Information System Controls
INFORMATION SYSTEM CONTROLS
Information system controls arc methods and deviccs that attempt to ensure the accuracy, validity, and propriety of information system activities. Controls must be developed to ensure proper data entry, processing techniques, storage methods, and information output. Thus, information system controls are designed to monitor and maintain the quality and security of the input, processing, output, and storage activities of any information system.
1 lave you heard the phrase "garbage in, garbage out" (GIGO)? Figure 11 shows why controls are needed for the proper entry of data into an information system. Examples include passwords and other security codes, formatted data entry scrccns, audible error signals, templates over the keys of key-driven input devices, and prerecorded and prenumbered forms. Input of source documents can also be controlled by registering them in a logbook when they are received by data entry personnel. Realtime systems that use direct acccss Files frequently record all entries into the system on magnetic tape control logs that preserve evidence of all system inputs.
Computer software can include instructions to identify incorrect, invalid, or improper input data as it enters the computer system. For example, a data entry program can cheek for invalid codes, data fields, and transactions. Also, the computer can be programmed to conduct "reasonableness checks" to determine if input data cxcccds certain specified limits or is out of sequence. This includes the calculation and monitoring of selected control totals.
Data entry and other systems activities are frequently monitored by the use of control totals. For example, a record count is a control total that consists of counting the total number of source documents or other input records and comparing this total to the number of records countcd at other stages of input preparation If the totals do not match, a mistake has been made. Batch totals and hash totals are
Information system controls arc methods and deviccs that attempt to ensure the accuracy, validity, and propriety of information system activities. Controls must be developed to ensure proper data entry, processing techniques, storage methods, and information output. Thus, information system controls are designed to monitor and maintain the quality and security of the input, processing, output, and storage activities of any information system.
1 lave you heard the phrase "garbage in, garbage out" (GIGO)? Figure 11 shows why controls are needed for the proper entry of data into an information system. Examples include passwords and other security codes, formatted data entry scrccns, audible error signals, templates over the keys of key-driven input devices, and prerecorded and prenumbered forms. Input of source documents can also be controlled by registering them in a logbook when they are received by data entry personnel. Realtime systems that use direct acccss Files frequently record all entries into the system on magnetic tape control logs that preserve evidence of all system inputs.
Computer software can include instructions to identify incorrect, invalid, or improper input data as it enters the computer system. For example, a data entry program can cheek for invalid codes, data fields, and transactions. Also, the computer can be programmed to conduct "reasonableness checks" to determine if input data cxcccds certain specified limits or is out of sequence. This includes the calculation and monitoring of selected control totals.
Data entry and other systems activities are frequently monitored by the use of control totals. For example, a record count is a control total that consists of counting the total number of source documents or other input records and comparing this total to the number of records countcd at other stages of input preparation If the totals do not match, a mistake has been made. Batch totals and hash totals are