Cha 8 Solutions Manual 11th Ed

Accounting Information Systems
CHAPTER 8
INFORMATION SYSTEMS CONTROLS FOR SYSTEMS RELIABILITY
SUGGESTED ANSWERS TO DISCUSSION QUESTIONS
8.1 For the consumer, opt-out represents many disadvantages because the consumer is
responsible for explicitly notifying every company that might be collecting the consumers
personal information and tell them to stop collecting their personal data. Consumers are
less liely to tae the time to opt-out of these programs and even if they do decide to opt-
out, they may not no! of all of the companies that are capturing their personal
information. For the organi"ation collecting the data, opt-out is an advantage for the same
reasons it is a disadvantage to the consumer, the organi"ation is free to collect all the
information they !ant until explicitly told to stop.
8.2 a. #he cost here is tangible, consisting of the salaries of additional employees, if any, !ho
must be hired in order to accomplish segregation of duties. #he benefit is much less
tangible, comprising primarily the reduction in the ris of loss from both fraud and
unintentional errors. $ne approach might be to estimate an %expected benefit% as a
product of the possible loss from fraud and the reduction in probability of fraud.
b. #he costs here are also relatively tangible, including the costs of maintaining a tape
library and of performing special procedures such as file labeling, concurrent update
controls, encryption, virus protection, maintaining bacup files, and so forth. #he
benefit is again intangible, consisting of the reduction in ris of loss of vital business
data. $nce again an %expected benefit% might be estimated as the reduction of the
product of the cost of data reconstruction and the probability of data loss.
c. #he cost here consists of the extra programming and processing time re&uired to
prepare and execute the input validation routines. As in the other cases, the benefits
are intangible and difficult to measure in dollars. #he primary benefit is the increase in
accuracy of files and output. In this case, the decision must be primarily sub'ective,
since a reliable dollar value is unliely to be available.
8.3 #he disadvantage of full bacups is time. $rgani"ations do not normally mae full
bacups of their data on a fre&uent (daily) basis simply due to the time a full bacup taes.
*ost organi"ations do full bacups on a !eely basis. #he advantage of fre&uent full
bacups is that the full system can be restored from a single bacup. An advantage of
incremental or partial daily bacups is time. Since only files that have been altered since
the last incremental bacup or full bacup are included in the bacup, the bacup can be
done much more &uicly. $f course, the do!nside of incremental bacups is that it is
liely that more than one bacup !ill be needed to fully restore the system in the event of
a system failure. *anagement decides !hat the recovery point ob'ective (+,$) should be
for their company- i.e., ho! much they are !illing to lose in the event of a catastrophic
event. .aturally, the recovery time ob'ective (+#$) !ould al!ays be /as soon as
0-1
2009 Pearson Education, Inc. Publishing as Prentice Hall
Ch. 02 Computer-3ased Information Systems Control
possible4, but this decision hinges on ho! long management thins the company can
operate !ithout their data. #he advantage of real-time mirroring is that a full and complete
bacup is al!ays available at a moments notice. #he mirror site can instantly step into the
shoes of the primary site since it is a real-time replica of the primary site. #he
disadvantage of real-time mirroring is the cost of creating and maintaining identical
databases at t!o different site locations- ho!ever, depending on the needs of the business,
real-time mirroring may be a legitimate and necessary business expense since the cost of
losing data and then recreating that data from a full or partial bacup !ould be prohibitive.
In other !ords, for these businesses, +,$ and +#$ are essentially "ero- i.e., the data must
be available instantaneously.
8.4
A 3 3 - A 5ivisible by 67
$riginal .umber #ransposed .umber 5ifference
18 81 6 9es
11 11 8 .ot a transposition
1: :1 6 9es
1; ;1 10 9es
1< <1 := 9es
1> >1 ;? 9es
1? ?1 <> 9es
1= =1 >< 9es
10 01 ?; 9es
16 61 =: 9es
@hen numbers bet!een 18 and 16 are transposed, the difference bet!een the original
number and the transposed number is divisible by 6 except for the number 11 since the
transposition of 11 is 11 and therefore not a transposition.
