To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com Accounting Information Systems CHAPTER INFORMATION SYSTEMS CONTROLS FOR SYSTEMS RELIABILITY SUGGESTED ANSWERS TO DISCUSSION QUESTIONS 8.1 For the consumer, opt-out represents many disadvantages because the consumer is responsible for explicitly notifying every company that might be collecting the consumer’s personal information and tell them to stop collecting their personal data Consumers are less likely to take the time to opt-out of these programs and even if they decide to opt-out, they may not know of all of the companies that are capturing their personal information For the organization collecting the data, opt-out is an advantage for the same reasons it is a disadvantage to the consumer, the organization is free to collect all the information they want until explicitly told to stop 8.2 a The cost here is tangible, consisting of the salaries of additional employees, if any, who must be hired in order to accomplish segregation of duties The benefit is much less tangible, comprising primarily the reduction in the risk of loss from both fraud and unintentional errors One approach might be to estimate an "expected benefit" as a product of the possible loss from fraud and the reduction in probability of fraud b The costs here are also relatively tangible, including the costs of maintaining a tape library and of performing special procedures such as file labeling, concurrent update controls, encryption, virus protection, maintaining backup files, and so forth The benefit is again intangible, consisting of the reduction in risk of loss of vital business data Once again an "expected benefit" might be estimated as the reduction of the product of the cost of data reconstruction and the probability of data loss c The cost here consists of the extra programming and processing time required to prepare and execute the input validation routines As in the other cases, the benefits are intangible and difficult to measure in dollars The primary benefit is the increase in accuracy of files and output In this case, the decision must be primarily subjective, since a reliable dollar value is unlikely to be available 8.3 The disadvantage of full backups is time Organizations not normally make full backups of their data on a frequent (daily) basis simply due to the time a full backup takes Most organizations full backups on a weekly basis The advantage of frequent full backups is that the full system can be restored from a single backup An advantage of incremental or partial daily backups is time Since only files that have been altered since the last incremental backup or full backup are included in the backup, the backup can be done much more quickly Of course, the downside of incremental backups is that it is likely that more than one backup will be needed to fully restore the system in the event of a system failure Management decides what the recovery point objective (RPO) should 8-1 © 2009 Pearson Education, Inc Publishing as Prentice Hall To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com Ch 8: Computer-Based Information Systems Control be for their company; i.e., how much they are willing to lose in the event of a catastrophic event Naturally, the recovery time objective (RTO) would always be “as soon as possible”, but this decision hinges on how long management thinks the company can operate without their data The advantage of real-time mirroring is that a full and complete backup is always available at a moments notice The mirror site can instantly step into the shoes of the primary site since it is a real-time replica of the primary site The disadvantage of real-time mirroring is the cost of creating and maintaining identical databases at two different site locations; however, depending on the needs of the business, real-time mirroring may be a legitimate and necessary business expense since the cost of losing data and then recreating that data from a full or partial backup would be prohibitive In other words, for these businesses, RPO and RTO are essentially zero; i.e., the data must be available instantaneously 8.4 A Original Number 10 11 12 13 14 15 16 17 18 19 B Transposed Number 01 11 21 31 41 51 61 71 81 91 B-A Difference 9 18 27 36 45 54 63 72 Divisible by 9? Yes Not a transposition Yes Yes Yes Yes Yes Yes Yes Yes When numbers between 10 and 19 are transposed, the difference between the original number and the transposed number is divisible by except for the number 11 since the transposition of 11 is 11 and therefore not a transposition 8.5 Good internal control procedures dictate the objectives of internal control, but not the techniques by which those objectives are to be achieved Computer systems can efficiently scan large volumes of records on a regular basis, identify transactions that need to be initiated, and then take appropriate transaction-initiation steps such as document preparation and file updating Given that computer systems will be programmed to initiate transactions, the issue is to identify internal control techniques that will achieve the stated objective under these circumstances These include (1) strong controls over the development and revision of 8-2 © 2009 Pearson Education, Inc Publishing as Prentice Hall To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com Accounting Information Systems the computer programs that initiate transactions, (2) organizational separation of the programming and computer operations functions, (3) logical access controls to prevent unauthorized access to computer programs, and (4) review by user department personnel of transactions initiated by the computer In summary, automatic generation of transactions