University of Washington



CHAPTER 8

INFORMATION SYSTEMS CONTROLS FOR SYSTEMS RELIABILITY

SUGGESTED ANSWERS TO DISCUSSION QUESTIONS

8.1 For the consumer, opt-out represents many disadvantages because the consumer is responsible for explicitly notifying every company that might be collecting the consumer’s personal information and tell them to stop collecting their personal data. Consumers are less likely to take the time to opt-out of these programs and even if they do decide to opt-out, they may not know of all of the companies that are capturing their personal information. For the organization collecting the data, opt-out is an advantage for the same reasons it is a disadvantage to the consumer, the organization is free to collect all the information they want until explicitly told to stop.

8.2 a. The cost here is tangible, consisting of the salaries of additional employees, if any, who must be hired in order to accomplish segregation of duties. The benefit is much less tangible, comprising primarily the reduction in the risk of loss from both fraud and unintentional errors. One approach might be to estimate an "expected benefit" as a product of the possible loss from fraud and the reduction in probability of fraud.

b. The costs here are also relatively tangible, including the costs of maintaining a tape library and of performing special procedures such as file labeling, concurrent update controls, encryption, virus protection, maintaining backup files, and so forth. The benefit is again intangible, consisting of the reduction in risk of loss of vital business data. Once again an "expected benefit" might be estimated as the reduction of the product of the cost of data reconstruction and the probability of data loss.

c. The cost here consists of the extra programming and processing time required to prepare and execute the input validation routines. As in the other cases, the benefits are intangible and difficult to measure in dollars. The primary benefit is the increase in accuracy of files and output. In this case, the decision must be primarily subjective, since a reliable dollar value is unlikely to be available.

8.3 The disadvantage of full backups is time. Organizations do not normally make full backups of their data on a frequent (daily) basis simply due to the time a full backup takes. Most organizations do full backups on a weekly basis. The advantage of frequent full backups is that the full system can be restored from a single backup. An advantage of incremental or partial daily backups is time. Since only files that have been altered since the last incremental backup or full backup are included in the backup, the backup can be done much more quickly. Of course, the downside of incremental backups is that it is likely that more than one backup will be needed to fully restore the system in the event of a system failure. Management decides what the recovery point objective (RPO) should be for their company; i.e., how much they are willing to lose in the event of a catastrophic event. Naturally, the recovery time objective (RTO) would always be “as soon as possible”, but this decision hinges on how long management thinks the company can operate without their data. The advantage of real-time mirroring is that a full and complete backup is always available at a moments notice. The mirror site can instantly step into the shoes of the primary site since it is a real-time replica of the primary site. The disadvantage of real-time mirroring is the cost of creating and maintaining identical databases at two different site locations; however, depending on the needs of the business, real-time mirroring may be a legitimate and necessary business expense since the cost of losing data and then recreating that data from a full or partial backup would be prohibitive. In other words, for these businesses, RPO and RTO are essentially zero; i.e., the data must be available instantaneously.

8.4

|A |B |B - A |Divisible by 9? |

|Original Number |Transposed Number |Difference | |

|10 |01 |9 |Yes |

|11 |11 |0 |Not a transposition |

|12 |21 |9 |Yes |

|13 |31 |18 |Yes |

|14 |41 |27 |Yes |

|15 |51 |36 |Yes |

|16 |61 |45 |Yes |

|17 |71 |54 |Yes |

|18 |81 |63 |Yes |

|19 |91 |72 |Yes |

When numbers between 10 and 19 are transposed, the difference between the original number and the transposed number is divisible by 9 except for the number 11 since the transposition of 11 is 11 and therefore not a transposition.

8.5 Good internal control procedures dictate the objectives of internal control, but not the techniques by which those objectives are to be achieved. Computer systems can efficiently scan large volumes of records on a regular basis, identify transactions that need to be initiated, and then take appropriate transaction-initiation steps such as document preparation and file updating.

Given that computer systems will be programmed to initiate transactions, the issue is to identify internal control techniques that will achieve the stated objective under these circumstances. These include (1) strong controls over the development and revision of the computer programs that initiate transactions, (2) organizational separation of the programming and computer operations functions, (3) logical access controls to prevent unauthorized access to computer programs, and (4) review by user department personnel of transactions initiated by the computer.

