This chapter addresses the remaining two principles of the reliable system: processing integrity and availability.

The processing integrity principle of the Trust Services Framework states that a reliable system is one that produces information that is accurate, complete, timely, and valid. See table 10.1 for the application controls discussed in the COBIT framework to ensure processing integrity. It requires controls over the input, processing, and output of data.

Input Controls

Forms designs, cancellation and storage of source documents, and automated data entry controls are needed to verify the validity of input data.

Source documents and other forms should be designed to minimize the chances for errors and omissions. Two particularly important forms are:

• Sequentially prenumbering source documents. Prenumbering improves control by making it possible to verify that no documents are missing.

• Turnaround documents. This is a record of company data sent to an external party and the returned by the external party to the system as input. Turnaround documents are prepared in machine-readable form to facilitate their subsequent processing as input records.

Source documents that have been entered into the system should be cancelled so they cannot be inadvertently of fraudulently re-entered into the system. Electronic documents can be similarly ‘cancelled’ by setting a flag field to indicate that the document has already been processed. Cancellation does not mean disposal.

Source documents should be scanned for reasonableness and propriety before being entered into the system.

• Field check determines whether the characters in a field are of the proper type.

• Sign check determines whether the data in a field have the appropriate arithmetic sign.

• Limit check tests a numerical amount against a fixed value.

• Range check tests whether a numerical amount falls between predetermined lower and upper limits.

• Size check ensures that the input data will fit into the assigned field.

• Completeness check on each input record determines whether all required data items have been entered.

• Validity check compares the ID code or account number in transaction data with similar data in the master file to verify that the account exists.

• Reasonableness test determines the correctness of the logical relationship between two data items.

• Check digit is computed from other digits. The system could assign each new employee a nine-digit number then calculate a tenth digit from the original nine and append that calculated number to the original nine to form a ten-digit ID number.

Additional batch processin data entry controls

• Batch processing works more efficiently if the transactions are sorted so that the accounts affected are in the same sequence as records in the master file. A sequence check tests whether a batch of input data is in the proper numerical or alphabetical sequence.

• An error log that identifies data input errors facilitates timely review and resubmission of transactions that cannot be processed.

• Batch totals summarize important values for a batch of input records. The following are three commonly used batch totals:

  • Financial batch sums a field that contains monetary values

  • Hash total sums a nonfinancial numeric field

  • Record count is the number of records in a batch

Additional online data entry controls

• Prompting, in which the system requests each input data item and waits for an acceptable response, ensures that all necessary data are entered.

• Closed-loop verification checks the accuracy of input data by using it to retrieve and display other related information.

• A transaction log includes a detailed record of all transactions, including a unique transaction identifier, the date and time of entry, and who entered the transaction.

Processing controls

Controls are also needed to ensure that data is processed correctly. There are a few processing controls.

• Data matching. Two or more items of data must be matched before an action can take place.

• File labels. They need to be checked to ensure that the correct and most current files are being updated. Both internal and external files should be used. A header record (internal label) is located at the beginning of each file and contains the name of the file, the expiration date, and other data. the trailer record, also an internal label, is located at the end of the file and contains batch totals calculated during input.

• Recalculation of batch totals. Batch totals should be recomputed as each transaction record is processed, and the total for the batch should then be compared to the values in the trailer record. A transposition error is an error in which two adjacent digits were inadvertently reversed. They may appear to be trivial but can have enormous financial consequences.

• Cross-footing and zero-balances tests. Often totals can be calculated in multiple ways. A cross-footing test compares the results produced by each method to verify accuracy. The zero-balance test applies this same logic to control accounts.

• Write-protection mechanisms. These protect against overwriting or erasing of data files stored on magnetic media. These mechanisms have long been used to protect master files from accidentally being damaged.

• Concurrent update controls. This controls prevent errors by locking out one user until the system has finished processing the transaction entered by the other. The error is that two or more users attempt to update the same record.

Output controls

• User review of output. Users should carefully examine system output to verify that it is reasonable, that it is complete, and that they are intended recipients.

• Reconciliation procedures. Periodically, all transactions and other system updates should be reconciled to control reports, file status/update reports, or other control mechanisms.

