10. Processing Integrity and Availability Controls Flashcards
What does processing integrity consist of
Processing integrity consists of input, processing and output controls. Input controls should prevent inaccurate data from getting into the system.
Describe input controls and who should be allowed to handle that
Tip: source documents and validity
Input controls: only authorized employees should prepare, form, cancellation and storage source documents.
Source documents should be ‘‘cancelled’’ when they are entered into the system.
Furthermore the organization should have automated data entry controls checking the validity of data inputs.
Describe processing controls
Processing controls are controls that ensure data is processed correctly, including data matching before an action takes place, file labels ensures correct and most updated file is used etc.
Describe output controls
Tip: review and cross check
Output controls are additional control over the processing integrity include user review of output and cross check with the general ledger and inventory data for items should match.
What is availability primary objective?
Tip: minimize and recover
Availability is to minimize the risk of system downtime and quickly recover and resume normal operations.
How can the organization minimize risk of downtime
Tip: redundant component, location and training
Minimize risk of downtime include fault tolerance by using redundant components allowing the system to continue if a particular component fails. Data centre location and design and training employees not to make mistakes.
And regular maintenance & patch management
Availability controls: preventive controls can minimize but not eliminate the risk of a downtime. Hardware malfunctions, software problems or humans error can destroy data. Senior management needs to answer two questions which are?
Tip: RPO and RTO
1) degree of willingness to lose data or enter data (organization’s recovery point RPO)
2) how long time can the organization function without its information system (organization’s recovery time objective RTO)
This leads to three backup type which are?
Full back up
Incremental backup, restore in certain order
Differential backup (simple).
Disaster recovery plans and Business continuity plans are designed to mitigate more serious problems than corrupt databases.
What is a business continuity plan (BCP)
Business continuity plan (BCP) specifies how to resume(genoptager) ALL operations, not just IT operations in the event of a major accident.
The Trust Services Framework states that a
reliable system is one that produces information
that is:
• Accurate
• Complete
• Timely
• Valid
Yes
Disaster recovery plans and Business continuity plans are designed to mitigate more serious problems than corrupt databases.
Explain Disaster recovery plan (DRP)
Tip: restore an organization’s IT function in the event that its data center is destroyed.
–> cold, hot and real-time
Cold site: empty building prewired for necessary telephone and Internet access, plus a contract with vendors to provide all necessary equipment within a specific period of time, perhaps a couple of days.
- Hot site: fully functioning copy of data center. Applicable when organization can tolerate from hours up to a full day without AIS.
- Real-time mirroring: two copies of the database at two separate data centers at all times and updating both databases in real-time. If RPO and RTO are zero, the goal is not recovery but resiliency.
