information systems development mis331
Post on 31-Dec-2015
24 Views
Preview:
DESCRIPTION
TRANSCRIPT
04/19/23 MIS331 2
Agenda
• Control Types
• Control Systems
• Input Controls– Check digit calculations
• Output Controls
04/19/23 MIS331 3
Why Control?• Inputs
– Helps ensure that the data input to the system is accurate.
– Helps protect the system from accidental and/or intentional errors and abuse, including fraud.
• Outputs– Helps ensure reliability and distribution of
outputs generated by the system.
04/19/23 MIS331 4
Control Types
• Preventive control– Intention is to create a mechanism by
which the undesired state is never realized.– If 100% effective, risk is completely
eliminated by one or more appropriate preventive controls.
• Examples?
04/19/23 MIS331 5
Control Types
• Detective control– Intention is to create a mechanism by
which the undesired state, when present, is detected.
– If 100% effective, risk is completely detectable and identifiable by one or more appropriate detective controls.
• Examples?
04/19/23 MIS331 6
Control Types
• Corrective control– Intention is to create a mechanism by
which the undesired state, when detected, is is returned to a desired state or set of conditions.
– If 100% effective, risk is completely correctable by one or more appropriate corrective controls.
• Examples?
04/19/23 MIS331 7
Control Systems
• The key issue is that no single preventive control will be 100% effective in managing the risk or undesired state.
• What is needed is some combination of control types that serve to effectively manage the risk in question.
04/19/23 MIS331 8
Effective versus Efficient
• Effective means the control accomplishes the goal or objective.
• Efficient means that it accomplishes this goal in an affordable, manageable, and timely manner.– Sometimes there must be a tradeoff based
on probability of occurrence of the risk in question.
04/19/23 MIS331 9
Exposure Occurrence Rates
• Human errors– Data entry errors– Console entry errors– Wrong file or program– File damaged in handling
04/19/23 MIS331 10
Exposure Occurrence Rates
• Hardware/Software Failures– Loss of data– Logic error– Interrupt operation
04/19/23 MIS331 11
Exposure Occurrence Rates• Computer Abuse
– Theft
– Embezzlement
– Fraud
– Espionage
– Invasion of Privacy (cracking)
– Maliciousness (hacking)
04/19/23 MIS331 13
Input Controls
• Monitor number of inputs to system– transaction logging– batch control slips– one-for-one checking
• match each source document with a corresponding historical report detail line confirming that the document was entered and processed.
04/19/23 MIS331 14
Input Controls
• Data validity checks– completeness check
• Have all required fields been entered?
– Limit and range check• Does the input data fall within a legitimate set or range
of values.
– Combination check• Determines whether a known relationship or set of
relationships between two fields is valid.– Ex: if VEHICLE MAKE is “Pontiac”, then VEHICLE
MODEL must be one of the models made by Pontiac.
04/19/23 MIS331 15
Input Controls
• Picture Checks– Does the data entered “look like” the
prescribed pattern for this field?• If field expects XX999AA (2 of anything, 3
numbers, and 2 letters) then 127A121C as a data entry does not match the picture.
– Self-checking digits (check digit)• Can be used to determine data entry errors on
primary keys, checking account numbers, etc.
04/19/23 MIS331 16
Modulus 11 Check Digit
STEP 1: Determine the size of the field in digits
24135 = 5 digits
STEP 2: Number each digit location from either right or left beginning with the number “2.”
2 4 1 3 5
6 5 4 3 2
STEP 3: Multiply each digit in the field by its assigned location number.
2 x 6 = 12
4 x 5 = 20
1 x 4 = 4
3 x 3 = 9
5 x 2 = 10
04/19/23 MIS331 17
Modulus 11 Check Digit
STEP 4: Sum the products from step 3.
12 + 20 + 4 + 9 + 10 = 55
STEP 5: Divide the sum from step 4 by 11
55/11 = 5 remainder 0
STEP 6: If the remainder is less than 10, append the remainder digit to the field.
If the remainder is equal to 10, append the character “X” to the field.
241350
04/19/23 MIS331 18
Output Controls
• Specify the timing and volume of each output precisely.– Daily reports? Daily when?– On demand? 24-7?
• Specify the distribution or access to each output.– Who gets, or can get, what report and
when?
04/19/23 MIS331 19
Output Controls
• Password control for certain output functions.
• Use control totals where appropriate.– The number of records input or delivered
as the result of a query should equal the number of records output by the process.
• In other words, did we get all that we asked for?
top related