by computer does not necessarily violate good internal control 8.6 Since outsourcing is and will likely continue to be a topic of interest, this question should generate some good discussion from students Data security and data protection are rated in of the top ten risks of offshore outsourcing by CIO News Compliance with The Health Insurance Portability and Accountability Act (HIPAA) and the Sarbanes-Oxley Act (SOX) are of particular concern to companies outsourcing work to offshore companies Since offshore companies are not required to comply with HIPAA, companies that contract with offshore providers not have any enforceable mechanisms in place to protect and safeguard Protected Health Information; i.e., patient health information, as required by HIPAA They essentially lose control of that data once it is processed by an offshore provider Similarly, offshore companies are not governed by SOX and therefore when the CEO and CFO attest to the accuracy of their company’s financial statements which includes documentation of any business processes performed by offshore entities One question that may facilitate discussion is to ask the students that once a company sends some operations offshore, does the outsourcing company still have legal control over their data or the laws of the off shore company dictate ownership? Should the outsourcing company be liable in this country for data that was lost or compromised by an outsourcing offshore partner? 8.7 Since most students will encounter this question as an employee and as a future manager, the concept of personal email use during business hours should generate significant discussion One question that may help facilitate discussion is to ask whether personal emails are any different than personal phones calls during business hours The instructor may also want to use this opportunity to discuss security issues with email Viruses are frequently spread through email and although a virus could infect company computers through a business related email, personal email will also expose the company to viruses and therefore warrant the policy of disallowing any personal emails In addition, there is the risk that employees could overtly or inadvertently release confidential company information through personal email Once the information is written in electronic form it is easy and convenient for the recipient to disburse that information 8-3 © 2009 Pearson Education, Inc Publishing as Prentice Hall To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com Ch 8: Computer-Based Information Systems Control 8.8 Many people may view biometric authentication as invasive That is, in order to gain access to a work related location or data, that they must provide a very personal image of part of their body such as their retina, finger or palm print, their voice, etc Providing such personal information may make some individuals fearful of identity theft in that unlike a social security number or a bank account number, biometric identification characteristics cannot simply be “reset” If someone’s digitized biometric identification such as a finger print is stolen, then how can they prevent their identity from being used to lie, cheat, and steal? Indeed, facial scans and voice scans can be obtained and recorded without the consent and knowledge of the person being scanned RFID tags that are embedded or attached to a persons clothing would allow anyone with that particular tag’s frequency to track the exact movements of the “tagged” person For police tracking criminals that would be a tremendous asset, but what if criminals were tracking people who they wanted to rob or whose property they wanted to rob when they knew the person would not be at home Already one elementary school tried using RFID tags on students to track attendance, but stopped the program due to parental complaints and because the company that donated the equipment decided to stop supplying the RFID tags to the school SUGGESTED SOLUTIONS TO THE PROBLEMS 8.1 There is no single correct solution for this problem Student responses will vary depending on their experience with various businesses One minimal classification scheme could be highly confidential or top-secret, confidential or internal only, and public The following table lists some examples of items that could fall into each basic category Highly Confidential (Top Secret) Research Data Product Development Data Confidential (Internal) Public Payroll Cost of Capital Financial Statements Security and Exchange Commission Filings Marketing Information Proprietary Manufacturing Tax Processes Proprietary Business Processes Manufacturing Cost Data Competitive Bidding Data Financial Projections 8.2 a Record Count: Product Specification Data Earnings Announcement Data records Hash and Financial Totals are shown in the table below 8-4 © 2009 Pearson Education, Inc Publishing as Prentice Hall To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com Accounting Information Systems Employee Number 121 123 125 122 Pay Rate 6.50 7.25 6.75 67.5 491 Hash Total Hours Worked 38 40 90 40 Gross Pay $247.00 290.00 607.5 2700.00 Deductions 25.50 60.00 450.00 500.00 Net Pay 221.50 230.00 57.50 2200.00 88 208 3824.50 1135.50 2679.00 Hash Total Hash Total Financial Total Financial Total Financial Total b Field Check: $247 Gross Pay for Employee 121 should not contain the $ symbol Sequence Check: Employee 122 is out of order This record should appear directly after Employee 121 Limit Check: 90 Hours Worked for Employee 125 is probably too high Reasonableness Test: $450 in Deductions for Employee 125 seems too high given a Gross Pay of $587.50 Crossfooting Balance Test: $57.50 net pay for employee 