8.5 Aood internal control procedures dictate the ob'ectives of internal control, but not the
techni&ues by !hich those ob'ectives are to be achieved. Computer systems can efficiently
scan large volumes of records on a regular basis, identify transactions that need to be
initiated, and then tae appropriate transaction-initiation steps such as document
preparation and file updating.
Aiven that computer systems !ill be programmed to initiate transactions, the issue is to
identify internal control techni&ues that !ill achieve the stated ob'ective under these
circumstances. #hese include (1) strong controls over the development and revision of the
computer programs that initiate transactions, (:) organi"ational separation of the
programming and computer operations functions, (;) logical access controls to prevent
unauthori"ed access to computer programs, and (<) revie! by user department personnel
of transactions initiated by the computer.
0-:
In summary, automatic generation of transactions by computer does not necessarily violate
good internal control.
8.6 Since outsourcing is and !ill liely continue to be a topic of interest, this &uestion should
generate some good discussion from students. 5ata security and data protection are rated
in of the top ten riss of offshore outsourcing by CI$ .e!s. Compliance !ith #he Bealth
Insurance ,ortability and Accountability Act (BI,AA) and the Sarbanes-$xley Act (S$C)
are of particular concern to companies outsourcing !or to offshore companies. Since
offshore companies are not re&uired to comply !ith BI,AA, companies that contract !ith
offshore providers do not have any enforceable mechanisms in place to protect and
safeguard ,rotected Bealth Information- i.e., patient health information, as re&uired by
BI,AA. #hey essentially lose control of that data once it is processed by an offshore
provider. Similarly, offshore companies are not governed by S$C and therefore !hen the
CD$ and CF$ attest to the accuracy of their companys financial statements !hich
includes documentation of any business processes performed by offshore entities.
$ne &uestion that may facilitate discussion is to as the students that once a company
sends some operations offshore, does the outsourcing company still have legal control
over their data or do the la!s of the off shore company dictate o!nership7 Should the
outsourcing company be liable in this country for data that !as lost or compromised by an
outsourcing offshore partner7
8.7 Since most students !ill encounter this &uestion as an employee and as a future manager,
the concept of personal email use during business hours should generate significant
discussion. $ne &uestion that may help facilitate discussion is to as !hether personal
emails are any different than personal phones calls during business hours. #he instructor
may also !ant to use this opportunity to discuss security issues !ith email. Eiruses are
fre&uently spread through email and although a virus could infect company computers
through a business related email, personal email !ill also expose the company to viruses
and therefore !arrant the policy of disallo!ing any personal emails. In addition, there is
the ris that employees could overtly or inadvertently release confidential company
information through personal email. $nce the information is !ritten in electronic form it
is easy and convenient for the recipient to disburse that information.
8.8 *any people may vie! biometric authentication as invasive. #hat is, in order to gain
access to a !or related location or data, that they must provide a very personal image of
part of their body such as their retina, finger or palm print, their voice, etc. ,roviding
such personal information may mae some individuals fearful of identity theft in that unlie
a social security number or a ban account number, biometric identification characteristics
cannot simply be /reset4. If someones digiti"ed biometric identification such as a finger
print is stolen, then ho! can they prevent their identity from being used to lie, cheat, and
steal7 Indeed, facial scans and voice scans can be obtained and recorded !ithout the
consent and no!ledge of the person being scanned. +FI5 tags that are embedded or
0-;
attached to a persons clothing !ould allo! anyone !ith that particular tags fre&uency to
trac the exact movements of the /tagged4 person. For police tracing criminals that
!ould be a tremendous asset, but !hat if criminals !ere tracing people !ho they !anted
to rob or !hose property they !anted to rob !hen they ne! the person !ould not be at
home. Already one elementary school tried using +FI5 tags on students to trac
attendance, but stopped the program due to parental complaints and because the company
that donated the e&uipment decided to stop supplying the +FI5 tags to the school.
SUGGESTED SOLUTIONS TO THE PROBLEMS
8.1 #here is no single correct solution for this problem. Student responses !ill vary
depending on their experience !ith various businesses. $ne minimal classification scheme
could be highly confidential or top-secret, confidential or internal only, and public. #he
follo!ing table lists some examples of items that could fall into each basic category.
