August 1999
IM218 :INFORMATION MANAGEMENT

QUESTION 2

Total Marks: 20 Marks

Click here to access other questions

SUGGESTED SOLUTIONS
Solutions and allocated marks are indicated in green.
Return to
Question 2

(a) Why are control measures required in an organization? [3]
Control measures ensure the safety of computing assets, accuracy and reliability of data, and operational adherence to computing standards.

 

(b) Recommend a control to prevent each of the following situations from happening, and explain how your recommendation can help the situation.

(i) The 'Hour' field for an hourly-paid employee is supposed to contain '01' for 1 hour, '02' for 2 hours, and so on. The number of hours worked for each employee is recorded on a daily basis. One employee's 'Hour' field contained the number '40' on a particular day, and a check of $6872.51 was accidentally prepared and mailed.

(ii)A programmer obtained the master payroll file, and changed his monthly salary from $2000 to #4500 through the computer console.

(iii) The accounts receivable file on disk was lost and could not be found. It was the only softcopy the company had. The hardcopy was incomplete, and it took weeks to sort out the details of accounts receivable.

(iv) A member of staff was informed by the Human Resource Department that they had received his complaint email. However, the staff member had never sent such an email. Someone in the organization had made use of this person's email account in sending the complaint to Human Resources.

(v) A salesperson, keying in a customer order from a remote computer, inadvertently omitted the delivery address from the order.


[2]

 


[2]


[2]

 

[2]

 


[2]

(i)
Limit check. The 'Hour' field should have a limit if the maximum hours an employee can work for the day. If the input is greater than this limit, it is rejected.

 

(ii)
Access control on data set. Only authorized personnel should have access to the data file. (or:) Separation of EDP controls: The programmer should not have access to the live data.

 

(iii)
Establish file backup and recovery. Important data files should be backed up regularly, with backups kept in separate locations.

 

(iv)
Access control in logging on to the system. Staff members should keep their passwords secret, and change them periodically.

 

(v)
Validity check. The system should have prompted the salesperson before accepting a blank delivery address.

 

(c) (i) Briefly outline the two aims of computer audit.

(ii) Why is audit through the computer preferable to audit around the computer?

(iii) Discuss two disadvantages of audit through the computer, as compared with audit around the computer.

[2]

[3]

 

[2]

(i)
  • to ensure that controls are in place to protect data processing resources;
  • to ensure that transactions are processed according to specified rules and procedures.

 

(ii)
Audit around the computer examines only the input and output for an application system, whereas audit through the computer also examines the logic and controls within the system, and the records produced by the system. Thus auditing through the computer is more thorough.

 

(iii)
  • the need for extensive technical expertise when systems are complex;
  • higher costs, due to more thorough testing.