125 does not equal $607.50-$450 Net pay should be $157.50 if the gross pay and deductions are correct In addition, the deductions for employee 125 also appear to be unreasonably high, so the correct net pay should be much higher than $57.50 8-5 © 2009 Pearson Education, Inc Publishing as Prentice Hall To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com Ch 8: Computer-Based Information Systems Control 8.3 a Field - Member number: Range check to verify that the field contains only four digits within the range of 0001 to 1368 Validity check on member number if a file of valid member numbers is maintained Field - Date of flight start: Check that day, month, and year corresponds to the current date Field check to verify that the field contains six digits Field - Plane used: Validity check that character is one of the legal characters to describe a plane (G, C, P, or L) Check that only a single character is used (field check) Field - Time of take off: Range check that both pairs of numbers are within the acceptable range (first two digits are within range 00 to 23, and second two digits are within the range 00 to 59) Field check to verify that the field contains four digits Field - Time of landing: Range check that both pairs of numbers are within the acceptable range described for field Reasonableness test that field is greater than field b Five of the six records contain errors as follows: 1st - Wrong date is used (Nov 31 instead of Nov 1) 2nd - Member number is outside range (4111 is greater than 1368) 4th - Plane code is not legal 5th - Member number contains a character 6th - Plane landing time is earlier than the take off time c Other possible controls to prevent input errors are: user ID numbers and passwords to limit system access to authorized personnel 8-6 © 2009 Pearson Education, Inc Publishing as Prentice Hall To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com Accounting Information Systems compatibility test to ensure that authorized personnel have access to the correct data prompting to request each required input item preformatting to display an input form including all required input items completeness check on each input record to ensure all item have been entered default values such today=s date for the flight date 8.4 closed-loop verification (member name would appear immediately after the member number) (SMAC Examination, adapted) Differences between the correct batch total and the batch totals obtained after processing: (a) $29,341.28 $29,341.28 -24,088.72 $ 5,252.56 1,762.62 (b) (c) $29,341.28 -29,431.28 $ (90.00) (d) $29,341.28 -30,341.28 $(1,000.00) -27,578.66 $ Analysis of these differences: a The difference of $5,252.56 is not divisible evenly by 9, which rules out a transposition error The difference affects multiple columns, which rules out a single transcription error The difference amount is not equal to any of the entries in the first batch total calculation, which rules out an error of omission Dividing the difference by gives $2,626.28, which is one of the entries in the first calculation More careful inspection reveals that this amount has been inadvertently subtracted from the second batch total calculation rather than added b The difference of $90 is evenly divisible by 9, which suggests the possible transposition of adjoining digits in the hundredths and tenths columns More careful inspection indicates that the amount $4,566.86 from the first calculation was incorrectly transposed to $4,656.86 in the second calculation c A difference of $1,000 represents a discrepancy in only one column, the thousandths column A possible error in transcribing one digit in that column is indicated More careful examination reveals that the amount $2,772.42 from the first calculation was incorrectly recorded in the second calculation as $3,772.42 d The difference of $1,762.62 exists in multiple columns and is not divisible evenly by However, this amount is equal to one of the entries in the first calculation 8-7 © 2009 Pearson Education, Inc Publishing as Prentice Hall To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com Ch 8: Computer-Based Information Systems Control Inspection reveals that this item was inadvertently omitted from the second calculation 8.5 The following edit checks might be used to detect errors during the typing of answers to the input cues: Validity check of operator access code and password C ensures that the operator is authorized to access computer programs and files Also use of expense account # - ensures that proper expense account number is used Compatibility test of operator request to access payroll file C ensures that this operator has been granted authority to access and modify payroll records Field check C ensures that numeric characters are entered into and accepted by the system in fields where only numeric characters are required; e.g., numbers 0-9 in a social security number Field check C ensures that letters are entered into and accepted by the system in fields where only letters are required; e.g., letters A-Z in employee name Field check C ensures that only specific special characters are entered into and accepted by the system where only these special characters are required; e.g., dashes in a social security number Sign check C ensures that positive or negative signs are entered into and accepted by the system where only such signs are required to be entered or that the absence 8-8 © 2009 Pearson Education, Inc Publishing as Prentice Hall To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com Accounting Information Systems of a positive or negative sign appears where such an absence is required; e.g., hours worked Validity check C ensures