2701.5 Addendum

The integrity cycle includes controls over the creation, implementation, security, and use of computers and computer programs, controls over the operations in computer centers, and controls over the security of data files. Computer controls (1) enhance assurance of the accuracy and reliability of the results of data processing, (2) contribute toward safeguarding University assets, and (3) promote operational efficiency and effectiveness. 

1. Procedures should be established to ensure the selection, installation and implementation of the proper facilities and equipment to meet current and future data processing requirements.  

2. There should be effective control over the deployment and use of personnel and computer resources in the user and computing departments.  

3. A systems development methodology (SDM) should be followed to ensure the development of effective, efficient, maintainable and auditable computer systems. Changes to existing systems should be governed by the same criteria that exist for the development of new systems.  

4. Controls should be in place to ensure the continuous operating capability of the data center (e.g., a computer disaster recovery plan) and the prevention and/or timely detection of equipment misuse and data loss.  

5. There should be programmed procedures in computer programs to ensure the complete and accurate processing of all authorized data, including prevention, detection and correction of errors; and prevention and/or timely detection of unauthorized data.  

6. Methods and procedures should be in place to ensure the adequate documentation of the programs and systems for use by user personnel, data processing personnel, management and auditors.  

7. Procedures should be established to ensure the proper selection, use and control of outside computer centers and service bureaus.  

NOTE: Computer control guidelines to support the Integrity Cycle standards are available through the Internal Audit Department website.