Transcript 슬라이드 제목 없음 - IT Consulting

Information Systems
Control & Audit(10)
Shin, SooJung
Based on Ron’s book
Chapter 11
Input Controls
(1) Introduction
Components in the input subsystem are responsible for bringing both data & instructions into
an application system
Auditor의 관심이유
(1) In many information systems the largest no. of controls exists in the input subsystem
(2) Input subsystem activities sometimes involve large amounts of routine, monotonous
human intervention
(3) The input subsystem is often the target of fraud.
(2) Data input method
Input method의 strength & weakness
(1) Human intervention이 증가할 수록 에러발생률이 증가함
(2) State, event의 발생과 프로그램에의 입력사이의 시간이 길수록 에러발생률이 증가함
(3) 에러발생이 적은 Input device의 사용필요
Recording
medium
State/
event
keyboarding
Direct
Source document
reading
PC
Optical
Magnetic
Digitizer…
State: 예) pay rate
Event: 예) an order
Data
entry
PC
Touch screen…
(3) Source document design
(1)
(2)
-
Where source documents are used to capture input data, good source document design is
important.(데이터 기록 에러발생 줄임, 데이터 기록 속도 향상, 데이터를 컴퓨터 시스템에 넣을 수
있도록 함..)
Source documents Analysis
what data captured
How captured
Who capture
How prepared and entered into a computer system
How the document be handled, stored and filed
(3) Source documents 의 design
paper medium의 특성 선책(치수, 중량, 질 등)
Layout & style
(4) Data-entry screen design
If data is keyed into a system via a terminal, high-quality screen design is important to
minimizing input errors and to achieving an effective and efficient input subsystem.
(1) Screen organization
Uncluttered and symmetrically balanced
consistency
(2) Caption design
fully spelled out if a screen is used for direct-entry data capture
Distinguished from their associated data-entry field
Precede their associated data-entry field on the same line as the data-entry field
(3) Data entry field design
immediately follow their associated caption either on the same line or, in case of a
repeating field, on several lines immediately below the caption
(4) Tabbing & skipping
automatic skipping to a new filed should be avoided in data-entry screen design
(5) Color
reduce search time for an item…
Consistency, a few colors, visible, meaning, color-blind,…
(4) Data-entry screen design
(6) Response time
interval between entry of data and the system’s indication it is ready to accept a new data
Should be fast(2-4 secs)
(7) Display rate
the rate at which characters or images on a screen are displayed
Data-entry screen require a fast display rate
(8) Prompting and help facilities
Useful when data entry is not based upon a dedicated source documents
Useful to novice users
(5) Data code controls
Data code
uniquely identify an entity or identify an entity as a member of a group or set
Code is more compact than textual or narrative description
(1) Data coding errors
Coding error : Addition, truncation(omit), transcription(wrong), transposition, double
transposition
Coding error의 원인: length, alphabetic/numeric mix, choice of characters,mixing
uppercase/lowercase fonts, predictability of character sequence
(2) Types of coding systems
Flexibility, meaningfulness, compactness, convenience,evolvability
Serial code: assign consecutive no. to an entity
Block sequence code: assign blocks of no.s to particular categories of an entity
Hierachical codes: C65(division)/423(department)/222(expenditure type)
Association codes: attribute-SM(shirt)M(male)32(32centi.)DR(dress shirt)
(6) Check digits
-
A Check digit is a redundant digit(s) added to a code that enables the accuracy of other
characters of the code to be checked.
Calculated check digit – entered check digit
(1) Calculating check digit
Ex) code:2148 -> 2+1+4+8=15-> check digit: 5
(2) Efficiency of check digit method
-
Error(transcription(86%), single transposition(8%), double transposition(6%)
(3) When to use?
System overhead: redundant character 전송, 계산 및 확인
Use of check digits should be limited to critical field
(7) Batch controls
-
Batching is the process of grouping together transactions that bear some type of
relationship to each other.
(1) Types of batches
Physical: groups of transactions that constitute a physical unit- 여러 입력물을 한 직원이
한 터미날에서 한 프로그램에 입력
Logical : groups of transactions bound together on some logical basis –여러 직원이 같은
터미날에서 transaction을 입력하면 직원의 id에 따라 프로그램이 논리적인 그룹화를 수행
(2) Means of batch control
-
Physical: a batch cover sheet, a batch control register(조직내 여러 위치에서의 physical
batch들의 통과(접수, 분배)들을 기록)
Logical:데이터 입력직원은 독립적인 transaction기록을 가지고 있어야 함
Control totals: financial totals(돈을 포함한 각 field에 대한 총합), hash totals(배치상의
문서의 코드(문서번호 등)에 대한 총합), document/record counts(베치상의 문서또는 기록의
개수의 총합)
(3) Design of batch
Small enough: 에러발견 용이
Large: unit of work에 적절한 크기
Logical unit 구성
(8) Validation of data input
-
Data submitted as an input to an application systems should be validated as soon as
possible after it has been captured and as close as possible to its source.
(1) Types of data input validation check
Field check: missing data/blanks, alphabetics/numerics, range, set membership, check
digit, master reference, size, format mask
Record checks: reasonableness, valid sign number, size, sequence check
Batch checks: control totals, transaction type, batch serial no, sequence check
File checks: internal label, generation number, retention date, control totals
(2) Reporting data input errors
Error message
Clear & concise
Courteous & neutral
필드
이름
우편번호
레코드 1
레코드 2
파일 1
주소
(9) Instruction input
-
Ensuring the quality of instruction input to an application system is a more difficult
objective to achieve than ensuring the quality of data input
(1) Menu-driven language
The simplest way for users to provide instructions to an application system
Ask users to select from a list of options with which they are presented
(2) question-answer dialog
Ask users to respond to questions presented by the application system
(3) Command language
require user to recall and initiate instructions for the application system(ex) SQL)
(4) Form-based language
require user to specify commands in the context of some input or output form
(5) Natural languages
allow user to instruct an application system via free-form language
(6) Direct manipulation interface
allow user to enter instructions to an application system via direct manipulation of an
object(mouse, joystick 등의 사용)
(ex) spreadsheet, spatial data manager , electronic desktop(휴지통 아이콘 등)
(10) Validation of Instruction input
-
Like data input, instruction input entered into an application system also must be validated
(1) Types of instruction input validation checks
Lexical validation: 각 word를 점검
Syntactic validation: instruction의 syntax를 parsing함으로써 점검
Semantic validation: analysis of meaning(예) numeric value의 합이 string?)
(11) Audit trail controls
(1)
-
-
Accounting audit trails
record the origin of contents of, and timing of the transaction entered into an application
system
예) 데이터 source인 인력의 ID, 데이터 입력자의 ID, 데이타입력 시간, 데이터 입력 도구의 ID,
transaction에 의해 update된 레코드, 데이터, transaction details,…
예) instruction의 originator, instruction 입력시간, instruction 입력 도구….
(2) Operational audit trails
records the resources consumed to process data and instruction input
터미날의 keying 시간, 스캐닝 도구의 read error의 수, 사용된 instruction의 빈도,,,
(12) Existence controls
(1)
-
Data input의 손상시
Master file 손상
input file이 안전하게 보관되고 backup copy가 off-site에 보관되어야 함.
(2) Instruction input 손상시
less critical
audit trail에 저장