UP TO 50% OFF on Combo Courses!
CLAIM NOW
D H M S

CISA Domain 3 – Information Systems Acquisition, development and implementation- PART 7

PART 7 – CISA Domain 3 – Information Systems Acquisition, development and implementation

  • What are the various data edits and controls?
    • Sequence check
    • Key verification
    • Limit check
    • Check digit
    • Range check
    • Completeness check
    • Validity check
    • Duplicate check
    • Reasonableness check
    • Logical Relationship check
    • Existence check

1. Data validation edits and controls
  • Sequence check:
    • The control number follows sequentially and any sequence or duplicated control numbers are rejected or noted on an exception report for follow-up purposes.
    • For example, invoices are numbered sequentially. The day’s invoices begin with 12001 and end with 15045. If any invoice larger than 15045 is encountered during processing, that invoice would be rejected as an invalid invoice number
  • Limit check:
    • Data should not exceed a predetermined amount.
    • For example, payroll checks should not exceed US $4,000. If a check exceeds US $4,000, the data would be rejected for further verification/authorization.
  • Range check:
    • Data should be within a predetermined range of values.
    • For example, product type codes range from 100 to 250. Any code outside this range should be rejected as an invalid product type.
  • Validity check:
    • Programmed checking of the data validity in accordance with predetermined criteria.
    • For example, a payroll record contains a field for marital status and the acceptable status codes are M or S. If any other code is entered, the record should be rejected.
  • Reasonableness check:
    • Input data are matched to predetermined reasonable limits or occurrence rates.
    • For example, a widget manufacturer usually receives orders for no more than 20 widgets. If an order for more than 20 widgets is received, the computer program should be designed to print the record with a warning indicating that the order appears unreasonable.

  • Existence check:
    • Data are entered correctly and agree with valid predetermined criteria.
    • For example, a valid transaction code must be entered in the transaction code field.
  • Key verification:
    • The keying process is repeated by a separate individual using a machine that compares the original keystrokes to the repeated keyed input.
    • For example, the worker number is keyed twice and compared to verify the keying process.
  • Check digit:
    • A numeric value that has been calculated mathematically is added to data to ensure that the original data have not been altered or an incorrect, but valid, value substituted.
    • This control is effective in detecting transposition and transcription errors.
    • For example, a check digit is added to an account number so it can be checked for accuracy when it is used.
  • Completeness check:
    • A field should always contain data rather than zeros or blanks (No Null value)
    • A check of each byte of that field should be performed to determine that some form of data, not blanks or zeros, is present.
    • For example, a worker number on a new employee record is left blank. This is identified as a key field and the record would be rejected, with a request that the field be completed before the record is accepted for processing.
  • Duplicate check:
    • New transactions are matched to those previously input to ensure that they have not already been entered.
    • For example, a vendor invoice number agrees with previously recorded invoices to ensure that the current order is not a duplicate and, therefore, the vendor will not be paid twice.
  • Logical relationship check:
    • If a particular condition is true, then one or more additional conditions or data input relationships may be required to be true and consider the input valid.
    • For example, the hire date of an employee may be required to be more than 16 years past his/her date of birth.
Points to remember:

  • The CISA is expected to be familiar with each one of the data edit and controls
  • Check digit – Effective in detecting transposition and transcription errors
  • Reasonableness check – A data validation edit control that matches input data to an occurrence rate

Part 1, Part 2, Part 3, Part 4, Part 5, Part 6, Part 7, Part 8, Part 9

AUTHOR
Aswini Srinath ( )
Writer And Editor
I am a qualified Chartered Accountant based out of Chennai, with 8+ years of experience in various roles in finance domain including CA Practice, financial reporting and auditing. I have always been keen to challenge myself by exploring potential capabilities outside of my core competency. Picked up Information Security as one such thing. Cleared CISA with 2nd Rank in ISACA Chennai Chapter in 2019. Since then, i have been sharing my learning and experience to a small group of avid followers, helping them prepare for their CISA exams. This article is also one such attempt, where I summarize the key areas in each domain based on the importance and weightage from an exam point of view.
Threat-Hunting
TOP
whatsapp