Information System Control
Information system controls are methods and devices that attempt to ensure the accuracy, validity and
propriety of information system activities. It is design to monitor and maintain the quality and security
of the input, processing, output, and storage activities of any information system.
Example include password and other security codes, formatted data entry screen, audible error signals, templates over the keys of keys-driven input devices, and prerecorded and prenumbered forms. Input of source documents can also be controlled by registering them in a logbook when they are received by data entry personnel. Real-time system that use direct access files frequently recorded all entries into the system on magnetic tape control logs that preserve evidence of all system inputs. Computer software can include instruction to identify incorrect, invalid, or improper input data as it enters the computer system. For example, a data entry program can check for invalid codes, data fields, and transactions. Also, the computer can be programmed to conduct ‘reasonableness checks’ to determine if input data exceed certain specific limits or are out or sequence. This includes the calculation and monitoring of selection control totals.
Data entry and other system activities are frequently monitored by the use of control totals. For example, a record count is a control total that consists of counting the number of sources documents or other input preparation. If the forms of control do not match, a mistake has been made. Batch totals and hash totals are other batch of transactions, such as the sales documents in a batch of sales transactions. Hash totals are the sum of data fields hat are added together for control comparisons only, for example, employee Social Security numbers could be added to produce a control total in the input preparation of payroll documents.
Brien (1997, p. 479) states that “Output control are developed to ensure that information products are correct and complete and are transmitted to authorizes users in a timely manner. For example, output documents and reports are frequently logged, identified with route slips, and visually verified by input/output control personnel. Control totals on output are usually compared with control totals generated during the input and processing stages. Control listings can be produced that provide hard copy evidence of all output produced.”
Prenumbered output forms can be used to control the loss of important output documents such as stock certificates or payroll check forms. Distribution lists help input-output control personnel ensure that only authorized users receive output.
Typically, a three – level password system is used. First, an end user logs on to the computer system by entering his or her unique identified code or user ID. The end user is then asked to enter a password in order to gain access into the system. Finally,...