AIS Textbook - Internal Controls
Zero-Balance Test
A comparison of credits and debits to determine if an transaction totals are correct. (Processing Control)
Prompting
A control in which the system requests each input data item and waits for an acceptable response, ensures that all necessary data are entered. (Data Entry Controls)
Write-Protection Mechanisms
A control that protects against overwriting or erasing of data files stored on magnetic media. (Processing Control)
Checksums
A data transmission control where the sending and receiving devices both calculate a hash of a file. If the hashes match then the transmission is presumed to be accurate. If they don't match, then the file is resent.
Hot Site
A facility that is not only prewired for telephone and Internet access but also contains all the computing and office equipment the organization needs to perform its essential business activities
Check Digit
A number within an ID that is computed using the other ID numbers. Used by the data entry device as a check figure to quickly confirm the validity of a number.
External Data Reconciliation
A reconciliation procedure that compares system information with outside data (e.g. comparing employee payroll files to the HR files) (Output Control)
Turnaround Document
A record of company data sent to an external party and then returned by the external party to the system as input. (Input Control)
Prenumbered Source Documents
All source documents should be sequentially prenumbered. Prenumbering improves control by making it possible to verify that no documents are missing. (Input Control)
Concurrent Update Control
Allows only one user to access and update an information system at a time. (Processing Control)
Cold Site
An empty building that is prewired for necessary telephone and Internet access, plus a contract with one or more vendors to provide all necessary equipment within a specified period of time.
Transposition Error
An error in which two adjacent digits were inadvertently reversed (e.g. 46 instead of 64).
Parity Bits
An extra digit added to the beginning of every character than can be used to check transmission accuracy (Hint: think about binary code)
Closed-loop Verification
Checks the accuracy of input data by using it to retrieve and display other related information (e.g. clerk enters an ID number, the system returns an employee name and asks, "Is this who you're looking for?" (Data Entry Controls)
Validity Check
Compares the ID code or account number in transaction data with similar data in the master file to verify that the account exists (e.g. does a product number entered in the field correspond to a real item in inventory?). (Data Entry Controls)
Data Transmission Controls
Controls that resend a request for data when data has not been transmitted correctly (Output Control)
Differential Backup
Copies all changes made since the last full backup.
Reasonableness Test
Determines the correctness of the logical relationship between two data items (e.g. regular hours for a week must be 40 before overtime can be added). (Data Entry Controls)
Range Check
Determines whether a numerical amount falls between predetermined lower and upper limits (e.g. salary is between $50,000 and $99,000 for this employment position). (Data Entry Controls)
Completeness Check
Determines whether all required data items have been entered (e.g. does not allow a purchased item to be processed without the customer's shipping and billing address) (Data Entry Controls)
Field Check
Determines whether the characters in a field are of the proper type (e.g. no letters in a field where only numbers should exist). (Data Entry Controls)
Sign check
Determines whether the data in a field have the appropriate arithmetic sign (e.g. quantity order should never be negative) (Data Entry Controls)
Size Check
Ensures that the input data will fit into the assigned field (e.g. an eight digit field will accept only 8 digits, no more no less). (Data Entry Controls)
Transaction Log
Includes a detailed record of all transaction, including a unique transaction identifier, the date and time of entry, and who entered the transaction. (Data Entry Controls)
Incremental Backup
Involves copying only the data items that have changed since the last partial backup
Real-time Mirroring
Involves maintaining two copies of the database at two separate data centers at all times and updating both copies in real-time as each transaction occurs.
Header Record
Located at the beginning of each file and contains the file name, expiration date, and other identification data.
Trailer Record
Located at the end of the file and contains the batch totals calculated during input.
File Label
Must be checked to ensure that the correct and most current files are being updated. (Hint: where do you look on the file?) (Processing Control)
Disaster Recovery Plan (DRP)
Outlines the procedures to restore an organization's IT function n the event that its data center is destroyed by a natural disaster or act of terrorism.
Reconciliation Procedures
Periodic processes that reconcile all transactions and system updates to control reports, file status/update reports, or other control mechanisms (Output Control)
Redundant Arrays of Independent Drives (RAID)
Process of writing data to multiple disk drives simultaneously. Protects against loss of data.
Uninterruptible Power Supply
Provides protection in the event of a prolonged power outage, using battery power to enable the system to operate long enough to back up critical data and safely shut down. Important note: test the batteries regularly to ensure that they work.
Recovery Time Objective (RTO)
Represents the length of time that the organization is willing to attempt to function without its information system.
Forms Design
Source documents and other forms should be designed to minimize the chances for errors and omissions (pre-numbered source documents and turnaround documents) (Input Control).
Business Continuity Plan (BCP)
Specifies how to resume not only IT operations, but all business processes, including relocating to new office and hiring temporary replacements.
Cross-Footing Balance Test
Step 1 - Sum a column of row totals and a row of column totals. Step 2 - Determine if the two totals match. If they do, then you didn't make any obvious computational errors. If they don't, then you have a problem (Processing Control)
Batch Total
Summarize important values for a batch of input records. Examples are financial and hash totals, and record counts. (Data Entry Controls)
Financial Total
Sums a field that contains monetary values, such as the total dollar amount of all sales for a batch of sales transactions. (Data Entry Controls)
Hash Total
Sums a non-financial numeric field. Used to verify that the totals are the same both before the spreadsheet is created and after output is generated (e.g. an employee ID in a payroll sheet was not entered incorrectly during the process). (Data Entry Controls)
Limit Check
Tests a numerical amount against a fixed value (e.g. hours worked in a week should always be lower than 40). (Data Entry Controls)
Fault Tolerance
The ability of a system to continue functioning in the event that a particular component fails.
Recovery Point Objective (RPO)
The maximum amount of data that the organization is willing to potentially lose.
Record Count
The number of records in a batch. (Data Entry Controls)
Parity Checking
This process entails verifying that the proper number of bits are set to the value 1 in each character received.
Data Matching
Two or more items of data must be matched before an action can take place. (e.g. verify that invoice info matches the receiving report before issuing a payment). (Processing Control)
User Review of Output
Users should carefully examine system output to verify that it is reasonable and complete, and that they are the intended recipient. (Output Control)
Check Digit Verification
Uses the first nine digits (for example) of an ID to create a tenth number to be checked by a data entry device. (Data Entry Controls)
