| Return to the USDOJ/OIG Home Page |
Select Application Controls Review of the Federal Bureau of Prisons's Sentry Database System
Report No. 03-25
July 2003
Office of the Inspector General
Authorization Controls (Input) |
VULNERABILITIES |
Data are authorized |
|
| 1. Controlled and authorized source documents | |
| 2. Supervisory reviews (Input process) | X |
Restricted terminals |
|
| 3. Secured/restricted terminals (Audit logs) | X |
| 4a. Limited transactions (Access controls) | X |
| 4b. Limited transactions (Segregation of duties) | |
Master files/Exception Reporting |
|
| 5. Unauthorized transactions | |
| 6. Reported exceptions | |
Completeness Controls (Processing) |
|
Computer processed transactions |
|
| 7. Record counts and control totals | |
| 8. Computer sequence checking | |
| 9. Computer matching of transaction data | X |
| 10. Checking reports for transaction data | |
Reconciliations |
|
| 11. Completeness of data processed in the processing cycle. | |
| 12. Completeness of data processed for the total cycle. | |
Accuracy Controls (Output) |
|
Data entry design |
|
| 13. Source documents | |
| 14. Preformatted screens | |
| 15. Key verification | |
| 16. Automated entry devices | |
Data validation |
|
| 17. Programmed validation | |
| 18. Tests of critical calculations | |
| 19. Restricted overriding data validation | |
Erroneous data |
|
| 20. Controlled rejected transactions | |
| 21. Reported erroneous data | |
Output reports |
|
| 22. Control output | |
| 23. Review of processing reports | |
Controls over Integrity of Processing and Data Files |
|
| 24. Current versions of production programs and data files | |
| 25. Routine to verify proper version | |
| 26. Routine for checking internal file header labels | |
| 27. Protection against concurrent file updates |