Controls

What is Controls ?


Controls or constraints are restrictions that are imposed on the systems or users so that, the systems can be secured and the risk of damage to applications, de and systems can be reduced. Controls are not only imposed to regulate access, but also to ensure that the corporate database is not populated with nonsensical data. This is done by implementing policies.

Controls consist of organisational procedures methods and policies. These help in ensuring the reliability and correctness of the accounting record and safety of the assets of the organisation. It ale ensures whether the operations are adhering to the management standards or not. It is necessary for the builders and users that they pay close attention to the system during its whole life span.

Type of Controls 


A combination of application controls and general controls are used to control a computer system. The tasks of the 'general controls are to monitor the organisation's wide use of computer programs, establish the framework to control the design and to ensure the security. All these aspects have been shown in figure.

Type of Controls

On the other hand the application controls are application specific.

Following are the some renowned controls:

1) IS Control
  • Input Controls
  • Processing Controls
  • Output Controls
  • Storage Controls
2) Procedural Controls

3) Facility Control
  • Network Security Controls
  • Physical Protection Controls
  • Biometric Controls
  • Computer Failure Controls 
  • Telecommunication Controls

1) Information Security (IS) Controls :


The application controls, also known as the Information Security Controls are designed in such a way that they are able to monitor and maintain the security and quality of the various activities performed by an information system. These activities include storage, input, processing and output.

The information system controls can be both manual and automated. Their prime task is to ensure that the application processes are applied accurately and completely on data that is authorized. The controls which are applied are based on the functional area of the system. The programmed procedures are also taken into consideration.

The propriety, accuracy and validity of information system activities can be ensured with the help of devices or methods known as information system controls. The information system controls are developed with an aim of ensuring that information output, processing techniques, storage methods or data entry are done in a proper way. The objective behind the designing of IS controls is to maintain the security and quality of various activities of the information system which include storage, input, processing and output activities.

Types of Information Security (IS) Controls


Below given is the classification of the information system application controls:

1) Input Controls: 
With the help of the input controls it is possible to check whether the data being entered into the system is complete and accurate or not. Specific input controls for data editing, input authorization, error handling, and data conversion are present.

Example of Input Controls

i) Edit Checks: With the help of these programmed routines it is possible to edit the inputted data, if it was errors. This is done prior to processing. For example, checking of data to ensure that data has been entered in the correct format (passwords should be composed of alphanumeric characters only).

ii) Control Totals: These are established before carrying out the input and processing actions. In order to determine, whether the input data is within the specified limits or in the sequence, computer has to be programmed to carry out the "reasonable checks". For example, a type of control total is a record count that can be used to find out the total number of records that have been inputted. This total can then be compared with the total number of records at the other stages.

iii) Verification: In order to ensure greater accuracy, the source document which has been prepared by one clerk can be verified by another clerk.

iv) Check Digit: Important codes like, customer number can be verified to ensure that they are correct or not with the help of check digit

v) Labels: In order to ensure that the correct file is being processed, this contains information such as file name and date of creation.

vi) Character and Field Checking: To ensure that characters are filled in properly, they are checked with proper mode like numeric, alphabetic and alphanumeric fields.

2) Processing Controls: 
With the use of the processing controls, it is possible to ensure that the data that is being updated is accurate and complete. Using these controls, the errors in logical operations and arithmetic calculations can be easily identified. This ensures that there is no data loss. Processing controls consist:

i) Software Controls: The use of the system can be monitored using them. This prevents unauthorized access to the computer programs and system software.

ii) Hardware Controls: These controls check whether there is any malfunction in the equipment or not, and ensure that the hardware is physically secure. There man be provisions for backup so that, the constant service and continued operation can be provided in those organisations that have critical dependence on their computers.

Example of Processing Controls

i) Checkpoints: As the processing can be resumed from the latest checkpoint, it is possible to minimize the effect of failures or errors that has occurred during the processing with the help of checkpoints

ii) Control Totals: This is also a type of processing total which comprises of computer programs that counts the total number of input or processing transactions.

iii) Computer Matching: These routines match the information kept in the master files with the data that comes as input. For example, software can provide the control totals for the data contained in the file by identifying the file after checking the internal file labels stored in magnetic disk.

3) Output Controls: 
These controls ensure the degree to which the outcomes produced by the computer after processing are complete, correct and properly distributed.

Example of Output Controls

i) Control Totals: The output control totals are compared with the control totals obtained during the input and processing phases. There should be a balance between the total number of input or output transactions, and the total number of processed transactions.

ii) Report Distribution Logs: Documents like report or any other critical documents are delivered to the authorized recipients.

4) Storage Controls: 
With the help of the storage controls, the data resources are protected. The authorized users can only access the resources with the help of passwords, account codes or other security codes. Multilevel passwords are used in most of the cases. The passwords can be in encrypted form in order to achieve even stricter security.

Example of Storage Controls

i) Passwords: Security program on used to prevent unauthorized users from accessing database or files that required proper deification with the help of security programs. For this purpose security codes like passwords are used.

ii) Backup Files: The duplicate files of data programs are known as backup files. If the current files are destroyed then these files can be used to regenerate new current files. Special storage devices are used for storing such files.