In summary, automatic generation of transactions by computer does not necessarily violate good internal control.

8.6 Since outsourcing is and will likely continue to be a topic of interest, this question should generate some good discussion from students. Data security and data protection are rated in of the top ten risks of offshore outsourcing by CIO News. Compliance with The Health Insurance Portability and Accountability Act (HIPAA) and the Sarbanes-Oxley Act (SOX) are of particular concern to companies outsourcing work to offshore companies. Since offshore companies are not required to comply with HIPAA, companies that contract with offshore providers do not have any enforceable mechanisms in place to protect and safeguard Protected Health Information; i.e., patient health information, as required by HIPAA. They essentially lose control of that data once it is processed by an offshore provider. Similarly, offshore companies are not governed by SOX and therefore when the CEO and CFO attest to the accuracy of their company’s financial statements which includes documentation of any business processes performed by offshore entities.

One question that may facilitate discussion is to ask the students that once a company sends some operations offshore, does the outsourcing company still have legal control over their data or do the laws of the off shore company dictate ownership? Should the outsourcing company be liable in this country for data that was lost or compromised by an outsourcing offshore partner?

8.7 Since most students will encounter this question as an employee and as a future manager, the concept of personal email use during business hours should generate significant discussion. One question that may help facilitate discussion is to ask whether personal emails are any different than personal phones calls during business hours. The instructor may also want to use this opportunity to discuss security issues with email. Viruses are frequently spread through email and although a virus could infect company computers through a business related email, personal email will also expose the company to viruses and therefore warrant the policy of disallowing any personal emails. In addition, there is the risk that employees could overtly or inadvertently release confidential company information through personal email. Once the information is written in electronic form it is easy and convenient for the recipient to disburse that information.

8.8 Many people may view biometric authentication as invasive. That is, in order to gain access to a work related location or data, that they must provide a very personal image of part of their body such as their retina, finger or palm print, their voice, etc. Providing such personal information may make some individuals fearful of identity theft in that unlike a social security number or a bank account number, biometric identification characteristics cannot simply be “reset”. If someone’s digitized biometric identification such as a finger print is stolen, then how can they prevent their identity from being used to lie, cheat, and steal? Indeed, facial scans and voice scans can be obtained and recorded without the consent and knowledge of the person being scanned. RFID tags that are embedded or attached to a persons clothing would allow anyone with that particular tag’s frequency to track the exact movements of the “tagged” person. For police tracking criminals that would be a tremendous asset, but what if criminals were tracking people who they wanted to rob or whose property they wanted to rob when they knew the person would not be at home. Already one elementary school tried using RFID tags on students to track attendance, but stopped the program due to parental complaints and because the company that donated the equipment decided to stop supplying the RFID tags to the school.

SUGGESTED SOLUTIONS TO THE PROBLEMS

8.1 There is no single correct solution for this problem. Student responses will vary depending on their experience with various businesses. One minimal classification scheme could be highly confidential or top-secret, confidential or internal only, and public. The following table lists some examples of items that could fall into each basic category.

|Highly Confidential (Top Secret) |Confidential (Internal) |Public |

|Research Data |Payroll |Financial Statements |

|Product Development Data |Cost of Capital |Security and Exchange Commission Filings |

|Proprietary Manufacturing Processes |Tax |Marketing Information |

|Proprietary Business Processes |Manufacturing Cost Data |Product Specification Data |

|Competitive Bidding Data |Financial Projections |Earnings Announcement Data |

8.2 a. Record Count: 4 records

Hash and Financial Totals are shown in the table below.

|Employee Number |Pay Rate |Hours Worked |Gross Pay |Deductions |Net Pay |

|121 |6.50 |38 |$247.00 |25.50 |221.50 |

|123 |7.25 |40 |290.00 |60.00 |230.00 |

|125 |6.75 |90 |607.5 |450.00 |57.50 |

|122 |67.5 |40 |2700.00 |500.00 |2200.00 |

| | | | | | |

|491 |88 |208 |3824.50 |1135.50 |2679.00 |

| | | | | | |

|Hash Total |Hash Total |Hash Total |Financial Total |Financial Total |Financial Total |

b. Field Check: $247 Gross Pay for Employee 121 should not contain the $ symbol.

