Scribd
Upload
468 views

Controls in Cis

Controls in a computer information system (CIS) environment aim to ensure correct, complete, and reliable processing of data as it moves into, through, and out of the computer system. There are three categories of controls: feedback, feed-forward, and preventive. Additionally, the document outlines specific controls for organization structure, documentation, access, input, processing, recording, storage, and output that help maintain integrity and security across the CIS. Key controls include segregation of duties, limited access, transaction logging, error handling, and output verification.

Uploaded by

nhb
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
468 views

Controls in Cis

Controls in a computer information system (CIS) environment aim to ensure correct, complete, and reliable processing of data as it moves into, through, and out of the computer system. There are three categories of controls: feedback, feed-forward, and preventive. Additionally, the document outlines specific controls for organization structure, documentation, access, input, processing, recording, storage, and output that help maintain integrity and security across the CIS. Key controls include segregation of duties, limited access, transaction logging, error handling, and output verification.

Uploaded by

nhb
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Review of Checks and Controls in a CIS Environment

General controls in a CIS environment falls under the three basic control approaches as seen
under manual system, i.e. Feedback, feed-forward and preventive control. Apart from the three -
fold categorization computer based information system also required different controls, though
the emphasis is on preventive controls, Controls are present over many aspects of the computer
system and its surrounding social environment. They operate over data moving into, through
and out of the computer to ensure correct, complete and reliable processing and storage. There
are other controls present over staff, staff involvement with the computer and access to data.
Further controls are effective at preventing deterioration or collapse of the
entire computing function.
Erroneous data processing by a computer system is likely to be the result of incorrect data
input. This is the major point at which the human interfaces with the machine and it is here
where important controls are placed.
Review Process 
(1) Organization Structure 1 Control - CIS function in an organization need to be so organized
that different groups are formed to perform different duties in a large CIS
installation. Some of the typical function that must be performed by select group includes:
a. Data Administrator
b. Database Administrator
c. System Analyst
d. System Programmers
e. Application Programmers
f. Operation Specialist
g. Librarian
(2) Documentation Control - Systems and programs as well as modifications, must be
adequately documented and properly approved before being used: Documentation ordinarily
assumes the following form:
a. A system flowchart;
b. A program flowchart;
c. Program change;
d. Operator instructions;
e. Program description (explaining the purpose for each part of the program)
Adequate documentation evidencing approval of changes minimises the probability of
unauthorized system and program changes that could result in loss of control and decreased
reliability of financial data.
(3) Access Control - Access controls are usually aimed at for preventing unauthorized access.
The controls may seek to prevent persons who are authorised for access from
accessing restricted data and program, as well as preventing unauthorized persons from
gaining access to the system as a whole.
a. Segregation Controls
b. Limited Physical Access to the computer Facility
c. Visitor entry Logs
d. Hardware and Software access controls
e. Call back
f. Encryption
g. Computer Application Controls
(4) Input Controls - Input into the CIS system should be properly authorized and approved. The
system should verify all significant data fields used to record information i.e., Should
perform editing of the data. Conversion of data into machine readable form should be controlled
and verified for accuracy.
(a) Pre-printed form - All constant information be printed on a source document. For example, if
only limited number of responses to a question is considered appropriate then preprint the
responses and have the user tick or circle the correct responses deleting those that are
inappropriate.
(b) Check Digit - Errors made in transcribing and keying data can have serious consequences.
One control used to guard against these types of errors is a “Check Digit’. A Check Digit is a
redundant digit (5) added to a code that enables the accuracy of other characters in the code to
be checked. The check digit can act as a prefix or suffix character or it can be placed
somewhere in the middle of the code. When the code is entered, a program recalculates the
check digit to determine whether the entered check digit and the calculated check digit are the
same. If they are the same, the code is most likely to be correct.
(c) Completeness Totals - To input data erroneously is one type error. To leave out or lose data
completely is another type of error against which controls are provided.
(5) Processing Controls - When input has been accepted by the computer, it usually is
processed through multiple steps. Processing controls are essential to ensure the integrity of
data. Almost all of the controls mentioned under input may also be incorporated during
processing stage. Processing validation checks primarily ensure that computation performed on
numeric fields are authorized, accurate, and complete.
(6) Recording Control - Recording controls enable records to be kept free of errors and
transactions details that are input into the system.
(a) Error Log - This is particularly important in batch entry and batch processing system. Many
of the accuracy checks can only be carried to during run time processing. It is important that a
detected error does not bring the run to a halt, on discovery, the erroneous transaction is written
to a error log file, which is examined at the end of processing. The errors can then be corrected
or investigated with the relevant department before being input and processed.
(b) Transaction Log - The transaction log provides a record of all transactions entered into the
system as well as storing transaction details such as the transaction reference number, the
date, the account number, the type of transaction the amount and the debit and credit
references. The transaction will be "Stamped” with details of input. These typically include
 input time, input date, input day, terminal number and user number. It is used for multi-acoess
main frame systems accounting transactions. The transaction log can form the basis of an
audit trail and may be printed out for investigation during an audit.
(7) Storage Control - These controls ensure the accurate and continuing and reliable storage
of data. Data is a vital resource for an organization and is the heart of CIS activities. Special
care must be taken to ensure the integrity of the database or file system. The controls are
particularly accidental erasure of files and the precision of back-up and recovery facilities.
(8) Output Control - Output control ensures that the results of data processing are accurate,
complete and are directed to authorize recipient. The auditor should examine whether audit trail
relating to output was provided and the date and time when the output was so provided. This
would enable the auditor to identify the consequences of any errors discovered in the output.

You might also like