Chapter 9
Controlling
Information Systems:
Application Controls
Learning Objectives
•
•
•
•
Know steps in control framework
Be able to prepare control matrix
Know generic application control plans
Describe how these controls accomplish control
goals
• Appreciate importance of controls to
organizations with ERP systems
• Appreciate importance of controls to
organizations involved in E-Business
Control Matrix
Control Goals of the
Operations System
Ensure
effectiveness
Ensure
of operations by efficient
ensuring the employment Ensure
following
of
security of
systems goals: resources resources
Recommended
Control Plans
A
For transaction
inputs, ensure:
IV
IC
IA
For the Master
File, ensure:
M-1 M-1
P -1
M-1
P-2 Plan 3 (describe)
P-2 P-2 P-2 P-2
M-2 Plan 4
(describe)
M-2
Key:
IV - Input validity
I C - Input completeness
IA - Input accuracy
UC - Update completeness
UA - Update accuracy
UA
UC
B
P-1 Immediately endorse
incoming checks
M-1 Immediately
separate checks & RAs
Control Goals of the
Information System
M-2
M-2
A = To accelerate cash flow by promptly Four key elements:
 Control goals
depositing cash receipts
 Recommended control plans
B = To ensure compliance with
Cell entries
compensating balance agreement
Explanations of cell entries
P-1: “deposit only to the account of Causeway Company”
3
4
Systems Flowchart: Data Entry Without Master Data
Data Entry Clerk 1
Data Entry Devices (Networked PCs)
Start
Input
document
Key
document
Display
input or
error
P-1
Edit
Input
P-3
P-5
M-1
P-4
Remove
discrepancies
if any
P-7
Key corrections/
accept input
Transaction
data
Record
input
Accepted for
processing
P-6
Input
documents
A
5
Systems Flowchart: Data Entry With
Master Data
6
Processing Steps
•
•
•
•
Transaction occurs
Record in transaction file
Update master files
Generate outputs
7
Processing Modes
• Periodic
– transactions posted after delay
– master files updated after delay
– output generated after delay
• Immediate - all three done immediately
• Combination
– immediate posting; delayed update/generation
– immediate posting & update; delayed
generation
8
Immediate, online processing
Remote User
Location
Central Computer
External party
input source
Edit/validate
input
Master
File
Key input
Display
input
or error
Resolve
discrepancies
if any
Key corrections,
accept input
Display
accepted
processing
message
Master
File
Record input,
update
master files,
produce
outputs
Exception and
summary report
Miscellaneous
departments
Transaction
File
Other
outputs
Documents,
reports, etc
9
Control Matrix
Control Goals of the
Operations System
Control Goals of the
Information System
Ensure
effectiveness
Ensure
of operations by efficient
ensuring the employment Ensure
following
of
security of
systems goals: resources resources
Recommended
Control Plans
P-1- Document
design
A
For transaction
inputs, ensure:
IV
IC
IA
P-1
P-1
UA
P-1
P-2
P-3: Prenumbered
forms
P-3
P-3
P-3
P-4: Online
prompting
P-4
P-4
P-4
P-5
P-5
P-5
P-6
M-1
P-7: Procedures for
rejected inputs
Key:
IV - Input validity
I C - Input completeness
IA - Input accuracy
UC - Update completeness
UA - Update accuracy
UC
B
P-2 Written approvals
P-5 Programmed
edit checks
P-6: Interactive
feedback checks
M-1: Key verification
For the Master
File, ensure:
P-7
A =To ensure timely processing of data
B = (describe)
10
Online processing control plans
• P-1 Document design. Source document is
designed in such a way that makes it easier to
prepare initially and later to input data from the
document
• P-2 Written approvals. A signature or initials on
a document to indicate that a person has
authorized the event.
11
Online processing control plans
(cont.)
• P-3: Preformatted screens
– help guide entry of data. May fix length of
fields, “case” of field entered. Cursor moves to
fields.
• P-4: Online prompting
– program prompts user to work in sequence and
asks questions that control operations.
12
Online processing control plans
(cont.)
• P-5: Programmed edit checks
– automatically performed when data entered
– Reasonableness (limit checks) - tests whether
data fall within predetermined limits.
(< $5,000/wk pay)
– Dependency - logic of data entered to other
data entered.
– Math accuracy - does math independently;
checks user’s calculations
13
Online processing control plans
(cont.)
• Programmed edit checks (Cont)
– Format checks - tests format on input
• missing data
• alpha in alpha fields; numbers in numeric fields
• input field proper size
• input field within set range (ex. - customer #s)
• P-6: Interactive feedback checks
– feedback to user that entry is accepted/rejected
14
Online Processing Control Plans (cont.)
• M-1: Key verification
– Documents keyed by one individual and
rekeyed by another individual. Very expensive
• P-7: Procedures for rejected inputs
– designed to ensure that rejected data - not
accepted for processing - are corrected and
resubmitted for processing.