Sequence Check: Employee 122 is out of order. This record should appear directly after Employee 121.

Limit Check: 90 Hours Worked for Employee 125 is probably too high. Employee 122’s pay rate of $67.5 seems high.

Reasonableness Test: $450 in Deductions for Employee 125 seems too high given a Gross Pay of $607.50.

Crossfooting Balance Test: $57.50 net pay for employee 125 does not equal $607.50-$450. Net pay should be $157.50 if the gross pay and deductions are correct. In addition, the deductions for employee 125 also appear to be unreasonably high, so the correct net pay should be much higher than $57.50.

.

8.3

a. Field 1 - Member number:

• Range check to verify that the field contains only four digits within the range of 0001 to 1368.

• Validity check on member number if a file of valid member numbers is maintained.

Field 2 - Date of flight start:

• Check that day, month, and year corresponds to the current date.

• Field check to verify that the field contains six digits.

Field 3 - Plane used:

• Validity check that character is one of the legal characters to describe a plane (G, C, P, or L).

• Check that only a single character is used. (field check)

Field 4 - Time of take off:

• Range check that both pairs of numbers are within the acceptable range (first two digits are within range 00 to 23, and second two digits are within the range 00 to 59).

• Field check to verify that the field contains four digits.

Field 5 - Time of landing:

• Range check that both pairs of numbers are within the acceptable range described for field 4.

• Reasonableness test that field 5 is greater than field 4.

b. Five of the six records contain errors as follows:

1st - Wrong date is used (Nov. 31 instead of Nov. 1).

2nd - Member number is outside range (4111 is greater than 1368).

4th - Plane code is not legal.

5th - Member number contains a character.

6th - Plane landing time is earlier than the take off time.

c. Other possible controls to prevent input errors are:

• user ID numbers and passwords to limit system access to authorized personnel.

• compatibility test to ensure that authorized personnel have access to the correct data.

• prompting to request each required input item.

• preformatting to display an input form including all required input items.

• completeness check on each input record to ensure all item have been entered.

• default values such today=s date for the flight date.

• closed-loop verification (member name would appear immediately after the member number)

(SMAC Examination, adapted)

8.4 Differences between the correct batch total and the batch totals obtained after processing:

(a) (b) (c) (d)

$29,341.28 $29,341.28 $29,341.28 $29,341.28

-24,088.72 -29,431.28 -30,341.28 -27,578.66

$ 5,252.56 $ (90.00) $(1,000.00) $ 1,762.62

Analysis of these differences:

a. The difference of $5,252.56 is not divisible evenly by 9, which rules out a transposition error. The difference affects multiple columns, which rules out a single transcription error. The difference amount is not equal to any of the entries in the first batch total calculation, which rules out an error of omission. Dividing the difference by 2 gives $2,626.28, which is one of the entries in the first calculation. More careful inspection reveals that this amount has been inadvertently subtracted from the second batch total calculation rather than added.

b. The difference of $90 is evenly divisible by 9, which suggests the possible transposition of adjoining digits in the hundredths and tenths columns. More careful inspection indicates that the amount $4,566.86 from the first calculation was incorrectly transposed to $4,656.86 in the second calculation.

c. A difference of $1,000 represents a discrepancy in only one column, the thousandths column. A possible error in transcribing one digit in that column is indicated. More careful examination reveals that the amount $2,772.42 from the first calculation was incorrectly recorded in the second calculation as $3,772.42.

d. The difference of $1,762.62 exists in multiple columns and is not divisible evenly by 9. However, this amount is equal to one of the entries in the first calculation. Inspection reveals that this item was inadvertently omitted from the second calculation.

8.5

The following edit checks might be used to detect errors during the typing of answers to the input cues:

• Validity check of operator access code and password C ensures that the operator is authorized to access computer programs and files. Also use of expense account # - ensures that proper expense account number is used.

• Compatibility test of operator request to access payroll file C ensures that this operator has been granted authority to access and modify payroll records.

• Field check C ensures that numeric characters are entered into and accepted by the system in fields where only numeric characters are required; e.g., numbers 0-9 in a social security number.

• Field check C ensures that letters are entered into and accepted by the system in fields where only letters are required; e.g., letters A-Z in employee name.

• Field check C ensures that only specific special characters are entered into and accepted by the system where only these special characters are required; e.g., dashes in a social security number.

