356 Part III • Acquiring Information Systems
METHODOLOGY STANDARDS The reliable perform-
ance of a system depends upon how well it was designed
and constructed. No amount of automated checks can
override errors in the software itself.
One way to avoid errors is to develop standard,
repeatable, and possibly reusable methods and techniques
for system developers. The use of standard programming
languages and equipment means that systems developers
will be more familiar with the tools and will be less likely
to make mistakes. A common method is to create a library
of frequently used functions (such as calculation of net
present value or a sales forecasting model) that different
information systems can utilize. Such functions can then
be developed and tested with great care and reused as
needed, saving development time and reducing the
likelihood of design and programming flaws. Most organi-
zations also have standards for designing user interfaces,
such as screen and report layout rules and guidelines.
The importance of standards also extends to the
documentation of the system during construction and the
following period of maintenance and upgrades. If future
programmers do not have access to systems documentation
that is complete and accurate, they could be unaware of prior
changes. Documentation for the system’s users also needs to
be complete and accurate so that system inputs are not incor-
rectly captured and system outputs are not incorrectly used.
Standards are also important for supporting informa-
tion systems and users. A rather extensive set of international
guidelines called Information Technology Infrastructure
Library (ITIL) has been developed. ITIL documents best
practices for management of incidents, problems, system
changes, technology configuration, software releases,
service/help desk operations, service levels, service and
support availability, capacity, continuity (recovery), and
financials. Many organizations are benchmarking their
implementation management practices against these guide-
lines, which originated in 1989 in Great Britain’s Office of
Government Commerce. The goal of using these standards
include to reduce IT costs, increase IT resource utilization,
better align IT with business requirements, reuse proven
methods and tools, and generally refocus IT operations
around customer satisfaction. The IT Service Management
Forum (ITSMF) professional society fosters the ITIL methods
through education, and certification of its members and other
IT professionals, and promotion of the value of ITIL.
VALIDATION RULES AND CALCULATIONS Each time a
data element is updated, the new value can be checked
against a legitimate set or range of values permitted for
that data. This check can be performed in each application
program where these data can be changed (e.g., in a
payables adjustment program that modifies previously
entered vendor invoices) and in the database where they
are stored. Edit rules, ideally stored with the database, are
also used to ensure that data are not missing, that data are
of a valid size and type, and that data match with other
stored values (e.g., a price of a new product is within some
tolerance of the price of similar existing products).
Providing a screen display with associated data can
be a very useful edit check. For example, when a vendor
number is entered, the program can display the associated
name and address. The person inputting or modifying data
can then visually verify the vendor information. Edit rules
can also ensure that only numbers are entered for numeric
data, that only feasible codes are entered, or that some
calculation based on a modified data value is valid. When
feasible, data being entered should be selected from drop-
down lists of possible values, thus minimizing the chance
of keystroke mistakes. These edit checks are integrity rules
that control the data’s validity.
Well-designed user interfaces also will prevent data
entry mistakes. Clear labels to identify each field to be
entered, edit masks that show standard formats for data,
examples of valid data formats, buttons to quickly clear
fields when a user recognizes data entry errors, and similar
user interface guidelines help to control data entry. When
possible errors are identified, immediate and direct error
messages should indicate exactly what data is in error and
why, so the user can correct any mistakes. Overriding data
entry rules should be allowed only when necessary and
should be logged so they can be traced after the fact during
auditing of databases.
Various calculations can be performed to validate
processing. Batch totals that calculate the sum of certain
data in a batch of transactions can be computed both
manually before processing and by the computer during
processing; discrepancies suggest the occurrence of data
entry errors such as transposition of digits. Though they
are not foolproof, such approaches, along with automated
edits, go a long way toward assuring valid input.
Acheck digitcan be appended to critical identifying
numbers such as general ledger account numbers or vendor
numbers; the value of this check digit is based on the other
digits in the number. This digit can be used to quickly
verify that at least a valid, if not correct, code has been
entered, and it can catch most common errors.
Business managers and their staffs are responsible
for defining the legitimate values for data and where
control calculations would be important as a part of the
information captured in the data dictionary. Furthermore,
business managers must set policy to specify if checks can
be overridden and who can authorize overrides. Validation
rules should permit business growth and expansion, yet
reduce the likelihood of erroneous data.