15
Control Matrix
Control Goals of the
Operations System
Control Goals of the
Information System
Ensure
effectiveness
Ensure
of operations by efficient
ensuring the employment Ensure
following
of
security of
systems goals: resources resources
Recommended
Control Plans
P-1 Enter data close to
originating source
A
P4: Compare input
data with master data
P -1
P -1
IC
IA
UC
UA
P -1 P -1
P-2
P-3
P-4
Key:
IV - Input validity
I C - Input completeness
IA - Input accuracy
UC - Update completeness
UA - Update accuracy
IV
For the Master
File, ensure:
B
P-2: Digital signatures
P-3: Populate inputs
with master data
For transaction
inputs, ensure:
P-2
P-2
P-3
P-4
P-3
P-4
P-3
P-4
A = Ensure timely processing of input
B= (describe)
16
Data Center
User Department
Data Control
Start
Data Preparation
BT
Source
Documents
Transactions
BT
Source
Documents
Accepted
Inputs
Data
control
batch
log
Source
Documents
Source
Documents
Log &
distribute
Log,
batch
correct
errors
BT
Output
BT
Source
Documents
Output
Error &
summary
report
Updated
Master
Clerk #1
BT
User
batch
log
Record
Input
Key
inputs
Check
& log
Master
File
Update Master
File; Produce
Outputs
Source
Documents
Batch,
total
& log
Computer Center
Source
Documents
Error &
summary
report
BT = Batch Totals
Rekey
inputs
Transactions
BT
Verify
input
Clerk #2 Verified
inputs &
totals
Log
Error
suspense
file
Data
prep
batch
log
Log,
attach
s ource
docs
Output
Error and
Summary
Report
17
Control Matrix - Batch system
Control Goals of the
Operations System
Ensure
effectiveness
of operations by
ensuring the
following
systems goals:
Ensure
efficient
employment
of
resources
Control Goals of the
Information System
For transaction
inputs, ensure:
Ensure
security of
resources
IV
IC
IA
P-1
P-1
P-1
M-1
M-1
P-2: Manual agreement
of batch totals
P-2
P-2
M-2: Batch sequence
check
M-2
M-2
Recommended
Control Plans
A
M-3: Document design
M-1
M-3
M-1
M-3
Key:
IV = Input validity
IC = Input completeness
IA = Input accuracy
UC = Update completeness
UA = Update accuracy
UA
M-1
M-1
M-1
P-2
P-2
P-2
M-3
P-3: Key verification
P-4: Written approvals
UC
B
P-1: Calculate batch totals
M-1: Computer agreement
of batch totals
For the Master
File, ensure:
P-3
P-4
A = Ensure timely processing of transactions
18
Control Matrix - Batch System (2)
Control Goals of the
Operations System
Ensure
effectiveness
of operations by
ensuring the
following
systems goals:
Recommended
Control Plans
P-5: Computer preparation
of business documents
A
P-5
Ensure
efficient
employment
of
resources
M-5: Turnaround
documents
Key:
IV = Input validity
IC = Input completeness
IA = Input accuracy
UC = Update completeness
UA = Update accuracy
For transaction
inputs, ensure:
Ensure
security of
resources
IV
IC
IA
For the Master
File, ensure:
UC
UA
B
P-5
P-6: Rejection procedures
M-4: Prerecorded data
Control Goals of the
Information System
P-6
P-6
M-4
M-4
M-4
M-5
M-5
M-5
A = Ensure timely processing of transactions
19
Control Plans - Batch
• Calculate batch totals –
–
–
–
Document/record counts
Item or line counts
Dollar totals
Hash totals - total of fields not normally totaled
• Example - invoice #s, part #s, social security #s
• Computer agreement of batch totals
– batch total calculated manually and entered with batch
– computer accumulates batch total during processing
– computer generates report comparing totals
20
Control Plans - Batch (cont.)
• Manual agreement of batch totals
– similar to above except manually calculated batch
totals not submitted to computer
– computer produces report with batch total
– person compares two and takes appropriate action
• Sequence checks
– applies to sequentially numbered documents; account
for all numbers in sequence to find missing docs.
– also applies to sequentially numbered batches of
documents to ensure they are in order
21
Control Plans - Batch (cont.)
• Key verification
– extremely expensive control plan where a second
data entry person keys in source data to compare with
data already entered. Rarely used in practice.
• Written approvals
– requirement that handwritten signatures be affixed to
documents indicating approval/authorization
• Computer preparation of business documents
– part of output of computer process
– more efficient (and legible) than manual processes
22
Control Plans - Batch (cont.)
• Rejection procedures
– establish procedures to be followed when errors are
entered and erroneous records rejected by computer
– may write rejected records to suspense file and require
periodic follow-up
• Prerecorded data
– examples: serial numbers, MICR a/c #s, dept. #s
– printed on forms so that manual entry not required
• Turnaround documents - prerecorded data to capture
input on subsequent processing. Ex: RA stub attached to
invoice
23
Learning Objectives
•
•
•
•
Know steps is control framework
Be able to prepare control matrix
Know generic application control plans
Describe how these controls accomplish control
goals
• Appreciate importance of controls to ERP
• Appreciate importance to E-Business