Table 3.4.1: Preventive Controls Purpose Manual Control Computerized Control Restrict unauthorized entry into the premises. Build a gate and post a security guard. Use access control software, smart card, biometrics, etc. Restrict unauthorized entry into the software applications. Keep the computer in a secured location and allow only authorized person to use the applications. Use access control, viz. User ID, password, smart card, etc. (B) Detective Controls: These controls are designed to detect errors, omissions or malicious acts that occur and report the occurrence. In other words, Detective Controls detect errors or incidents that elude preventive controls. For example, a detective control may identify account numbers of inactive accounts or accounts that have been flagged for monitoring of suspicious activities. Detective controls can also include monitoring and analysis to uncover activities or events that exceed authorized limits or violate known patterns in data that may indicate improper manipulation. For sensitive electronic communications, detective controls can indicate that a message has been corrupted or the sender’s secure identification cannot be authenticated. Some of the examples of Detective Controls are as follows: Review of payroll reports; Compare transactions on reports to source documents; Monitor actual expenditures against budget; Use of automatic expenditure profiling where management gets regular reports of spend to date against profiled spend; Hash totals; Check points in production jobs; Echo control in telecommunications; Duplicate checking of calculations; Past- due accounts report; The internal audit functions; Intrusion Detection System; Cash counts and bank reconciliation and Monitoring expenditures against budgeted amount. The main characteristics of such controls are given as follows: • Clear understanding of lawful activities so that anything which deviates from these is reported as unlawful, malicious, etc.; © The Institute of Chartered Accountants of India
3.27 INFORMATION SYSTEMS AND ITS COMPONENTS • An established mechanism to refer the reported unlawful activities to the appropriate person or group; • Interaction with the preventive control to prevent such acts from occurring; and • Surprise checks by supervisor. (C) Corrective Controls: It is desirable to correct errors, omissions, or incidents once they have been detected. They vary from simple correction of data-entry errors, to identifying and removing unauthorized users or software from systems or networks, to recovery from incidents, disruptions, or disasters. Generally, it is most efficient to prevent errors or detect them as close as possible to their source to simplify correction. These corrective processes also should be subject to preventive and detective controls, because they represent another opportunity for errors, omissions, or falsification.
You've reached the end of your free preview.
Want to read all 86 pages?
- Spring '20
- Database management system