2) Procedural Controls :


The way in which the network and computer removes in an organisation can be operated in the maximum secured method is specified by the procedural controls. With the help of such controls, the integrity and accuracy of the computer can be ensured though system development and network activities are carried out. Some of the controls have been listed below: 

i) Standard Procedures and Documentation: 
A standard set of procedures following which the information systems operate is followed by an organisation that uses an IS. The chances of frauds and errors can be minimized, and quality can be promoted, if the standard procedures are followed. Both the IS specialist and the end user are able to know what is expected from them, if they consider the system quality and operating procedures. It is also necessary to keep the documents related to systems and software design, operation of the system up to date once it has been developed. Documents serve as a valuable tool when it comes to the maintenance of the system.

ii) Authorization Requirements: 
Before the final authorization has been given, the systems development and program changes requests are reviewed frequently. For example, the system development manager must consult with the business unit that has been affected, and approve the program changes that have been generated by the maintenance programmers or requested by the end users of the system.

3) Facility Controls :


The task of the facility control is to protect various components of the organisation such as vital data resources, network, hardware and software. In other words, it can be said that the network and computing facilities are their contents which are secured from destruction by the facility controls. In under to protect the vital data resources, hardware and software of a company physical safeguards and different types of control procedures are required.

Types of Facility Controls


Different categories of facility controls de computer failure, physical protection, biometric and network security:

1) Network Security Controls: 
Various security measures are adopted to provide network security. This is generally done by the use of firewalls and encryption.

2) Physical Protection Controls: 
There are varied types of controlling techniques. One such technique popularly used these days is that, only the personnel having authorization is allowed to enter the computer center. In order to protect the computer center, techniques such as closed circuit TV, security alarm, electronic door locks, identification marks and other security policies are deployed.

3) Biometric Controls: 
Biometric control is the method using which it is possible to automatically verify the identity of a person. For this, the person's behavioral or physiological characteristics are used. Some of the popular biometrics are given below:

i) Photo of Face: A picture of the face is captured by the computer. This is then matched with a picture that has been previously stored. In 2002, it was possible to identify a person successfully using this method. Exceptions are found only in cases of identical twins.

ii) Fingerprints: The fingerprint of the concerned person is compared with a template that contains the fingerprint of the authorized person every time he/she wants access to the system. This technology was introduced by Microsoft in 2001 and now it is a part of Windows. With the help of these the people are able to use the fingerprint recognition device by Sony. Other computer manufacturing companies have also started incorporating touch pads that have the ability to scan fingerprints since 2004. This has prevented unauthorized access and made the laptops highly secure.

4) Computer Failure Controls: 
There are various reasons that lead to the failure of a computer system. Some of them are hidden errors in the program, mechanical malfunctions of the peripheral components, malfunction of the electronic circuits or power failures. These failures can be avoided or prevented by taking remote or automatic maintenance initiatives. In order to avoid failure of the computer system various steps are taken by the information services department. This can be done by carefully scheduling the software and hardware changes and installing computer systems that are maintainable.

5) Telecommunication Controls: 
An important role is played by the control software and the telecommunication processors in the control of data communication operation. Apart from this, it is possible to transmit data in "scrambled and unscrambled forms by the computer system only for the authorized users". This method is known as 'encryption'.

Advantages of Controls


  1. Data Accuracy: Controls ensure that data entered into the system is accurate, complete, and consistent, reducing errors and inaccuracies in decision-making.
  2. Risk Management: Controls help identify and mitigate risks related to data integrity, security breaches, and compliance with regulations, reducing the likelihood of financial losses and legal liabilities.
  3. Improved Decision Making: Reliable data provided by MIS controls enables managers to make well-informed decisions quickly and confidently, leading to better business outcomes.
  4. Operational Efficiency: Controls streamline processes by automating routine tasks, reducing manual errors, and improving workflow efficiency, ultimately saving time and resources.
  5. Security Enhancement: MIS controls include security measures such as access controls, encryption, and authentication protocols, safeguarding sensitive information from unauthorized access and cyber threats.
  6. Compliance: Controls ensure that the organization adheres to regulatory requirements and industry standards, avoiding penalties, fines, and reputational damage associated with non-compliance.

Disadvantages of Controls 


  1. Cost: Implementing and maintaining robust controls in MIS can be expensive, requiring investments in technology, infrastructure, training, and ongoing monitoring.
  2. Complexity: As MIS controls become more sophisticated to address evolving threats and compliance requirements, they can introduce complexity into systems and processes, potentially leading to confusion and resistance from users.
  3. User Resistance: Strict controls may impede user productivity and creativity, as employees may perceive them as bureaucratic obstacles that slow down their work processes.
  4. Over-reliance: Excessive reliance on MIS controls may create a false sense of security, leading managers to overlook potential risks and vulnerabilities that are not adequately addressed by existing controls.
  5. Maintenance Challenges: Regular maintenance and updates are required to keep MIS controls effective against emerging threats and changing business needs, which can strain resources and require ongoing attention from IT staff.
  6. Potential for Errors: Despite the presence of controls, human error can still occur, especially if users circumvent or ignore established procedures, leading to data inaccuracies and security breaches.