely as an
historical record, usually to satisfy legal and
regulatory requirements.
• Multiple copies of archives should be made and
stored in different locations.
• Appropriate security controls should also be
applied to these files.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
75 of 136
AVAILABILITY
• Key components of effective disaster
recovery and business continuity plans
include:
– Data backup procedures
– Provisions for access to replacement
infrastructure (equipment, facilities, phone
lines, etc.)
– Thorough documentation
– Periodic testing
– Adequate insurance
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
76 of 136
AVAILABILITY
• Infrastructure Replacement
– Major disasters can totally destroy an organization’s
information processing center or make it inaccessible.
– A key component of disaster recovery and business
continuity plans incorporates provisions for replacing
• How the
much
time can the
organization
afford to be without
its
necessary
computing
infrastructure,
including:
information
system? The recovery time objective (RTO) represents
• Computers
the time
following
a disaster
byaccess
which the organization’s information
• Network
equipment
and
system must be available again .
• Telephone lines
• Office equipment
• Supplies
– It may even be necessary to hire temporary staff.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
77 of 136
• The least expensive approach.
• The organization enters into an agreement with another organization
that uses similar equipment to have temporary access to and use of
their information system resources in the event of a disaster.
• Effective solutions for disasters of limited duration and magnitude,
especially for small organizations.
• Not optimal in major disasters as:
– The host organization may also be affected.
– The host also needs the resources.
AVAILABILITY
• Organizations have three basic
options for replacing computer and
networking equipment.
– Reciprocal agreements
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
78 of 136
AVAILABILITY
• Organizations have three basic
options for replacing computer and
networking equipment.
– Reciprocal agreements
– Cold sites
• An empty building is purchased or leased and pre-wired for
necessary telephone and Internet access.
• Contracts are created with vendors to provide all necessary
computer and office equipment within a specified period of time.
• Still leaves the organization without use of the IS for a period of time.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
79 of 136
AVAILABILITY
• Organizations have three basic
options for replacing computer and
networking equipment.
• Most expensive solution but used by organizations like financial
institutions and airlines which cannot survive any appreciable time
without there IS.
• The hot site is a facility that is pre-wired for phone and Internet (like
the cold site) but also contains the essential computing and office
equipment.
• It is a backup infrastructure designed to provide fault tolerance in
Cold
the–event
of asites
major disaster.
– Reciprocal agreements
– Hot sites
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
80 of 136
AVAILABILITY
• Key components of effective disaster
recovery and business continuity plans
include:
– Data backup procedures
– Provisions for access to replacement
infrastructure (equipment, facilities, phone
lines, etc.)
– Thorough documentation
– Periodic testing
– Adequate insurance
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
81 of 136
AVAILABILITY
• Documentation
– An important and often overlooked component.
Should include:
• The disaster recovery plan itself, including instructions for
notifying appropriate staff and the steps to resume operation,
needs to be well documented.
• Assignment of responsibility for the various activities.
• Vendor documentation of hardware and software.
• Documentation of modifications made to the default
configuration (so replacement will have the same
functionality).
• Detailed operating instructions.
– Copies of all documentation should be stored both
on-site and off-site.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
82 of 136
AVAILABILITY
• Key components of effective disaster
recovery and business continuity plans
include:
– Data backup procedures
– Provisions for access to replacement
infrastructure (equipment, facilities, phone
lines, etc.)
– Thorough documentation
– Periodic testing
– Adequate insurance
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
83 of 136
AVAILABILITY
• Testing
– Periodic testing and revision is probably the
most important component of effective
disaster recovery and business continuity
plans.
• Most plans fail their initial test, because it’s
impossible to anticipate everything that could go
wrong.
• The time to discover these problems is before the
actual emergency and in a setting where the
weaknesses can be carefully analyzed and
appropriate changes made.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
84 of 136
AVAILABILITY
• Plans should be tested on at least an
annual basis to ensure they reflect recent
changes in equipment and procedures.
– Important to test procedures involved in
executing reciprocal agreements or hot or
cold sites.
– Backup restoration procedures also require
practice.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
85 of 136
AVAILABILITY
• Key components of effective disaster
recovery and business continuity plans
include:
– Data backup procedures
– Provisions for access to replacement
infrastructure (equipment, facilities, phone
lines, etc.)
– Thorough documentation
– Periodic testing
– Adequate insurance
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
86 of 136
AVAILABILITY
• Insurance
– Organizations should acquire adequate
insurance coverage to defray part or all of the
expenses associated with implementing their
disaster recovery and business continuity
plans.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
87 of 136
CHANGE MANAGEMENT CONTROLS
• Organizations constantly modify their information
systems to reflect new business practices and to take
advantage of advances in IT.
• Controls are needed to ensure such changes don’t
negatively impact reliability.
• Existing controls related to security, confidentiality,
privacy, processing integrity, and availability should be
modified to maintain their effectiveness after the change.
• Change management controls need to ensure adequate
segregation of duties is maintained in light of the
modifications to the organizational structure and
adoption of new software.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
88 of 136
CHANGE MANAGEMENT CONTROLS
• Important change management controls include:
– All change requests should be documented in a
standard format that identifies:
• Nature of the change
• Reason for the change
• Date of the request
– All changes should be approved by appropriate levels
of management.
• Approvals should be clearly documented to provide an audit
trail.
• Management should consult with the CSO and other IT
managers about impact of the change on reliability.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
89 of 136
CHANGE MANAGEMENT CONTROLS
– Changes should be thoroughly tested prior to
• When changing systems, data from old files and
implementation.
are entered
new data
• databases
Includes assessing
effectinto
of change
on structures.
all five principles of
systems reliability.
• Conversion
controls help ensure that the new data
• storage
Should occur
in are
a separate,
non-production environment.
media
free of errors.
– All
documentation
(program
system
• Old
and new systems
shouldinstructions,
be run in parallel
at
descriptions,
backup
and
disastertorecovery
least once and
results
compared
identify plans)
should
be updated to reflect authorized changes to
discrepancies.
the system.
• Internal auditors should review data conversion
– “Emergency”
changes or deviations from policy must
processes for accuracy.
be documented and subjected to a formal review and
approval process as soon after implementation as
practicable. All such actions should be logged to
provide an audit trail.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
90 of 136
CHANGE MANAGEMENT CONTROLS
– “Backout” plans should be developed for
reverting to the previous configuration if the
approved changes need to be interrupted or
aborted.
– User rights and privileges should be carefully
monitored during the change process to
ensure proper segregation of duties.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
91 of 136
CHANGE MANAGEMENT CONTROLS
• The most important change management control
is adequate monitoring and review by top
management to ensure that the changes are
consistent with the entity’s multiyear strategic
plan.
• Objective: Be sure the system continues to
effectively support the organization’s strategy.
• Steering committees are often created to
perform this function.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
92 of 136
SUMMARY
• In this chapter, you’ve learned about the
controls used to protect the confidentiality
of sensitive information and the controls
used to protect the privacy of customer
information.
• You’ve also learned about controls that
help ensure processing integrity.
• Finally, you’ve learned about controls to
ensure that the system is available when
needed.
© 2008 Prentice Hall Business Publishing
Accounting Information Systems, 11/e
Romney/Steinbart
93 of 136