Bighly Confidential (#op
Secret)
Confidential (Internal) ,ublic
+esearch 5ata ,ayroll Financial Statements
,roduct 5evelopment 5ata Cost of Capital Security and Dxchange Commission
Filings
,roprietary *anufacturing
,rocesses
#ax *areting Information
,roprietary 3usiness ,rocesses *anufacturing Cost
5ata
,roduct Specification 5ata
Competitive 3idding 5ata Financial ,ro'ections Darnings Announcement 5ata
8.2 a. +ecord Count2 < records
Bash and Financial #otals are sho!n in the table belo!.
Dmployee
.umber ,ay +ate
Bours
@ored Aross ,ay 5eductions .et ,ay
1:1 ?.>8 ;0 F:<=.88 :>.>8 ::1.>8
1:; =.:> <8 :68.88 ?8.88 :;8.88
1:> ?.=> 68 ?8=.> <>8.88 >=.>8
1:: ?=.> <8 :=88.88 >88.88 ::88.88
<61 00 :80 ;0:<.>8 11;>.>8 :?=6.88
Bash #otal Bash #otal Bash #otal
Financial
#otal
Financial
#otal
Financial
#otal
b. Field Chec2 F:<= Aross ,ay for Dmployee 1:1 should not contain the F
symbol.
0-<
Se&uence Chec2 Dmployee 1:: is out of order. #his record should appear
directly after Dmployee 1:1.
Gimit Chec2 68 Bours @ored for Dmployee 1:> is probably too high.
+easonableness #est2 F<>8 in 5eductions for Dmployee 1:> seems too high given
a Aross ,ay of F>0=.>8..
Crossfooting 3alance #est2 F>=.>8 net pay for employee 1:> does not e&ual
F?8=.>8-F<>8. .et pay should be F1>=.>8 if the gross pay
and deductions are correct. In addition, the deductions for
employee 1:> also appear to be unreasonably high, so the
correct net pay should be much higher than F>=.>8.
.
0->
8.3
a. Field 1 - *ember number2
+ange chec to verify that the field contains only four digits !ithin the range of
8881 to 1;?0.
Ealidity chec on member number if a file of valid member numbers is maintained.
Field : - 5ate of flight start2
Chec that day, month, and year corresponds to the current date.
Field chec to verify that the field contains six digits.
Field ; - ,lane used2
Ealidity chec that character is one of the legal characters to describe a plane (A,
C, ,, or G).
Chec that only a single character is used. (field chec)
Field < - #ime of tae off2
+ange chec that both pairs of numbers are !ithin the acceptable range (first t!o
digits are !ithin range 88 to :;, and second t!o digits are !ithin the range 88 to
>6).
Field chec to verify that the field contains four digits.
Field > - #ime of landing2
+ange chec that both pairs of numbers are !ithin the acceptable range described
for field <.
+easonableness test that field > is greater than field <.
b. Five of the six records contain errors as follo!s2
1st - @rong date is used (.ov. ;1 instead of .ov. 1).
:nd - *ember number is outside range (<111 is greater than 1;?0).
<th - ,lane code is not legal.
>th - *ember number contains a character.
?th - ,lane landing time is earlier than the tae off time.
c. $ther possible controls to prevent input errors are2
user I5 numbers and pass!ords to limit system access to authori"ed personnel.
compatibility test to ensure that authori"ed personnel have access to the correct
data.
prompting to re&uest each re&uired input item.
0-?
preformatting to display an input form including all re&uired input items.
completeness chec on each input record to ensure all item have been entered.
default values such todayHs date for the flight date.
closed-loop verification (member name !ould appear immediately after the
member number)
(S*AC Dxamination, adapted)
8.4 5ifferences bet!een the correct batch total and the batch totals obtained after processing2
(a) (b) (c) (d)
F:6,;<1.:0 F:6,;<1.:0 F:6,;<1.:0
F:6,;<1.:0
-:<,800 .=: -:6,<;1 .:0 -;8,;<1 .:0 -:=,>=0 .??