that only authorized data codes will be entered into and accepted by the system where only such authorized data codes are required; e.g., authorized employee account numbers Range check C ensures that only data values within a predetermined range will be entered into and accepted by the system; e.g., rate per hour for new employees cannot be lower than the minimum set by law or higher than the maximum set by management Size check C ensures that only data using fixed or defined field lengths will be entered into and accepted by the system; e.g., number of dependents requires exactly two digits Check digit C ensures that only specific code numbers prepared by using a specific arithmetic operation will be entered into and accepted by the system This may not be needed if the more powerful validity checks are properly used Completeness test C ensures that no blanks will be entered into and accepted by the system when data should be present; e.g., an "S" or "M" is entered in response to single or married? Overflow check C ensures that no digits are dropped if a number becomes too large for a variable during processing; e.g., hourly rates "on size errors" are detected Control-total check C ensures that no unauthorized changes are made to specified data or data fields and all data have been entered Reasonableness test C ensures that unreasonable combinations of data are rejected; e.g., overtime hours cannot be greater than zero if regular hours are less than 40 Limit check C ensures that inputs not exceed a specified limit; e.g., overtime hours cannot exceed 40 (CPA Examination, adapted) 8-9 © 2009 Pearson Education, Inc Publishing as Prentice Hall To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com Ch 8: Computer-Based Information Systems Control 8.6 a The computer security weaknesses present at Gleicken Corporation that made it possible for a disastrous data loss to occur include: inadequate attention by top management to EDP facilities planning and security concerns housing the data processing facility in a building with exposed wooden beams and a wood-shingled exterior, rather than in a building constructed of fire retardant materials lack of a sprinkler (Halon) system, a fire suppression system under a raised floor, and fire doors preparing tape backups too infrequently (weekly) data and program tapes, especially the backup copies, should not be stored on open shelves in the data processing area Working copies should be stored in a separate library area constructed of fire retardant materials, while backup copies should be stored off-site lack of a written disaster recovery plan with arrangements in place to use an alternate off-site computer center in the event of a disaster or an extended service interruption While a phone list of data processing personnel exists, there is no indication that responsibilities have been assigned as to actions to be taken in the event of a disaster lack of complete systems documentation kept outside the data processing area inadequate casualty insurance coverage b The components that should have been included in the disaster recovery plan at Gleicken Corporation in order to ensure computer recovery within 72 hours include the following: A written disaster recovery plan should be developed with review and approval by senior management, data processing management, end-user management, and internal audit Backup file copies should be prepared at least daily Backup files and programs should be stored at a secure off-site location that can be easily accessible in an emergency 8-10 © 2009 Pearson Education, Inc Publishing as Prentice Hall To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com Accounting Information Systems The disaster recovery team should be organized Select the disaster recovery manager, identify the tasks, segregate into teams, develop an organization chart for disaster procedures, match personnel to team skills and functions, and assign duties and responsibilities to each member The duties and responsibilities of the recovery team include obtaining use of a previously arranged alternate data processing facility; activating the backup system and network; retrieving backup data files and programs; restoring programs and data; processing critical applications; and reconstructing data entered into the system subsequent to latest saved backup/restart point c Factors, other than those included in the disaster recovery plan itself, that should be considered when formulating the plan include: arranging business interruption insurance in addition to liability insurance ensuring that all systems and operations documentation is kept up to date, and that backup copies are maintained off-site, easily accessible for use in case of disaster performing a risk/cost analysis to determine the level of expense that may be justified to obtain reasonable, as opposed to certain, assurance that disaster recovery can be achieved in 72 hours For example, is the purchase of a duplicate hardware set-up at another location justified d Other threats (besides fire) from which Gleicken should have protected itself are: earthquake theft/burglary intense sunlight through the skylights (CMA Examination, adapted) 8.7 Student solutions will vary depending on the template they select Templates are available in Adobe PDF or Microsoft Word format 8-11 © 2009 Pearson Education, Inc Publishing as Prentice Hall To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com Ch 8: Computer-Based Information Systems Control 8-12 © 2009 Pearson Education, Inc Publishing as Prentice Hall To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com Accounting Information Systems 8.8 8-13 © 2009 Pearson Education, Inc