Return to the USDOJ/OIG Home Page |
Select Application Controls Review of the Federal Bureau of Prisons's Sentry Database System
Report No. 03-25
July 2003
Office of the Inspector General
Authorization Controls (Input) |
VULNERABILITIES |
Data are authorized |
|
1. Controlled and authorized source documents | |
2. Supervisory reviews (Input process) | X |
Restricted terminals |
|
3. Secured/restricted terminals (Audit logs) | X |
4a. Limited transactions (Access controls) | X |
4b. Limited transactions (Segregation of duties) | |
Master files/Exception Reporting |
|
5. Unauthorized transactions | |
6. Reported exceptions | |
Completeness Controls (Processing) |
|
Computer processed transactions |
|
7. Record counts and control totals | |
8. Computer sequence checking | |
9. Computer matching of transaction data | X |
10. Checking reports for transaction data | |
Reconciliations |
|
11. Completeness of data processed in the processing cycle. | |
12. Completeness of data processed for the total cycle. | |
Accuracy Controls (Output) |
|
Data entry design |
|
13. Source documents | |
14. Preformatted screens | |
15. Key verification | |
16. Automated entry devices | |
Data validation |
|
17. Programmed validation | |
18. Tests of critical calculations | |
19. Restricted overriding data validation | |
Erroneous data |
|
20. Controlled rejected transactions | |
21. Reported erroneous data | |
Output reports |
|
22. Control output | |
23. Review of processing reports | |
Controls over Integrity of Processing and Data Files |
|
24. Current versions of production programs and data files | |
25. Routine to verify proper version | |
26. Routine for checking internal file header labels | |
27. Protection against concurrent file updates |