F >,:>:.>? F (68.88) F(1,888.88) F 1,=?:.?:
Analysis of these differences2
a. #he difference of F>,:>:.>? is not divisible evenly by 6, !hich rules out a transposition
error. #he difference affects multiple columns, !hich rules out a single transcription
error. #he difference amount is not e&ual to any of the entries in the first batch total
calculation, !hich rules out an error of omission. 5ividing the difference by : gives
F:,?:?.:0, !hich is one of the entries in the first calculation. *ore careful inspection
reveals that this amount has been inadvertently subtracted from the second batch total
calculation rather than added.
b. #he difference of F68 is evenly divisible by 6, !hich suggests the possible transposition
of ad'oining digits in the hundredths and tenths columns. *ore careful inspection
indicates that the amount F<,>??.0? from the first calculation !as incorrectly
transposed to F<,?>?.0? in the second calculation.
c. A difference of F1,888 represents a discrepancy in only one column, the thousandths
column. A possible error in transcribing one digit in that column is indicated. *ore
careful examination reveals that the amount F:,==:.<: from the first calculation !as
incorrectly recorded in the second calculation as F;,==:.<:.
d. #he difference of F1,=?:.?: exists in multiple columns and is not divisible evenly by 6.
Bo!ever, this amount is e&ual to one of the entries in the first calculation. Inspection
reveals that this item !as inadvertently omitted from the second calculation.
0-=
8.5
#he follo!ing edit checs might be used to detect errors during the typing of ans!ers to the input
cues2
Ealidity chec of operator access code and pass!ord C ensures that the operator is
authori"ed to access computer programs and files. Also use of expense account I
- ensures that proper expense account number is used.
Compatibility test of operator re&uest to access payroll file C ensures that this
operator has been granted authority to access and modify payroll records.
Field chec C ensures that numeric characters are entered into and accepted by the
system in fields !here only numeric characters are re&uired- e.g., numbers 8-6 in a
social security number.
Field chec C ensures that letters are entered into and accepted by the system in
fields !here only letters are re&uired- e.g., letters A-J in employee name.
Field chec C ensures that only specific special characters are entered into and
accepted by the system !here only these special characters are re&uired- e.g.,
dashes in a social security number.
Sign chec C ensures that positive or negative signs are entered into and accepted
by the system !here only such signs are re&uired to be entered or that the absence
of a positive or negative sign appears !here such an absence is re&uired- e.g.,
hours !ored.
Ealidity chec C ensures that only authori"ed data codes !ill be entered into and
accepted by the system !here only such authori"ed data codes are re&uired- e.g.,
authori"ed employee account numbers.
+ange chec C ensures that only data values !ithin a predetermined range !ill be
entered into and accepted by the system- e.g., rate per hour for ne! employees
cannot be lo!er than the minimum set by la! or higher than the maximum set by
management.
0-0
Si"e chec C ensures that only data using fixed or defined field lengths !ill be
entered into and accepted by the system- e.g., number of dependents re&uires
exactly t!o digits.
Chec digit C ensures that only specific code numbers prepared by using a specific
arithmetic operation !ill be entered into and accepted by the system. #his may not
be needed if the more po!erful validity checs are properly used.
Completeness test C ensures that no blans !ill be entered into and accepted by
the system !hen data should be present- e.g., an %S% or %*% is entered in response
to single or married7
$verflo! chec C ensures that no digits are dropped if a number becomes too
large for a variable during processing- e.g., hourly rates %on si"e errors% are
detected.
Control-total chec C ensures that no unauthori"ed changes are made to specified
data or data fields and all data have been entered.
+easonableness test C ensures that unreasonable combinations of data are re'ected-
e.g., overtime hours cannot be greater than "ero if regular hours are less than <8.
Gimit chec C ensures that inputs do not exceed a specified limit- e.g., overtime
hours cannot exceed <8.
(C,A Dxamination, adapted)
0-6
8.6 a. #he computer security !eanesses present at Aleicen Corporation that made it
possible for a disastrous data loss to occur include2
inade&uate attention by top management to D5, facilities planning and security
concerns.
housing the data processing facility in a building !ith exposed !ooden beams and
a !ood-shingled exterior, rather than in a building constructed of fire retardant
materials.
lac of a sprinler (Balon) system, a fire suppression system under a raised floor,
and fire doors.
preparing tape bacups too infre&uently (!eely).
data and program tapes, especially the bacup copies, should not be stored on
open shelves in the data processing area. @oring copies should be stored in a
separate library area constructed of fire retardant materials, !hile bacup copies
should be stored off-site.