Publishing as Prentice Hall To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com Accounting Information Systems 8.8 (Cont.) The following represents one way to solve this problem To check student solutions, the instructor will have to collect electronic copies of this assignment to verify that students have implemented the checks assigned in the problem Supporting Formulas: F5 (Monthly Payment): =PMT(Rate/12,PMTs*12,-Mortgage) F8 (Total Interest Paid): =SUM(C13:C372) F9 (Principal Paid): =SUM(E13:E373) G6 (Warning): =IF(F6>F5*0.5,"Warning: Extra principal payment is greater than 50% of the total regular payment","") G12 (Beginning Balance): =+Mortgage A13 (Payment Number): =IF(ROWS($A$13:A13)>PMTs*12,0,ROWS($A$13:A13)) B13 (Principal balance at beginning of period): =IF(A13=0,0,IF(G12=0,1,0) Data Input Controls: Field check to ensure only numeric data is entered in the “Life of loan in years”: 8-14 © 2009 Pearson Education, Inc Publishing as Prentice Hall To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com Accounting Information Systems 8.8 (Cont.) Range check to ensure that annual interest rates must be between 4% and 9% inclusive: 8-15 © 2009 Pearson Education, Inc Publishing as Prentice Hall To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com Ch 8: Computer-Based Information Systems Control 8.8 (Cont.) 8-16 © 2009 Pearson Education, Inc Publishing as Prentice Hall To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com Accounting Information Systems Limit check to verify that the amount of the loan is than $300,000: 8.8 (cont.) 8-17 © 2009 Pearson Education, Inc Publishing as Prentice Hall To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com Ch 8: Computer-Based Information Systems Control Reasonableness test: amount of extra principal payment cannot be greater than 50% of the initial total monthly payment: Cell Formula G6: =IF(F6>F5*0.5,"Warning: Extra principal payment is greater than 50% of the total regular payment","") Cross-footing balance checks to verify that total amount paid in principal plus extra principal over the life of the loan equals original loan amount: Cell Formula F9: =SUM(E13:E373) Cell Formula E13 to end of the column: =IF(A13=0,0,IF(B13=0,0,IF(H13=0,+D13+$F$6+G13,+D13+$F$6))) Although this is not strictly a cross-footing balance, for an Excel based repayment schedule that does not employ any Visual Basic programming code, this is an effective method to check for any overpayment over the life of the loan when additional payments are included Therefore, students should be warned in advance that a strict cross-footing balance may not be possible and to be flexible and to think creatively in meeting the control requirements of this problem 8.8 (Cont.) Conditional limit check to calculate the final extra principal payment so that it does not reduce the outstanding balance below zero: Cell Formula E13 to end of the column: =IF(A13=0,0,IF(B13=0,0,IF(H13=0,+D13+$F$6+G13,+D13+$F$6))) Cell Formula H13: =IF(G13>=0,1,0) For an Excel based repayment schedule that does not employ any Visual Basic programming code, this is an effective method to check for the final payment over the life of the loan when additional payments are included The “Marker (column H)” cell is used to track when the balance at the end of the period goes negative; i.e., the loan has been repaid, but the last normal payment exceeds the last remaining balance The final payment is then equal to the normal payment less the amount that would be overpaid if a full normal payment is made as the final payment on the loan The final payment is the found as the last the last non-zero amount in the “Monthly Principal + Extra Principal Payment” column Therefore, students should be warned in advance to be flexible and to think creatively in meeting the control requirements of this 8-18 © 2009 Pearson Education, Inc Publishing as Prentice Hall To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com Accounting Information Systems problem 8.9 Type of Backup A Full Daily Backup Time to Backup Size of Backup Time to Restore 300 Minutes (5 days * 60 minutes) 250 GB (5 days * 50 GB) 300 Minutes (5 days * 60 Minutes) 250 Minutes 300 Minutes 60 Minutes 50 GB 60 Minutes 50 Minutes (5 days * 10 minutes) 40 GB (5 days * GB) 25 Minutes (5 days * minutes) 90 Minutes 85 Minutes 60 Minutes 50 GB 60 Minutes 75 Minutes (5 days * 15 minutes) 30 – 150 GB (5 days * 6-30 GB) 40 Minutes (5 days * minutes) 80 – 180 Minutes 100 Minutes Total 300 Minutes B Full Weekly Backup Daily Incremental Backup Total 110 Minutes C Full Weekly Backup Daily Differential Backup Total 135 Minutes The full weekly backup with a daily incremental backup is the best options based on time to backup, size of backup and the time to restore 8.10 (Note: In order to access the 76 page control framework, students must first register on the website with ISACA.) Trust Services Framework Principle Cobit Control Objective PO1 – Define a strategic IT plan Securit y Confidentialit y Privacy Processing Integrity Availability X X X X X 8-19 © 2009 Pearson Education, Inc Publishing as Prentice Hall To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com Ch 8: Computer-Based Information Systems Control PO2 – Define the information architecture X X X PO3 – Determine technological direction PO-4 Define the IT processes, organization and relationships X X X X X X X X X X X PO-5 Manage the IT investment PO-6 Communicate management aims and direction X PO-7 Manage IT human resources X PO-8 Manage quality PO-9 Assess and manage IT risks X PO-10 Manage Projects AI1-Identify automated solutions AI2-Acquire and maintain application software X X X X AI3-Acquire and maintain technology