04/19/23 MIS331 1

Information Systems DevelopmentMIS331

Internal Controls for Inputs and Outputs

04/19/23 MIS331 2

Agenda

• Control Types

• Control Systems

• Input Controls– Check digit calculations

• Output Controls

04/19/23 MIS331 3

Why Control?• Inputs

– Helps ensure that the data input to the system is accurate.

– Helps protect the system from accidental and/or intentional errors and abuse, including fraud.

• Outputs– Helps ensure reliability and distribution of

outputs generated by the system.

04/19/23 MIS331 4

Control Types

• Preventive control– Intention is to create a mechanism by

which the undesired state is never realized.– If 100% effective, risk is completely

eliminated by one or more appropriate preventive controls.

• Examples?

04/19/23 MIS331 5

Control Types

• Detective control– Intention is to create a mechanism by

which the undesired state, when present, is detected.

– If 100% effective, risk is completely detectable and identifiable by one or more appropriate detective controls.

• Examples?

04/19/23 MIS331 6

Control Types

• Corrective control– Intention is to create a mechanism by

which the undesired state, when detected, is is returned to a desired state or set of conditions.

– If 100% effective, risk is completely correctable by one or more appropriate corrective controls.

• Examples?

04/19/23 MIS331 7

Control Systems

• The key issue is that no single preventive control will be 100% effective in managing the risk or undesired state.

• What is needed is some combination of control types that serve to effectively manage the risk in question.

04/19/23 MIS331 8

Effective versus Efficient

• Effective means the control accomplishes the goal or objective.

• Efficient means that it accomplishes this goal in an affordable, manageable, and timely manner.– Sometimes there must be a tradeoff based

on probability of occurrence of the risk in question.

04/19/23 MIS331 9

Exposure Occurrence Rates

• Human errors– Data entry errors– Console entry errors– Wrong file or program– File damaged in handling

04/19/23 MIS331 10

Exposure Occurrence Rates

• Hardware/Software Failures– Loss of data– Logic error– Interrupt operation

04/19/23 MIS331 11

Exposure Occurrence Rates• Computer Abuse

– Theft

– Embezzlement

– Fraud

– Espionage

– Invasion of Privacy (cracking)

– Maliciousness (hacking)

04/19/23 MIS331 12

Exposure Occurrence Rates

• Catastrophe– Fire– Water– Wind– Civil disorder

04/19/23 MIS331 13

Input Controls

• Monitor number of inputs to system– transaction logging– batch control slips– one-for-one checking

• match each source document with a corresponding historical report detail line confirming that the document was entered and processed.

04/19/23 MIS331 14

Input Controls

• Data validity checks– completeness check

• Have all required fields been entered?

– Limit and range check• Does the input data fall within a legitimate set or range

of values.

– Combination check• Determines whether a known relationship or set of

relationships between two fields is valid.– Ex: if VEHICLE MAKE is “Pontiac”, then VEHICLE

MODEL must be one of the models made by Pontiac.

04/19/23 MIS331 15

Input Controls

• Picture Checks– Does the data entered “look like” the

prescribed pattern for this field?• If field expects XX999AA (2 of anything, 3

numbers, and 2 letters) then 127A121C as a data entry does not match the picture.

– Self-checking digits (check digit)• Can be used to determine data entry errors on

primary keys, checking account numbers, etc.

04/19/23 MIS331 16

Modulus 11 Check Digit

STEP 1: Determine the size of the field in digits

24135 = 5 digits

STEP 2: Number each digit location from either right or left beginning with the number “2.”

2 4 1 3 5

6 5 4 3 2

STEP 3: Multiply each digit in the field by its assigned location number.

2 x 6 = 12

4 x 5 = 20

1 x 4 = 4

3 x 3 = 9

5 x 2 = 10

04/19/23 MIS331 17

Modulus 11 Check Digit

STEP 4: Sum the products from step 3.

12 + 20 + 4 + 9 + 10 = 55

STEP 5: Divide the sum from step 4 by 11

55/11 = 5 remainder 0

STEP 6: If the remainder is less than 10, append the remainder digit to the field.

If the remainder is equal to 10, append the character “X” to the field.

241350

04/19/23 MIS331 18

Output Controls

• Specify the timing and volume of each output precisely.– Daily reports? Daily when?– On demand? 24-7?

• Specify the distribution or access to each output.– Who gets, or can get, what report and

when?

04/19/23 MIS331 19

Output Controls

• Password control for certain output functions.

• Use control totals where appropriate.– The number of records input or delivered

as the result of a query should equal the number of records output by the process.

• In other words, did we get all that we asked for?

04/19/23 MIS331 20

Upcoming Classes ...• Group C on Tuesday

– economic feasibility analysis

• No Class on Thursday, 4/3

• Group D on Tuesday, 4/8

• Ethics Discussion on 4/10