lac of a !ritten disaster recovery plan !ith arrangements in place to use an
alternate off-site computer center in the event of a disaster or an extended service
interruption. @hile a phone list of data processing personnel exists, there is no
indication that responsibilities have been assigned as to actions to be taen in the
event of a disaster.
lac of complete systems documentation ept outside the data processing area.
inade&uate casualty insurance coverage.
b. #he components that should have been included in the disaster recovery plan at
Aleicen Corporation in order to ensure computer recovery !ithin =: hours include
the follo!ing2
A !ritten disaster recovery plan should be developed !ith revie! and approval by
senior management, data processing management, end-user management, and
internal audit.
3acup file copies should be prepared at least daily. 3acup files and programs
should be stored at a secure off-site location that can be easily accessible in an
emergency.
#he disaster recovery team should be organi"ed. Select the disaster recovery
manager, identify the tass, segregate into teams, develop an organi"ation chart for
0-18
disaster procedures, match personnel to team sills and functions, and assign duties
and responsibilities to each member.
#he duties and responsibilities of the recovery team include obtaining use of a
previously arranged alternate data processing facility- activating the bacup system
and net!or- retrieving bacup data files and programs- restoring programs and
data- processing critical applications- and reconstructing data entered into the
system subse&uent to latest saved bacupKrestart point.
c. Factors, other than those included in the disaster recovery plan itself, that should be
considered !hen formulating the plan include2
arranging business interruption insurance in addition to liability insurance.
ensuring that all systems and operations documentation is ept up to date, and that
bacup copies are maintained off-site, easily accessible for use in case of disaster.
performing a risKcost analysis to determine the level of expense that may be
'ustified to obtain reasonable, as opposed to certain, assurance that disaster
recovery can be achieved in =: hours. For example, is the purchase of a duplicate
hard!are set-up at another location 'ustified.
d. $ther threats (besides fire) from !hich Aleicen should have protected itself are2
earth&uae
theftKburglary
intense sunlight through the sylights
(C*A Dxamination, adapted)
8.7 Student solutions !ill vary depending on the template they select. #emplates are available
in Adobe ,5F or *icrosoft @ord format.
0-11
0-1:
8.8
0.0 (Cont.)
#he follo!ing represents one !ay to solve this problem. #o chec student solutions, the
instructor !ill have to collect electronic copies of this assignment to verify that students have
implemented the checs assigned in the problem.
Supporting Formulas2
F> (*onthly ,ayment)2 H,*#(+ateK1:,,*#sL1:,-*ortgage)
F0 (#otal Interest ,aid)2 HSM*(C1;2C;=:)
F6 (,rincipal ,aid)2 HSM*(D1;2D;=;)
A? (@arning)2 HIF(F?NF>L8.>,%@arning2 Dxtra principal payment is greater than >8O of the
total regular payment%,%%)
A1: (3eginning 3alance)2 HP*ortgage
A1; (,ayment .umber)2 HIF(+$@S(FAF1;2A1;)N,*#sL1:,8,+$@S(FAF1;2A1;))
31; (,rincipal balance at beginning of period)2 HIF(A1;H8,8,IF(A1:QH8,8,A1:))
C1; (Interest)2 HIF(A1;H8,8,IF(31;H8,8,I,*#(+ateK1:,A1;,,*#sL1:,-*ortgage)))
51; (,rincipal)2 HIF(A1;H8,8,IF(31;H8,8,,,*#(+ateK1:,A1;,,*#sL1:,-*ortgage)))
D1; (*onthly ,rincipal P Dxtra ,rincipal ,ayment)2 HIF(A1;H8,8,IF(31;H8,8,IF(B1;H8,P51;P
FFF?PA1;,P51;PFFF?)))
F1; (Cumulative ,rincipal)2 HPF1:PD1;
A1; (,rincipal balance at end of period)2 HIF(A1;H8,8,IF(31;H8,8,*ortgage-
(SM*(F5F1;251;)PFFF?LA1;)))
B1; (*arer)2 HIF(A1;NH8,1,8)
5ata Input Controls2
Field chec to ensure only numeric data is entered in the /Gife of loan in years42
0.0 (Cont.)
