In this section, we apply the control framework to the generic system described above. Figure 9.6 presents a completed control matrix for the systems flowchart shown in Figure 9.5.
This matrix shows format and assumptions similar to those made in Figure 9.4. The recommended control plans listed in the first column in Figure 9.6 are representative of those commonly associated with controlling the data entry process when master data is available. Most of the control plans described with Figure 9.3 and Figure 9.4 may also be applicable. But, for simplicity, we will not repeat them here.
In this section, we first see in general terms how several of the control plans work.1 Then, Table 9.3 describes each of the cell entries in the control matrix. As you study the control plans, be sure to track where they are located on the systems flowchart.
P-1: Enter data close to the originating source. This is a strategy for capture and entry of event-related data close to the place (and probably time) that an event occurs. Online transaction entry (OLTE), online real-time processing (OLRT), and onlinetransaction processing (OLTP) are all examples of this processing strategy. When this strategy is employed, databases are more current and subsequent events can occur in a more timely manner. Because data are not transported to a data entry location, there is less of a chance that inputs will be lost (input completeness). The input can be more accurate because the data entry person may be in a position to recognize and immediately correct input errors (input accuracy). Finally, some efficienciescan be gained by reducing the number of entities handling the event data.
|
P-2: Digital signatures. Whenever data are entered from remote locations via telecommunications channels like the Internet, there is the risk that the communication may have been sent by an unauthorized system user or may have been intercepted/ modified in transit. To guard against such risks, many organizations employ digital signatures to authenticate the user’s identity and to verify the integrity of the message being transmitted. To learn more about how digital signatures work, see Appendix 9A, and Technology Application 9.1. |
P-3: Populate inputs with master data. Numeric, alphabetic, and other designators are usually assigned to entities such as customers, vendors, and employees. When we populate inputs with master data, the user merely enters an entity’s identification code and the system retrieves certain data about that entity from existing master data. For example, the user might be prompted to enter the customer ID (code). Then, the system automatically provides information from the customer master data, such as the customer’s name and address, preferred shipping method, and sales terms. Fewer keystrokes are required, making data entry quicker, more accurate, and more efficient. To ensure that system users have not made a mistake keying the code itself, they compare data provided by the system with that used for input. Finally, the entry cannot proceed without valid (authorized) master data that includes such items as terms and credit limits that were previously recorded via a data maintenanceprocess.
P-4: Compare input data with master data. A data entry program can be designed to compare the input data to data that have been previously recorded. When we compareinput data with master data we can determine the accuracy and validity of the input data. Here are just two types of comparisons that can be made:
- Input/master data dependency checks. These edits test whether the contents of two or more data elements or fields on an event description bear the correct logical relationship. For example, input sales events can be tested to determine whether the person entering the data is listed as an employee of that customer. If these two items don’t match, there is some evidence that the customer number or the salesperson identification was input erroneously.
- Input/master data validity and accuracy checks. These edits test whether master data supports the validity and accuracy of the input. For example, this edit might prevent the input of a shipment when there is no record of a corresponding customer order. If there is no match, we may have input some data incorrectly, or the shipment might simply be invalid. We might also compare elements within the input and master data. For example, we can compare the quantities to be shipped to the quantities ordered. Quantities that do not match may have been picked from the shelf or entered into the computer incorrectly.
Review Question How does each control plan listed in the control matrix in Figure 9.6work? |
Explanation of control matrix cell entries. Armed with an understanding of the mechanics of certain control plans, let’s now turn our attention to Table 9.3 —Explanation of Cell Entries for Control Matrix in Figure 9.6. Notice how data entry by the customer affects these controls. See whether you understand the relationship between each plan and the goal(s) that it addresses. Remember that your ability to explainthe relationships between plans and goals is most important.
P-1: Enter data close to the originating source. Operations process goal A, Efficient employment of resources: This strategy places users in a position to process events immediately (i.e., no time taken to send to a data entry location). Being familiar with the input may allow the user to input events more quickly. In this processs, the direct entry of input data by customers eliminates the cost associated with the handling of the event data by additional personnel. Input completeness: Because inputs are captured at the source, they are less likely to be lost as they are transported to the data entry location. Input accuracy: Because customers are familiar with the event data being entered, they are less likely to make input errors and can more readily correct these errors if they occur. P-2: Digital signatures. Security of resources, Input validity: Digital signatures authenticate that the sender of the message has authority to send it and thus prevents the unauthorized diversion of resources. Input accuracy: Detects messages that have been altered in transit, thus preventing input of inaccurate data. P-3: Populate inputs with master data. Operations process goal A, Efficient employment of resources: Direct entries of data by the customer should improve the speed and productivity of the event because the order entry department does not have to type in additional data about the customer’s order after the customer submits it. In addition, direct customer entry means that the department does not need to reenter the original order information. Input validity: The code entered by the user calls up data from existing records (e.g., a customer record, a sales order record) and those data establish authorization for the event. For example, without a customer record, the sales order cannot be entered. Input accuracy: Fewer keystrokes and the use of data called up from existing records reduces the possibility of input errors. P-4: Compare input data with master data. Operations process goal A, Efficient employment of resources: Events can be processed on a more timely basis and at a lower cost if errors are detected and prevented from entering the system in the first place. Input validity: The edits identify erroneous or suspect data and reduce the possibility of the input of invalid events. Input accuracy: The edits identify erroneous or suspect data and reduce input errors. |
- 3566 reads