Question

Adequate controls have to be implemented if an organization wants to reduce errors and fraud when using computer technology. It is in the design stage of an information system that the appropriate controls are planned to ensure reliability of data. A good design can prevent both intentional and unintentional alteration and destruction of data. The data controls can be classified as input controls, process controls, and output controls. For each of these control categories, provide two specific controls, and state their contribution to data reliability.

Answer 1

1) Input Controls – These controls are used mainly to check the integrity of data entered into a business application, whether the data is entered directly by staff, remotely by a business partner, or through a Web-enabled application or interface. Data input is checked to ensure that is remains within specified parameters.

• Data checks and validation Control :
  • • Reasonableness and limit checks on financial values.
  • Format and required field checks; standardized input screens.
  • Sequence checks (e.g., missing items), range checks, and check digits.
  • Cross checks (e.g., certain policies are only valid with certain premium table codes).
  • Validations (e.g., stored table and drop-down menu of valid items).
• Automated segregation of duties and access rights Controls
  • ​​​​​​​Individuals who set up approved vendors cannot initiate purchasing transactions.
  • Individuals who have access to claims processing should not be able to set up or amend a policy

Processing Controls – These controls provide an automated means to ensure processing is complete, accurate, and authorized.

• Audit trails and overrides Controls
  • ​​​​​​​Automated tracking of changes made to data, associating the change with a specific user.
  • Automated tracking and highlighting of overrides to normal processes.
• Interface balancing Controls
  • ​​​​​​​Automated checking of data received from feeder systems (e.g., payroll, claims data, etc.) into data warehouses or ledger systems.
  • Automated checking that balances on both systems match, or if not, an exception report is generated and used.

Output Controls – These controls address what is done with the data and should compare output results with the intended result by checking the output against the input.

• General ledger posting Control
  • ​​​​​​​All individual and summarized transactions are posted to general ledger
• Subledger posting Control
  • ​​​​​​​All successful transactions are posted to subledger