+ange chec to ensure that annual interest rates must be bet!een <O and 6O inclusive2
0.0 (Cont.)
Gimit chec to verify that the amount of the loan is than F;88,8882
0.0 (cont.)
+easonableness test2 amount of extra principal payment cannot be greater than >8O of the initial
total monthly payment2
Cell Formula A?2 HIF(F?NF>L8.>,%@arning2 Dxtra principal payment is greater than >8O of the
total regular payment%,%%)
Cross-footing balance checs to verify that total amount paid in principal plus extra principal over
the life of the loan e&uals original loan amount2
Cell Formula F62 HSM*(D1;2D;=;)
Cell Formula D1; to end of the column2 HIF(A1;H8,8,IF(31;H8,8,IF(B1;H8,P51;P
Although this is not strictly a cross-footing balance, for an Dxcel based repayment schedule that
does not employ any Eisual 3asic programming code, this is an effective method to chec for any
overpayment over the life of the loan !hen additional payments are included. #herefore, students
should be !arned in advance that a strict cross-footing balance may not be possible and to be
flexible and to thin creatively in meeting the control re&uirements of this problem.
0.0 (Cont.)
Conditional limit chec to calculate the final extra principal payment so that it does not reduce the
outstanding balance belo! "ero2
Cell Formula D1; to end of the column2 HIF(A1;H8,8,IF(31;H8,8,IF(B1;H8,P51;P
Cell Formula B1;2 HIF(A1;NH8,1,8)
For an Dxcel based repayment schedule that does not employ any Eisual 3asic programming code,
this is an effective method to chec for the final payment over the life of the loan !hen additional
payments are included. #he /*arer (column B)4 cell is used to trac !hen the balance at the
end of the period goes negative- i.e., the loan has been repaid, but the last normal payment
exceeds the last remaining balance. #he final payment is then e&ual to the normal payment less
the amount that !ould be overpaid if a full normal payment is made as the final payment on the
loan. #he final payment is the found as the last the last non-"ero amount in the /*onthly
,rincipal P Dxtra ,rincipal ,ayment4 column. #herefore, students should be !arned in advance
to be flexible and to thin creatively in meeting the control re&uirements of this problem.
8.
#ype of 3acup #ime to 3acup Si"e of 3acup #ime to +estore
A Full 5aily 3acup ;88 *inutes (> days L
?8 minutes)
:>8 A3 (> days L >8
A3)
;88 *inutes (> days
L ?8 *inutes)
#otal ;88 *inutes :>8 *inutes ;88 *inutes
3 Full @eely
3acup
?8 *inutes >8 A3 ?8 *inutes
5aily Incremental
3acup
>8 *inutes (> days L
18 minutes)
<8 A3 (> days L 0
A3)
:> *inutes (> days L
> minutes)
#otal 118 *inutes 68 *inutes 0> *inutes
C Full @eely
3acup
?8 *inutes >8 A3 ?8 *inutes
5aily 5ifferential
3acup
=> *inutes (> days L
1> minutes)
;8 R 1>8 A3 (> days
L ?-;8 A3)
<8 *inutes (> days L
0 minutes)
#otal 1;> *inutes 08 R 108 *inutes 188 *inutes
#he full !eely bacup !ith a daily incremental bacup is the best options based on time to
bacup, si"e of bacup and the time to restore.
8.1! (.ote2 In order to access the =? page control frame!or, students must first register on
the !ebsite !ith ISACA.)
