Ch09 - Process Control in MIS-Gelinas

Chapter 9

Controlling Controlling

Information Information Systems:Systems:

Process ControlsProcess Controls

Learning Objectives

To be able to prepare a control matrix

To describe the generic process control plans introduced in this chapter

To describe how these process controls accomplish control goals

To describe why these generic process controls are important to organizations with enterprise systems and those that are engaged in e-business

Control Matrix

Tool to determine appropriate control plans and relate them to control goals

Elements of matrix: Control Goals Recommended Control Plans Cell entries Explanations / details for each plan

Elements of the

Control Matrix

FIGURE 9.1FIGURE 9.1

Causeway Company Annotated Systems Flowchart


Steps in Preparing the Control Matrix Review system flowchart and related

narrative Identify business process Important resources Input, output, storage Master data being updated

List goals related to process List set of recommended control plans

Steps in Preparing the Control Matrix (cont’d) Examine flowchart and narrative

Try to identify problem/weak spots, opportunities for control For implemented control plan, indicate “P-1, P-2, etc” For missing control plan, enter “M-1, M-2, etc”

At bottom of control matrix Provide short statement about how each existing control

plan satisfies related control goal. Provide statement about the significance of each missing

control plan.

Systems Flowchart Data Entry Without

Master Data Available



Control Matrix for Data Entry

Without Master Data

KEY:Possible operations process goals include:A = To ensure timely processing of (blank) event dataB = (describe)

IV = input validityIC = input completenessIA = input accuracyUC = update completenessUA = update accuracy

Online Processing Control Plans P-1: Document design

Source document is designed in such a way that makes it easier to prepare initially and later to input data from the document.

P-2: Written approvals Requiring a signature or initials on a document to

indicate that a person has authorized the event.

Online Processing Control Plans (cont.) P-3: Preformatted screens

Help guide entry of data. Data type, field length, input masks. Cursor moves to fields. Goal – reduce mistakes

P-4: Online prompting Program prompts user to work in sequence and

asks questions that control operations. Context-sensitive help (intelligent agent) Lookup wizards

Online Processing Control Plans (cont.) P-5: Programmed edit checks

Automatically performed when data entered. Reasonableness (limit checks): tests whether

data fall within predetermined limits (e.g.,< $5,000/week pay).

Check digit verification – control built into account numbers. Example – account #123 becomes #1236

Math accuracy: does math independently; checks user’s calculations.

Online Processing Control Plans (cont’d) P-5: Programmed edit checks (cont’d)

Format checks—tests format on input Missing data Alpha in alpha fields; numbers in numeric fields Input field proper size Input field within set range (example: customer gender)

P-6: Interactive feedback checks Feedback to user that entry is accepted/rejected.

Online Processing Control Plans (cont’d) P-7: Procedures for rejected inputs

Designed to ensure that rejected data (not accepted for processing) are corrected and resubmitted for processing.

M-1: Key verification Documents keyed by one individual and rekeyed

by another individual. Very expensive technique

Additional issues in data entry controls Automation – scanning of documents, bar

codes Entry of customer data may be unnecessary

if EDI or e-business methods are used Integrated IS and ERP systems eliminate

need for data entry between different parts of organization

Security Controls

Critical in e-business VISA recommends the following items:

network firewall security patches encryption of stored and transmitted data use of updated anti-virus software access controls – user IDs / passwords screening of employees with access to data secured access to hardware / disks destroy unneeded records

Systems Flowchart Data Entry with

Master Data Available

Control Matrix for Data Entry

with Master Data


IV = Input validityIC = Input completenessIA = Input accuracyUC = Update completenessUA = Update accuracy

Key: Operations ProcessPossible operations include:A = Ensure timely processing of order event dataB = (describe)

Systems Flowchart Data Entry with

Batches


Control Matrix for Data Entry with Batches


KEY: Operations processPossible operations process include:A = To ensure timely processing of shipping event dataB = (describe)

IV = input validityIC = input completenessIA = input accuracyUC = update completenessUA = update accuracy

Control Plans: Batch Calculate batch totals -

Document/record counts Item or line counts Dollar totals Hash totals - total of fields not normally totaled

Example: invoices, parts, and social security numbers.

Computer agreement of batch totals Batch total calculated manually and entered with

batch. Computer accumulates batch total during processing. Computer generates report comparing totals.

Control Plans: Batch (cont.) Manual agreement of batch totals

Similar to above except manually calculated batch totals not submitted to computer.

Computer produces report with batch total. Person compares two and takes appropriate action.

Sequence checks Controlling sequentially numbered documents

Accounting for all numbers in sequence to find missing documents.

Applies to sequentially numbered batches of documents to ensure they are in order.

Control Plans: Batch (cont’d) Key verification

Extremely expensive control plan where a second data entry person keys in source data to compare with data already entered. Rarely used in practice.

Written approvals A requirement that handwritten signatures be affixed

to documents indicating approval/authorization. Computer preparation of business documents

Part of output of computer process More efficient (and legible) than manual processes

Control Plans - Batch (cont’d) Rejection procedures

Establish procedures to be followed when errors are entered and erroneous records rejected by computer.

Rejected records may written to a suspense file and require periodic follow-up.

Prerecorded data Examples: serial numbers, MICR a/c #s, dept. #s Printed on forms so that manual entry is not required. Turnaround documents

Prerecorded data to capture input on subsequent processing. Example: RA stub attached to invoice.

Computer Agreement of Batch Totals Control Plan