• Sign check C ensures that positive or negative signs are entered into and accepted by the system where only such signs are required to be entered or that the absence of a positive or negative sign appears where such an absence is required; e.g., hours worked.

• Validity check C ensures that only authorized data codes will be entered into and accepted by the system where only such authorized data codes are required; e.g., authorized employee account numbers.

• Range check C ensures that only data values within a predetermined range will be entered into and accepted by the system; e.g., rate per hour for new employees cannot be lower than the minimum set by law or higher than the maximum set by management.

• Size check C ensures that only data using fixed or defined field lengths will be entered into and accepted by the system; e.g., number of dependents requires exactly two digits.

• Check digit C ensures that only specific code numbers prepared by using a specific arithmetic operation will be entered into and accepted by the system. This may not be needed if the more powerful validity checks are properly used.

• Completeness test C ensures that no blanks will be entered into and accepted by the system when data should be present; e.g., an "S" or "M" is entered in response to single or married?

• Overflow check C ensures that no digits are dropped if a number becomes too large for a variable during processing; e.g., hourly rates "on size errors" are detected.

• Control-total check C ensures that no unauthorized changes are made to specified data or data fields and all data have been entered.

• Reasonableness test C ensures that unreasonable combinations of data are rejected; e.g., overtime hours cannot be greater than zero if regular hours are less than 40.

• Limit check C ensures that inputs do not exceed a specified limit; e.g., overtime hours cannot exceed 40.

(CPA Examination, adapted)

8.6 a. The computer security weaknesses present at Gleicken Corporation that made it possible for a disastrous data loss to occur include:

• inadequate attention by top management to EDP facilities planning and security concerns.

• housing the data processing facility in a building with exposed wooden beams and a wood-shingled exterior, rather than in a building constructed of fire retardant materials.

• lack of a sprinkler (Halon) system, a fire suppression system under a raised floor, and fire doors.

• preparing tape backups too infrequently (weekly).

• data and program tapes, especially the backup copies, should not be stored on open shelves in the data processing area. Working copies should be stored in a separate library area constructed of fire retardant materials, while backup copies should be stored off-site.

• lack of a written disaster recovery plan with arrangements in place to use an alternate off-site computer center in the event of a disaster or an extended service interruption. While a phone list of data processing personnel exists, there is no indication that responsibilities have been assigned as to actions to be taken in the event of a disaster.

• lack of complete systems documentation kept outside the data processing area.

• inadequate casualty insurance coverage.

b. The components that should have been included in the disaster recovery plan at Gleicken Corporation in order to ensure computer recovery within 72 hours include the following:

• A written disaster recovery plan should be developed with review and approval by senior management, data processing management, end-user management, and internal audit.

• Backup file copies should be prepared at least daily. Backup files and programs should be stored at a secure off-site location that can be easily accessible in an emergency.

• The disaster recovery team should be organized. Select the disaster recovery manager, identify the tasks, segregate into teams, develop an organization chart for disaster procedures, match personnel to team skills and functions, and assign duties and responsibilities to each member.

• The duties and responsibilities of the recovery team include obtaining use of a previously arranged alternate data processing facility; activating the backup system and network; retrieving backup data files and programs; restoring programs and data; processing critical applications; and reconstructing data entered into the system subsequent to latest saved backup/restart point.

c. Factors, other than those included in the disaster recovery plan itself, that should be considered when formulating the plan include:

• arranging business interruption insurance in addition to liability insurance.

• ensuring that all systems and operations documentation is kept up to date, and that backup copies are maintained off-site, easily accessible for use in case of disaster.

• performing a risk/cost analysis to determine the level of expense that may be justified to obtain reasonable, as opposed to certain, assurance that disaster recovery can be achieved in 72 hours. For example, is the purchase of a duplicate hardware set-up at another location justified.

d. Other threats (besides fire) from which Gleicken should have protected itself are:

• earthquake

• theft/burglary

• intense sunlight through the skylights

(CMA Examination, adapted)

8.7 Student solutions will vary depending on the template they select. Templates are available in Adobe PDF or Microsoft Word format.

8.8

[pic]

8.8 (Cont.)

The following represents one way to solve this problem. To check student solutions, the instructor will have to collect electronic copies of this assignment to verify that students have implemented the checks assigned in the problem.