infrastructure X X AI4-Enable operation and use X X AI5-Procure IT resources AI6-Manage changes X X X AI7-Install and accredit solutions and changes Cobit Control Objective Securit y Confidentialit y Privacy DS1-Define and manage service levels X X Processing Integrity Availability X 8-20 © 2009 Pearson Education, Inc Publishing as Prentice Hall To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com Accounting Information Systems DS2-Manage third-party services X X DS3-Manage performance and capacity X X X DS4-Ensure continuous service X DS5-Ensure systems security X X X X X X DS6-Indentify and allocate costs DS7-Educate and train users X DS8-Manage service desk and incidents X DS9-Manage the configuration X DS10-Manage problems X X DS11-Manage data X X X X X DS12-Manage the physical environment X X X X X DS13-Manage operations X X X X X X ME1-Monitor and evaluate IT performance ME2-Monitor and evaluate internal control X ME3-Ensure compliance with external requirements X ME4-Provide IT governance X X X 8-21 © 2009 Pearson Education, Inc Publishing as Prentice Hall To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com Ch 8: Computer-Based Information Systems Control 8.11 a Reasonableness check between fields indicating salaried and hours field b All files should have header labels to identify their contents, and all programs should check these labels before processing transactions against the file c A field check should be performed to check whether all characters entered in this field are numeric There should be a prompt correction and re-processing of erroneous transactions d A reasonableness test of quantity ordered relative to the product if 50 is an unusually large number of monitors to be ordered at one time Closed-loop verification to make sure that the stock number matches the item that is ordered e An uninterruptible power system should be used to provide a reserve power supply in the event of power failure f Fireproof storage and maintenance of duplicate files at an off-site location g A reasonableness test of quantity on hand h A completeness check to check whether all required fields were filled in i Check digit verification on each customer account number and a validity check for actual customers should have caught this error j A size check would prevent 400 characters from being entered into a field that allows for only characters k Concurrent update controls protect records from errors when more than one salesman tries to update the inventory database by locking one of the users out of the database until the first salesman’s update has been completed l A limit check based on the original sales date m Check digit verification on each customer account number and a validity check for actual customers and closed loop verification n Check digit verification on each customer account number and a validity check for actual customers and closed loop verification o A completeness check for all payroll checks and a hash total using employee numbers 8-22 © 2009 Pearson Education, Inc Publishing as Prentice Hall To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com Accounting Information Systems p Encrypting the email containing the bid would have prevented the competitor from reading the email even if they could have intercepted the email 8.12 q Parity checks and echo checks will test for data transmission errors (Adapted from CMA Exam June 1994, Part 4, Question 3) a Systems documentation is prepared when someone has the time to it, consequently, documentation will likely be incomplete and not current The systems and programming staff have access to the computer room without supervision of the operations staff The programmers could alter the data files or operational programs The location of the computing facility on the ground floor behind large plate glass windows invites attention, risk exposure, and risk of damage due to flooding There does not appear to be any regularly scheduled backups b Off-site alternatives for continuation of service including contingency plans for temporary operations, hot sites, vendor sites, service bureau sites, etc MonsterMed should maintain arrangements with computer equipment vendors to provide availability of hardware to replace damaged hardware as soon as practical Off-site storage of program and data files, documentation, and supplies Detailed procedures for recovery including instructions for obtaining off-site storage, planning a communications link between headquarters and the emergency site, as well as telephone and cell phone numbers of all team members Procedures for on-going control and maintenance of a temporary cite Testing and training for plan implementation including testing each department individually, testing the whole plan; i.e., a mock disaster, trial runs, testing backup procedures, testing restore operations, and recording test results 8-23 © 2009 Pearson Education, Inc Publishing as Prentice Hall To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com Ch 8: Computer-Based Information Systems Control (CMA Examination, adapted) 8-24 © 2009 Pearson Education, Inc Publishing as Prentice Hall ... and safeguard Protected Health Information; i.e., patient health information, as required by HIPAA They essentially lose control of that data once it is processed by an offshore provider Similarly,... ebook, solutions and test bank, visit http://downloadslide.blogspot.com Accounting Information Systems 8.8 (Cont.) The following represents one way to solve this problem To check student solutions,... Publishing as Prentice Hall To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com Accounting Information Systems the computer programs that initiate transactions,