#rust Services Frame!or ,rinciple
Cobit Control $b'ective Securit
y
Confidentialit
y
,rivacy ,rocessing
Integrity
Availability
,$1 R 5efine a strategic
I# plan
C C C C C
,$: R 5efine the
information architecture
C C C C C
,$; R 5etermine
technological direction
C C
,$-< 5efine the I#
processes, organi"ation
and relationships
C C C
,$-> *anage the I#
investment
,$-? Communicate
management aims and
direction
C
,$-= *anage I# human
resources
C
,$-0 *anage &uality C C
,$-6 Assess and manage
I# riss
C C C
,$-18 *anage ,ro'ects
AI1-Identify automated
solutions
C
AI:-Ac&uire and maintain
application soft!are
C C C
AI;-Ac&uire and maintain
technology infrastructure
C C
AI<-Dnable operation and
use
C C
AI>-,rocure I# resources C
AI?-*anage changes C C
AI=-Install and accredit
solutions and changes
C C
Cobit Control $b'ective Securit
y
Confidentialit
y
,rivacy ,rocessing
Integrity
Availability
5S1-5efine and manage
service levels
C
5S:-*anage third-party
services
C C C C
5S;-*anage performance
and capacity
C
5S<-Dnsure continuous
service
C C C
5S>-Dnsure systems
security
C C C C
5S?-Indentify and allocate
costs
5S=-Dducate and train
users
C
5S0-*anage service des
and incidents
C
5S6-*anage the
configuration
C
5S18-*anage problems C C
5S11-*anage data C C C C C
5S1:-*anage the physical
environment
C C C C C
5S1;-*anage operations C C C C
*D1-*onitor and
evaluate I# performance
C C
*D:-*onitor and
evaluate internal control
C C
*D;-Dnsure compliance
!ith external re&uirements
C
*D<-,rovide I#
governance
C C
8.11
a. +easonableness chec bet!een fields indicating salaried and hours field.
b. All files should have header labels to identify their contents, and all programs should
chec these labels before processing transactions against the file.
c. A field chec should be performed to chec !hether all characters entered in this field
are numeric. #here should be a prompt correction and re-processing of erroneous
transactions.
d. A reasonableness test of &uantity ordered relative to the product if >8 is an unusually
large number of monitors to be ordered at one time. Closed-loop verification to mae
sure that the stoc number matches the item that is ordered.
e. An uninterruptible po!er system should be used to provide a reserve po!er supply in
the event of po!er failure.
f. Fireproof storage and maintenance of duplicate files at an off-site location.
g. A reasonableness test of &uantity on hand.
h. A completeness chec to chec !hether all re&uired fields !ere filled in.
i. Chec digit verification on each customer account number and a validity chec for
actual customers should have caught this error.
'. A si"e chec !ould prevent <88 characters from being entered into a field that allo!s
for only > characters.
. Concurrent update controls protect records from errors !hen more than one salesman
tries to update the inventory database by locing one of the users out of the database
until the first salesmans update has been completed.
l. A limit chec based on the original sales date.
m. Chec digit verification on each customer account number and a validity chec for
actual customers and closed loop verification.
n. Chec digit verification on each customer account number and a validity chec for
actual customers and closed loop verification.
o. A completeness chec for all payroll checs and a hash total using employee numbers.
p. Dncrypting the email containing the bid !ould have prevented the competitor from
reading the email even if they could have intercepted the email.
&. ,arity checs and echo checs !ill test for data transmission errors.
8.12 (Adapted from C*A Dxam. Sune 166<, ,art <, Tuestion ;)
a.
1. Systems documentation is prepared !hen someone has the time to do it, conse&uently,
documentation !ill liely be incomplete and not current.
:. #he systems and programming staff have access to the computer room !ithout
supervision of the operations staff. #he programmers could alter the data files or
operational programs.
;. #he location of the computing facility on the ground floor behind large plate glass
!indo!s invites attention, ris exposure, and ris of damage due to flooding.
<. #here does not appear to be any regularly scheduled bacups.
b.
1. $ff-site alternatives for continuation of service including contingency plans for
temporary operations, hot sites, vendor sites, service bureau sites, etc. *onster*ed
should maintain arrangements !ith computer e&uipment vendors to provide
availability of hard!are to replace damaged hard!are as soon as practical.
:. $ff-site storage of program and data files, documentation, and supplies.
;. 5etailed procedures for recovery including instructions for obtaining off-site storage,
planning a communications lin bet!een head&uarters and the emergency site, as !ell
as telephone and cell phone numbers of all team members.
<. ,rocedures for on-going control and maintenance of a temporary cite.
>. #esting and training for plan implementation including testing each department
individually, testing the !hole plan- i.e., a moc disaster, trial runs, testing bacup
procedures, testing restore operations, and recording test results.
(C*A Dxamination, adapted)

Cha 8 Solutions Manual 11th Ed

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cha 8 Solutions Manual 11th Ed

Uploaded by

Copyright:

Available Formats

Accounting Information Systems

You might also like