Supporting Formulas:

F5 (Monthly Payment): =PMT(Rate/12,PMTs*12,-Mortgage)

F8 (Total Interest Paid): =SUM(C13:C372)

F9 (Principal Paid): =SUM(E13:E373)

G6 (Warning): =IF(F6>F5*0.5,"Warning: Extra principal payment is greater than 50% of the total regular payment","")

G12 (Beginning Balance): =+Mortgage

A13 (Payment Number): =IF(ROWS($A$13:A13)>PMTs*12,0,ROWS($A$13:A13))

B13 (Principal balance at beginning of period): =IF(A13=0,0,IF(G12=0,1,0)

Data Input Controls:

Field check to ensure only numeric data is entered in the “Life of loan in years”:

[pic]

8.8 (Cont.)

[pic]

Range check to ensure that annual interest rates must be between 4% and 9% inclusive:

[pic]

8.8 (Cont.)

[pic]

Limit check to verify that the amount of the loan is than $300,000:

[pic]

8.8 (cont.)

[pic]

Reasonableness test: amount of extra principal payment cannot be greater than 50% of the initial total monthly payment:

Cell Formula G6: =IF(F6>F5*0.5,"Warning: Extra principal payment is greater than 50% of the total regular payment","")

Cross-footing balance checks to verify that total amount paid in principal plus extra principal over the life of the loan equals original loan amount:

Cell Formula F9: =SUM(E13:E373)

Cell Formula E13 to end of the column: =IF(A13=0,0,IF(B13=0,0,IF(H13=0,+D13+$F$6+G13,+D13+$F$6)))

Although this is not strictly a cross-footing balance, for an Excel based repayment schedule that does not employ any Visual Basic programming code, this is an effective method to check for any overpayment over the life of the loan when additional payments are included. Therefore, students should be warned in advance that a strict cross-footing balance may not be possible and to be flexible and to think creatively in meeting the control requirements of this problem.

8.8 (Cont.)

Conditional limit check to calculate the final extra principal payment so that it does not reduce the outstanding balance below zero:

Cell Formula E13 to end of the column: =IF(A13=0,0,IF(B13=0,0,IF(H13=0,+D13+$F$6+G13,+D13+$F$6)))

Cell Formula H13: =IF(G13>=0,1,0)

For an Excel based repayment schedule that does not employ any Visual Basic programming code, this is an effective method to check for the final payment over the life of the loan when additional payments are included. The “Marker (column H)” cell is used to track when the balance at the end of the period goes negative; i.e., the loan has been repaid, but the last normal payment exceeds the last remaining balance. The final payment is then equal to the normal payment less the amount that would be overpaid if a full normal payment is made as the final payment on the loan. The final payment is the found as the last the last non-zero amount in the “Monthly Principal + Extra Principal Payment” column. Therefore, students should be warned in advance to be flexible and to think creatively in meeting the control requirements of this problem.

8.9

| |Type of Backup |Time to Backup |Size of Backup |Time to Restore |

|A |Full Daily Backup |300 Minutes (5 days * 60 minutes) |250 GB (5 days * 50 GB) |300 Minutes (5 days * 60 Minutes) |

| |Total |300 Minutes |250 Minutes |300 Minutes |

| | | | | |

|B |Full Weekly Backup |60 Minutes |50 GB |60 Minutes |

| |Daily Incremental Backup |50 Minutes (5 days * 10 minutes) |40 GB (5 days * 8 GB) |25 Minutes (5 days * 5 minutes) |

| |Total |110 Minutes |90 Minutes |85 Minutes |

| | | | | |

|C |Full Weekly Backup |60 Minutes |50 GB |60 Minutes |

| |Daily Differential Backup |75 Minutes (5 days * 15 minutes) |30 – 150 GB (5 days * 6-30 GB) |40 Minutes (5 days * 8 minutes) |

| |Total |135 Minutes |80 – 180 Minutes |100 Minutes |

| | | | | |

The full weekly backup with a daily incremental backup is the best options based on time to backup, size of backup and the time to restore.

