Information Technology Reference
In-Depth Information
The SunGard Data Systems high-
availability command center
oversees services that let
companies continuously access and
process information—with minimal
downtime—even during a disaster.
(Source: © Mike Mergen/
Bloomberg News/Landov.)
Systems Controls
care providers, for example, are now developing controls to combat medical identity
dollars in tests that were never performed. According to the national director for anti-fraud
for Blue Cross Blue Shield, “Our software has become more sophisticated, particularly in
identifying spikes in usage—someone who normally goes to the doctor once a year and
suddenly goes 25 times in a 12-month period.” In another case, a futures and options trader
for a British bank lost about $1 billion. A simple systems control might have prevented a
problem that caused the 200-year-old bank to collapse. Preventing and detecting these prob-
lems is an important part of systems design. Prevention includes the following:
•
Determining potential problems
•
Ranking the importance of these problems
•
Planning the best place and approach to prevent problems
•
Deciding the best way to handle problems if they occur
Every effort should be made to prevent problems, but companies must establish procedures
to handle problems if they occur, including systems controls.
Most IS departments establish tight
systems controls
to maintain data security. Systems
controls can help prevent computer misuse, crime, and fraud by managers, employees, and
others.
Most IS departments have a set of general operating rules that helps protect the system.
Some IS departments are
closed shops
, in which only authorized operators can run the com-
puters. Other IS departments are
open shops
, in which other people, such as programmers
and systems analysts, are also authorized to run the computers. Other rules specify the con-
duct of the IS department.
These rules are examples of
deterrence controls
, which involve preventing problems be-
fore they occur. Good control techniques should help an organization contain and recover
from problems. The objective of containment control is to minimize the impact of a problem
while it is occurring, and recovery control involves responding to a problem that has already
occurred.
Many types of systems controls can be developed, documented, implemented, and re-
viewed. These controls touch all aspects of the organization (see Table 13.1).
systems controls
Rules and procedures to maintain
data security.
closed shops
IS departments in which only
authorized operators can run the
computers.
open shops
IS departments in which people,
such as programmers and systems
analysts, are allowed to run the
computers, in addition to authorized
operators.
deterrence controls
Rules and procedures to prevent
problems before they occur.
