NowtAdminCase Studiesmodule1Module2Module3Module4Module5Module6Glossary

  
nowtOrganisational StructureLife Cycle of MISCorperate StrategyInformation Data and KnowledgeManagement of ChangeLegal IssuesTrainingProject ManagementInformation and the Professionalnowt
endlegal AspectsAudit RequirementsDisaster RecoveryControlling the SystemRisk AnalysisLegislationH&SQuestions 1Questions 2end
 

Controlling the system

Input Controls

These controls are intended to ensure that the data entered is accurate and complete. Validation techniques covered in Core 2 forms a part of any input control strategy. Other techniques include:

Input Authorisation Any input must be properly authorised - perhaps only restricted staff could be allowed to enter data. Source documents might be sequentially numbered to help provide an audit trail or detect missing or added documents. A further signature may be needed to authorise a document or batch of documents for input.
Control Totals Transactions are grouped into batches and control totals (document count, total of one or more numeric fields etc.) calculated. This will detect lost or added documents and also mis-entry of data.

Processing Controls

These controls relate to data that is being processed. Validation is again appropriate to test that the results of processing are complete and reasonable. In addition results can be matched against data already stored - for example comparing this quarter's gas bill with the same quarter last year.

Output Controls

Output can be compared to input - e.g. total number of cheques printed compared to total number of different firm's invoices entered.

Personnel Controls

Employees are often in a position of trust and it is therefore possible for them to abuse that trust to commit fraud. A variety of personnel controls are available to minimise the opportunity for an employee to commit fraud.

Segregation of Duties Ensures that no one employee is responsible for all aspects of a job. In particular the data control, data preparation and computer operation elements of a job would be distributed amongst a number of employees. For example employee A calculates the control totals, B prepares the data and C inputs it.
Job Rotation Employees rotated through jobs at random intervals
Enforced Vacations Employees must take their holiday entitlement with other employees taking over their work while they are on holiday.
Restricted Access Employees granted access to data on a need to know basis rather than on seniority.
   

© LEV