8.10 (Note: In order to access the 76 page control framework, students must first register on the website with ISACA.)

| |Trust Services Framework Principle |

|Cobit Control Objective |Security |Confidentiality |Privacy |Processing Integrity|Availability |

|PO1 – Define a strategic IT plan |X |X |X |X |X |

|PO2 – Define the information architecture|X |X |X |X |X |

|PO3 – Determine technological direction | | | |X |X |

|PO-4 Define the IT processes, |X | | |X |X |

|organization and relationships | | | | | |

|PO-5 Manage the IT investment | | | | | |

|PO-6 Communicate management aims and |X | | | | |

|direction | | | | | |

|PO-7 Manage IT human resources |X | | | | |

|PO-8 Manage quality | | | |X |X |

|PO-9 Assess and manage IT risks |X | | |X |X |

|PO-10 Manage Projects | | | | | |

| | | | | | |

|AI1-Identify automated solutions | | | |X | |

|AI2-Acquire and maintain application |X | | |X |X |

|software | | | | | |

|AI3-Acquire and maintain technology | | | |X |X |

|infrastructure | | | | | |

|AI4-Enable operation and use | | | |X |X |

|AI5-Procure IT resources | | | | |X |

|AI6-Manage changes |X | | |X | |

|AI7-Install and accredit solutions and | | | |X |X |

|changes | | | | | |

|Cobit Control Objective |Security |Confidentiality |Privacy |Processing Integrity|Availability |

|DS1-Define and manage service levels | | | | |X |

|DS2-Manage third-party services | |X |X |X |X |

|DS3-Manage performance and capacity | | | |X | |

|DS4-Ensure continuous service |X | | |X |X |

|DS5-Ensure systems security |X |X |X |X | |

|DS6-Indentify and allocate costs | | | | | |

|DS7-Educate and train users | | | |X | |

|DS8-Manage service desk and incidents | | | | |X |

|DS9-Manage the configuration | | | |X | |

|DS10-Manage problems | | | |X |X |

|DS11-Manage data |X |X |X |X |X |

|DS12-Manage the physical environment |X |X |X |X |X |

|DS13-Manage operations |X |X | |X |X |

| | | | | | |

|ME1-Monitor and evaluate IT performance | | | |X |X |

|ME2-Monitor and evaluate internal control|X | | |X | |

|ME3-Ensure compliance with external |X | | | | |

|requirements | | | | | |

|ME4-Provide IT governance |X | | |X | |

8.11

a. A limit check on the hours worked field.

b. All files should have external labels and operators should be instructed to read them prior to running programs. In addition, all files should have internal header labels to identify their contents, and all programs should check these labels before processing transactions against the file.

c. A field check should be performed to check whether all characters entered in this field are numeric. There should be a prompt correction and re-processing of erroneous transactions.

d. A reasonableness test of quantity ordered relative to the product if 50 is an unusually large number of printers to be ordered at one time. Closed-loop verification to make sure that the stock number matches the item that is ordered.

e. An uninterruptible power system should be used to provide a reserve power supply in the event of power failure.

f. A second copy of all key files should be stored at an off-site location.

g. A sign test of quantity on hand.

h. A completeness check to check whether all required fields were filled in.

i. Check digit verification would have caught this typographical error at the time of entry.

j. A size check would prevent 400 characters from being entered into a field that allows for only 5 characters.

k. Concurrent update controls protect records from errors when more than one salesman tries to update the inventory database by locking one of the users out of the database until the first salesman’s update has been completed.

l. A limit check based on the original sales date.

m. Check digit verification on each customer account number would work for batch processing. For online processing, a validity check for actual customers and closed loop verification.

n. The use of turnaround documents would prevent this error from occurring, because the customer account number would be preprinted. Only closed loop verification would catch this, if payments were processed manually. The “wrong” account is valid, so both validity checks and check digit verification would not flag this as an error.

o. Batch totals, such as a record count or a hash total on employee numbers, would detect the loss in time to be corrected.

p. Encrypting the email containing the bid would have prevented the competitor from reading the email even if they could have intercepted the email.

q. Parity checks and echo checks will test for data transmission errors.

8.12 (Adapted from CMA Exam. June 1994, Part 4, Question 3)

a.

1. Systems documentation is prepared when someone has the time to do it, consequently, documentation will likely be incomplete and not current.

2. The systems and programming staff have access to the computer room without supervision of the operations staff. The programmers could alter the data files or operational programs.