• External data reconciliation. Database totals should periodically be reconciled with data maintained outside the system.

• Data transmission controls. Organizations also need to implement controls designed to minimize the risk of data transmission errors. There are two common data transmission controls.

  • Checksums. When data are transmitted, the sending device can calculate a hash of the file. We call this a checksum. The receiving device performs the same calculation and sends the result to the sending device.

  • Parity bits. Computers represent characters as a set of binary digits, called bits. A parity bit is an extra digit added to the beginning of every character that can be used to check transmission accuracy. Two basic schemes are referred to as even parity and odd parity. The receiving device performs parity checking.

Availability

Interruptions to business processes due to the unavailability of systems or information can cause significant financial losses. The primary objective is to minimize the risk of system downtime. Another objective is quick and complete recovery and resumption of normal operations.

The first objective can be arranged by

• Preventive maintenance. An example is cleaning disk drives and properly storing magnetic and optical media, to reduce the risk of hardware and software failure.

• Fault tolerance. This is the ability of a system to continue functioning in the event that a particular component fails. For example, many organizations use redundant arrays of independent drives (RAID) instead of just one disk drive. With RAID data is written to multiple disk drives simultaneously.

• Data centre location and design. Common design features include the following. Raised floors provide protection from damage caused by flooding. Fire detection and suppression devices reduces the likelihood of fire damage and more. An uninterruptible power supply (UPS) system provides protection in the event of a prolonged power outage, using battery power to enable the system to operate long enough to back up critical data and safely shut down.

• Training. Well-trained operations are less likely to make mistakes and will know how to recover, with minimal damage, from errors they do commit.

• Patch management and antivirus software

The second objective has the following key controls

• Back up procedures. A backup is an exact copy of the most current version of a database, file, or software program that can be used in the event that the original is no longer available.

• Disaster recovery plan (DRP)

• Business continuity plan (BCP)

The recovery point objective (RPO) represents the maximum amount of data that the organization is willing to potentially lose.

The recovery time objective (RTO) represents the length of time that the organization is willing to attempt to function without its information system.

Real-time mirroring involves maintaining two copies of the database at two separate data centers at all times and updating both copies in real-time as each transaction occurs.

There are two types of daily backups

1. An incremental backup involves copying only the data items that have changed since the last partial backup.

2. A differential backup copies all changes made since the last full back up.

A disaster recovery plan (DRP) outlines the procedures to restore an organisation’s IT function in the event that its data center is destroyed by a natural disaster or act of terrorism. A cold site is an empty building that is prewired for necessary telephone and internet access, plus a contract with one or more vendors to provide all necessary equipment within a specific period of time.

A business continuity plan (BCP) specifies how to resume not only IT operations, but all business processes, including relocating to new offices and hiring temporary replacements, in the event that major calamity destroys not only an organization’s data center but also its main headquarters. Having both a DRP and a BCP can mean the difference between surviving a major catastrophe.

Change control is the formal process used to ensure that modifications to hardware, software, or processes do not reduce system reliability. Good change control often results in overall better operating performance: careful testing prior to implementation reduces the likelihood of making changes that cause system downtime, and thorough documentation facilitates quicker ‘trouble shooting’ and resolution of any problems that do occur. Companies with a good change control process are also less likely to suffer financial or reputational harm from security incidents.

Effective change control procedures require regularly monitoring for unauthorized changes and sanctioning anyone who intentionally introduces such changes. Other principles of a well-designed change control process include the following:

• All changes requests should be documented and follow a standardized format that clearly identifies the nature of the change, the reason for the request, the date of the request, and the outcome of the request.

• All changes should be approved by appropriate levels of management.

• To assess the impact of the proposed change on all five principles of systems reliability.

• All documentation should be updated to reflect authorized changes to the system.

• Emergency changes or deviations from standard operating policies must be documented and subjected to a formal review and approval process as soon after the implementation as practicable. All emergency changes need to be logged to provide an audit trail.

• Backout plans need to be developed for reverting to previous configurations in case approved changes need to be interrupted or abandoned.

• User rights and privileges must be carefully monitored during the change process to ensure that proper segregation of duties is maintained.