Capt. Horatio T.P. Webb

Some Controls for Transaction Processing

1. General Controls
   1. Segregation of Duties
      1. system design process
      2. programming
      3. operations
      4. transaction authorization
      5. dba
      6. data control
   2. Management Controls
      1. master IS plan
      2. project development plan
      3. processing schedule
      4. assignment of responsibility
      5. periodic performance evaluation
      6. post implementation review
      7. system performance measurement
   3. Physical Access Control
   4. Logical Access Control
      1. passwords
      2. id cards/badges
      3. biometric
      4. user/task compatability matrix
   5. Data Storage Controls
   6. Data Transmission Controls
      1. encryption
      2. routing headers
      3. mutual authentication
      4. dial-back
      5. acknowledgement
   7. Documentation Standards
      1. administrative
      2. system
      3. operations
   8. Downtime avoidance
      1. preventive maintenance
      2. ups
      3. fault tolerant systems
   9. Disaster Recovery
      1. a plan
      2. data and program source backups
      3. duty assignments
      4. documentation
      5. backup facilities
      6. periodic test and review of the plan
   10. Workstation/Server

2. Application Controls
   1. Batch Totals
   2. Source Data Controls
      1. control log
      2. key verification
      3. check digits
      4. prenumbered forms
      5. turnaround documents
   3. Input Validation
      1. field test
      2. limit test
      3. range tests
      4. reasonableness tests
      5. sequence numbers
      6. validity checks
      7. prompting
      8. preformatting or selection
      9. completeness tests
      10. defaults
      11. field verification
      12. transaction log
   4. File Maintenance
   5. external data reconciliation
   6. control account reconciliation
   7. access security
   8. error logs
   9. error reporting
   10. access logs
3. Output Controls

Return to Parks' MIS 4373 Homepage