p.10.7-matching controls to threats
customer order for an important part did not include the customer's address. Consequently, the order was not shipped on time and the customer called to complain.
A completeness check to determine whether all required fields were filled in.
During processing of customer payments, the digit 0 in a payment of $204 was mistakenly typed as the letter "O." As a result, the transaction was not processed correctly and the customer erroneously received a letter that the account was delinquent.
A field check should be performed to check whether all characters entered in this field are numeric. There should be a prompt correction and re-processing of erroneous transactions.
f. The warranty department manager was upset because special discount coupons were mailed to every customer who had purchased the product within the past 3 years, instead of to only those customers who had purchased the product within the past 3 months.
A limit check based on the original sales date.
The hours worked field in a payroll transaction record contained the value 400 instead of 40. As a result, the employee received a paycheck for $6,257.24 instead of $654.32.
A limit check on hours worked
A salesperson mistakenly entered an online order for 50 laser printers instead of 50 laser printer toner cartridges.
A reasonableness test of quantity ordered relative to the product if 50 is an unusually large number of monitors to be ordered at one time. Closed-loop verification to make sure that the stock number matches the item that is ordered.
After processing sales transactions, the inventory report showed a negative quantity on hand for several items.
A sign test of quantity on hand.
The accounts receivable file was destroyed because it was accidentally used to update accounts payable
All files should have header labels to identify their contents, and all programs should check these labels before processing transactions against the file. There should also be a clearly marked external label to reduce the risk of an operator loading the wrong file.
A 20-minute power brownout caused a mission-critical database server to crash, shutting down operations temporarily.
An uninterruptible power system should be used to provide a reserve power supply in the event of power failure. The UPS should at a minimum allow enough time for the system to operated for a defined length of time and then, if necessary, power down in the event of an extended power outage. Longer power outages are best handled by backup generators and real-time mirroring systems
batch of 73 time sheets was sent to the payroll department for weekly processing. Somehow, one of the time sheets did not get processed. The mistake was not caught until payday, when one employee complained about not receiving a paycheck.
Batch totals would have caught this. A record count would have indicated that one record was not processed. Or a hash total (sum of the employee numbers).
c. When entering a large credit sale, the clerk typed in the customer's account number as 45982 instead of 45892. That account number did not exist. The mistake was not caught until later in the week when the weekly billing process was run. Consequently, the customer was not billed for another week, delaying receipt of payment.
Check digit verification on each customer account number Or a validity check for actual customers.
g. The clerk entering details about a large credit sale mistakenly typed in a nonexistent account number. Consequently, the company never received payment for the items
Check digit verification on each customer account number Or a validity check for actual customers Or closed loop verification that returns the customer name associated with a customer number.
e. Two traveling sales representatives accessed the parts database at the same time. Salesperson A noted that there were still 55 units of part 723 available and entered an order for 45 of them. While salesperson A was keying in the order, salesperson B, in another state, also noted the availability of 55 units for part 723 and entered an order for 33 of them. Both sales reps promised their customer next-day delivery. Salesperson A's customer, however, learned the next day that the part would have to be back-ordered. The customer canceled the sale and vowed to never again do business with the company.
Concurrent update controls protect records from errors when more than one salesman tries to update the inventory database by locking one of the users out of the database until the first salesman's update has been completed.
A fire destroyed the data center, including all backup copies of the accounts receivable files. (files, hardware, both-solutions)
FILES: A backup copy of the files should be stored off-site. HARDWARE: A hot or cold site arrangement BOTH: Real-time mirroring, so that when one site is down the other site(s) can pick up the slack.
Sunspot activity resulted in the loss of some data being sent to the regional office. The problem was not discovered until several days later when managers attempted to query the database for that information.
Parity checks and checksums will test for data transmission errors.
h. A customer filled in the wrong account number on the portion of the invoice being returned with payment. Consequently, the payment was credited to another customer's account
Turnaround documents should include account numbers on them