3. The location of the computing facility on the ground floor behind large plate glass windows invites attention, risk exposure, and risk of damage due to flooding.

4. There does not appear to be any regularly scheduled backups.

b.

1. Off-site alternatives for continuation of service including contingency plans for temporary operations, hot sites, vendor sites, service bureau sites, etc. MonsterMed should maintain arrangements with computer equipment vendors to provide availability of hardware to replace damaged hardware as soon as practical.

2. Off-site storage of program and data files, documentation, and supplies.

3. Detailed procedures for recovery including instructions for obtaining off-site storage, planning a communications link between headquarters and the emergency site, as well as telephone and cell phone numbers of all team members.

4. Procedures for on-going control and maintenance of a temporary cite.

5. Testing and training for plan implementation including testing each department individually, testing the whole plan; i.e., a mock disaster, trial runs, testing backup procedures, testing restore operations, and recording test results.

SUGGESTED ANSWERS TO THE CASES

8.1 1. a. Confidentiality problems which could arise in the processing of input data, and recommended corrective actions, are as follows:

| | |

|Problem |Controls |

| |Limit physical access to terminal room used for data input and/or require data|

|Unauthorized user of terminal. |input personnel to wear color-coded badges for identification. |

| |Use different passwords for each operator and change them frequently. |

|On-line modification of program by |Prohibit program modification from input or inquiry terminals. |

|operator to by-pass controls. |Secure the documentation that indicates how to perform operations other than |

| |input of tax returns. |

|Use of equipment for unauthorized |User and terminal passwords that limit access to only that part of the system |

|processing or searching through files. |needed for input of current tax data. |

| |Secure the documentation that indicates how to perform operations other than |

| |input of tax returns. |

b. Confidentiality problems which could arise in the processing of returns, and recommended corrective actions, are as follows:

| | |

|Problem |Controls |

|Operator intervention to input data or to |Limit operator access to only that part of the documentation needed for |

|gain output from files. |equipment operation. |

| |Prohibit operators from writing programs and designing the system. |

| |Daily review of console log messages and/or run times. |

|There might be attempts to screen |Institute programming controls such that there is a definite sequence to |

|individual returns on the basis of surname,|creating or maintaining programs. This sequence should contain reviews at |

|sex, race, etc., rather than tax liability.|general levels and complete trial runs. |

c. Confidentiality problems which could arise in the inquiry of data, and recommended corrective actions, are as follows:

| | |

|Problem |Controls |

| |Use a sign-in/sign-out register for persons using the system. |

|Unauthorized user with a valid |Require users to show some form of identification. |

|taxpayer ID using the system. |Use a programmed sequence of questions which only valid users are likely to be able |

| |to answer. |

| |Prohibit phone responses. |

| |User and terminal passwords to limit terminals to output of tax information. |

|Taxpayer or regional state |Secure the documentation that indicates how to perform other than taxpayer |

|employee use of equipment for |inquiries. |

|unauthorized processing or |Have the terminals lock out for repeated errors or attempts to break security. |

|searching through files. |Have a code system that logs each entry and data inquiry by user. |

| |Daily activity reporting to supervisors and/or auditors showing terminal numbers, |

| |user numbers, type of processing, name of files accessed, and unacceptable requests.|

2. Potential problems and possible controls to provide data security against loss, damage, and improper input or use of data are as follows:

| | |

|Problem |Controls |

|Loss of tax return data before |Keep copies of tax returns in a safe location and (temporarily) organized in a fashion |

|any file updates. |for reprocessing if necessary. |

| |Maintain a transaction log on magnetic tape for possible recall. |

|Improper input or use of data |Verify data entry or enter twice by different operators. |

|during processing. |Prohibit data entry through inquiry terminals. |

| |Process routine items at specified times thus preventing unauthorized runs of vital |

| |information. |

|Incomplete processing of tax |Computer prompting of terminal operators for appropriate input. |

|returns. |Balancing of computer processing at each stage back to input and run control totals. |

|Fraudulent program modifications |Prohibit programming from input or inquiry terminals; log all such attempts on console |

|entered from input or inquiry |log for immediate supervisory action. |

|terminals. |Periodic checks of all packages so that any illegal modifications can be detected. |

(CMA Examination, adapted)

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download