PART 7 – CISA Domain3 – Information Systems Acquisition and Development, and Implementation
What are the different data edits and controls? Sequence check
Key verification
Limit checking
Check digit
Range check
Completeness check
Validity check
Duplicate check
Reasonableness checks
Logical Relationship Check
Check for existence

1. Data validation Edits and Controls
Sequence check: The control number follows in a sequential order. Any sequence or duplicated control numbers will be rejected or noted on an exceptions report for follow up purposes.
Invoices are numbered sequentially, for example. The day’s invoices start with 12001 and end at 15045. Any invoice greater than 15045 will be rejected during processing.

Limit check: Data should not exceed a predetermined limit.
Payroll checks should not exceed US 4000. If a check exceeds US $4,000, the data would be rejected for further verification/authorization.

Range check: Data should be within a predetermined range.
Product type codes can range from 100 up to 250. Any code that is not within this range should be rejected and considered invalid.

Validity check:Programmed validation of data validity according to predetermined criteria.
A payroll record might contain a field for marital status. The acceptable status codes are M and S.

Reasonableness check: Input data are matched to predetermined reasonable limitations or occurrence rates.
A widget manufacturer typically receives orders for 20 widgets. The computer program should be able to print the record with a warning message if an order for more widgets is received.

Check for existence: Data are entered correctly and match predetermined criteria.
In the transaction code field, for example, you must enter a valid transaction number.

Key verification: A separate person uses a machine to verify that the keystrokes are identical to the input.
To verify the keying process, the worker number is compared with the first keyed version.

Check digit: A numeric value that has mathematically been added to data is used to verify that the original data are not altered or that an incorrect but valid value has been substituted.
This control is very effective in detecting transposition errors and transcription errors.
A check digit, for example, is added to an account number in order to verify its accuracy when it’s used.

Completeness check: A field should always contain data, not zeros or empty spaces (No Null value).
To determine if there is any form of data present, it is important to check each byte in that field.
A worker number for a new employee record might be left blank. This is considered a key field, and the record would be rejected. The request to complete the field before the record can be accepted for processing is made.

Duplicate check: New transactions are matched with those that were previously entered to make sure they haven’t been entered.
A vendor invoice number, for example, agrees with previous invoices to ensure that the current order does not duplicate and that the vendor is not paid twice.

Logical relationship check: If a condition is true, then additional conditions or data input relationships might be required. This will make the input valid.
For example, an employee might be required to hire 16 years after his/her birth date.

Here are some points to keep in mind:
CISA should be familiar with all data edit and control procedures
Check digit – Effective in detecting transcription and transposition errors
Reasonableness check – A data validation edit control that matches input information