WORKED EXAMPLES ON CONTROL OF INFORMATION SYSTEMS AUDIT AND SECURITY.

By -

CONTROL OF INFORMATION SYSTEMS AUDIT AND SECURITY

WORKED EXAMPLES

12.1 A college has 1500 students whose final examination results are declared using computer processing. There are 5 subjects, each carrying 100 marks. Classes are awarded as follows: Marks 60 or above I Class, 50 or above II Class, below 50 Fail. Devise an appropriate control scheme for processing results.

Control Measures

(i) Organizational measures. Each examiner who grades papers sends a separate list for batches of 50 students, number of students getting >= 60, number getting >= 50 and number below 50.

Data entry is done by a person different from the one who enters control information. Control total check from the computer is seen by the head examiner and compared with information on each batch sent by different examiners.

(ii) Input preparation control. Roll nos. appended with self-checking digit using modulus-11 system.

Records stored roll no. wise and sequence checked while processing. Total no. of records in each batch is counted and entered in the control record.

Each mark entered is checked if it is <=100 or >= 0.

If marks in subject P is <= 10 and subject K >= 90 such records are marked and retrieved for inspection.

(iii) Control totals. Make batches of 50. For each batch, total marks in a specified subject. In another subject count no. of students with marks >= 60 and enter no. in control record. Count total records.

Processing Control

Proof figure. In each student record one more field is added which is (100 – marks in subject 2). In processing in each batch this field is added together. The sum of subject 2 marks is also got as control total in each batch. Let N be the no. of records in each batch. Then sum of (100 – marks in subject 2) + sum of marks in subject 2 = 100 * N. This is checked. Checkpoint restart is provided during processing after every 150 seconds.

12.2 What is an audit trail?

Audit trail provides the means of pinpointing where an error occurred once an error is detected.

12.3 What is the difference between control and audit?

Controls are essential to enable an auditor to check the correctness of a system. An auditor checks whether controls put in a system are adequate.

12.4 What is an audit package? Enumerate some of the important features of an audit package.

An audit package is a program developed by an auditor to check whether processing is done by a system as per specifications. Audit packages have features to

(i) Extract data satisfying a specified criterion.

(ii) Total specified fields for inspection.

(iii) Check specified selected fields for inspection.

(iv) Check totals of specified sets with certain characteristics.

(iv) Matching data files with an auditor’s own file.

12.5 What is the purpose of security measures in an information system?

Security measures are used to protect data and programs from accidental loss or theft. They also protect the system from unauthorized access, unauthorized change or copying.

12.6 What is the difference between security and privacy? Do secure systems ensure privacy?

Security is concerned with protecting data and programs of organizations. Privacy is concerned with the need of secrecy of data regarding individuals. For example data on payroll may be secure if it is properly protected from fire, corruption etc. If an authorized person who has access to this

12.7 What is the difference between security measures and control measures?

The security measures are to protect data whereas controls are to ensure that all data is processed and processed data is correct.

12.8 Is a password system sufficient to ensure security of access to files?

No. Passwords can be broken by sustained effort. Double protection is slightly better. In this case two different passwords should be used. After the first password is accepted a second password is needed. Data stored may also be transformed and stored using a secret code (called encryption).

12.9 How can privacy be ensured in an information system?

By proper legal protection given to individuals data. Requiring an individual’s written permission to divulge data on him/her.

12.10 Why are system tests necessary?

System tests are necessary to ensure that a system conforms to specifications during operation, meets user requirements, controls function effectively, and its outputs are correct.

12.11 What are the objectives of system tests?

The main objectives of system testing are:

• To ensure that during operation the system will perform as per specifications.

• To make sure that the system meets users’ requirements during operation.

• To verify that the controls incorporated in the system function as intended.

• To see that when correct inputs are fed to the system the outputs are correct.

• To make sure that during operation, incorrect input, processing and outputs will be detected.

12.12 What is the difference between a pilot test and a parallel test?

In pilot test a set of transactions which have been run on present system are collected. Results of their processing on the existing manual system are also kept. This set is used as test data when a computer-based system is initially developed. The two results are matched. The reason for any discrepancy is investigated to modify the new system.

In parallel tests, both manual and computer-based systems are run simultaneously for a period of time and the results from the two systems are compared. It is good method for complex systems but is expensive.

Comments

Post a Comment

Popular posts from this blog

WORKED EXAMPLES ON PROCESS SPECIFICATION.

By -
Image
PROCESS SPECIFICATION WORKED EXAMPLES 6.1 A bank has the following policy on deposits: On deposits of Rs. 5000 and above and for three years or above the interest is 12%. On the same deposit for a period less than 3 years it is 10%. On deposits below Rs. 5000 the interest is 8% regardless of the period of deposit. Write the above process using (i) Structured English (ii) A decision table 6.2 An organization maintains an employee file in which each record has following data: { Employee No., employee name, employee gross pay}. It has been decided to increase the pay as per the following formula: For pay of Rs. 1000 or less increase 15%. For pay of more than Rs. 1000 but up to Rs. 2500 increase 10%. For pay over Rs. 2500 increase 5%. (i) Writ e a structured English processing rule corresponding to the above policies. (ii) Express the policies as a decision table. (i) While employee records left in file do Read Number, name , gross pay 6.3 An offshore gas company bills it
Read more

Why do we need information systems, management structure, requirements of information at different levels of management.

By -
Image
Why do we need information systems, management structure, requirements of information at different levels of management NEED FOR INFORMATION SYSTEMS Information systems are needed when timely processing for fast action is needed, same data has to be processed in different ways and when organizations require innovative processing. MANAGEMENT STRUCTURE Functional areas of management are as follows: •PRODUCTION • MARKETING • MATERIALS – purchase, stores • FINANCE –Accounts • HUMAN RESOURCE DEVELOPMENT(HRD) • RESEARCH AND DEVELOPMENT (R&D) INFORMATION FOR MANAGEMENT A Production Management The following type of information is needed in production management: Strategic Information: 1)Yearly and monthly production quotas and alternate schedules 2)Policies on machine replacement, augmentation and modernization. 3)Identifying best product mix. Tactical Information 1)Identifying and controlling areas of high cost. 2) Identifying critical bottlenecks in production. 3)
Read more

The User Interface:Establishing User Interfaces

By -
Image
The User Interface Establishing User Interfaces The success factors in analysis start with the established interfaces from day one. What does this mean? You must start the process by meeting with the right people in the organization. In the best projects, the process is as follows: 1. Executive interface: There needs to be an executive-level supporter of the project. Without such a supporter, you risk not being able to keep the project on schedule. Most important, you need a supporter for the political issues that you may need to handle during the project (discussed in detail later). The executive supporter, sometimes known as a sponsor (JAD reference), should provide a preliminary schedule advising the organization of what is expected and the objectives of the project. The executive supporter should attach a letter to the preliminary schedule and send it to the project team members. The letter must put the importance of the project into perspective. Therefore, it is strongly rec
Read more