(a) The control techniques that follow give guidance to
financial and EDP personnel involved in the development and
maintenance of financial systems. Computer Control
Guidelines, published by the Canadian Institute of Chartered
Accountants, and the volume on control of the Systems
Auditability and Control Study of the Institute of Internal
Auditors, provide further information.
(b) Techniques for control include project management
practices such as phased development, economic justification, and
full documentation. These practices are required by Treasury
Board directives and guidelines contained in the Project
Management Policy (Chapter 2-2) of the Capital Projects and
Procurement Volume, Treasury Board Manual, and are not
repeated here.
(a) The authorization of transactions should not be performed
by personnel who have custody of assets or access to records.
(b) Instructions for the preparation of source documents
should be documented.
(c) Time frames should be established for the processing of
source documents from the point of receipt to the
input-preparation stage.
(d) Transmittal documents should be used to control the flow
of documents from the originating source to the input-preparation
stage.
(e) A quality review of source documents should be provided
for.
(f) Retention time periods for original source documents
should allow sufficient time for the detection and correction of
errors.
(g) The authority to initiate source documents should be
limited.
(h) Each source document should be assigned a number for
identification purposes, preferably through preprinted sequential
numbers.
(i) Special-purpose forms should be used to present data in
the format required for data entry.
(j) The authorized use of source documents and input forms
should be restricted.
(k) Separation of duties should be maintained in the following
areas:
- separation of the data processing department from its
functional users,
- segregation of duties within the data processing department,
and
- separation in the user department between source data
generation and other functions.
(l) Approval signatures on source documents should be used for
providing evidence of proper transaction authorization and for
audit trail purposes.
(m) A manual review of source documents should be performed by
user personnel to ensure completeness and accuracy of input.
(n) Source document logs should be maintained by each user
organization to record the flow of transactions and batches in
order to identify missing items and maintain accountability.
(o) Record-handling procedures that provide user personnel
with instructions for error detection, correction, and
re-submission of source documents should be reassessed
periodically.
(p) Error logs should be used to follow up unresolved errors
and to ensure their correction and timely re-entry into a system.
Such error logs should not be maintained in the data processing
area.
(a) Independent verification of data input.
(b) Predefined and stored formats to ensure that data are
recorded in the proper fields, formats, and characters.
(c) Data input transactions, edited and validated close to
source to minimize processing of erroneous data.
(d) Use of controls to verify input as being received from an
authorized source.
(a) Use of processing schedules to determine that all
transactions have been received and entered on time.
(b) Use of turnaround documents such as payment advices for
accounts receivable.
(c) Use of record logs to show the receipt and disposition of
data, to account for all batches received, and to establish an
audit trail within the system.
(d) Use of a batch header record as a control document for the
individual source documents in that batch. Information on the
batch header record (such as batch total, transactions count, and
batch number) is used in verifying the completeness and accuracy
of the batch.
(e) Automated balancing to batch header control totals, with
procedures for reconciling differences and authorizing
corrections.
(a) Interactive error correction in the case of input terminal
systems, to permit immediate detection, display, and correction
of errors.
(b) Issuance of edit error listings prior to processing, in
the case of batch-oriented systems, with correction prior to
processing of data.
(c) Error messages indicating the suggested corrective action
to be taken for each data field that is in error.
(d) Editing of corrected data using the same data validation,
batch balancing, and error-handling routines as for the original
data.
(e) Production of control totals for rejects as well as for
accepted data.
(f) Statistics on all errors, with corrective action on
repeated occurrences.
(g) An input control function that is independent from source
data preparation, to control error handling and ensure correction
of data.
(a) Steps should be taken to ensure that there will be no
further processing of source documents following input
preparation.
(b) Procedures should provide for returning illegible or
incomplete source documents.
(c) Dual custody of accountable forms should be maintained. A
member of the data processing organization and a member of the
user department should jointly authorize the release of
prenumbered forms from storage.
(a) Couriers should be bonded.
(b) Back-up copies should be kept of all magnetic tapes,
cards, or other media used for data transmittal.
(c) Record counts and batch totals should be used to ensure no
data have been lost in transmittal.
(d) Access to the data should be limited to authorized
personnel.
(a) Internal control totals should be used during
transmission.
(b) Re-transmission by the transmitting unit of transaction
data that are detected by the receiving unit to be in error.
(c) All incoming and outgoing messages should be
validated.
(d) Line usage records and statistics for audit trail purposes
should be kept.
(e) Message sequence numbers should be assigned to all input
and output messages and recorded on an input/output message log
to assist in system recovery or to restart and trace
messages.
(f) All errors and re-transmission of messages should be
logged and statistics of re-transmissions should be
maintained.
(g) The user manual should include error-correction procedures
of transmissions.
(a) Computer-generated transactions should be monitored
through programs that print these transactions, thereby enabling
users to perform a manual check on the computer-generated
transactions. Computer generated transactions may include balance
controls between programs in the system, which may take the form
of reasonableness checks or run-to-run control totals.
(b) A system of automated control totals for balancing the
entire system and for balancing between systems should be
developed and should be adequately explained in the technical
documentation.
(c) Anticipation controls such as sequence checking may be
used within the system to anticipate each transaction and detect
missing transactions.
(d) Exception reports should be prepared each time a program
control is overridden or bypassed.
(e) Computer files should be balanced by reconciling the
number of records on the opening of a file and changes made
during processing with the closing balance. Control records
should contain totals of amounts and record counts for each
critical data field on the file.
(f) Rejects should be logged by the system, to show that all
rejects have been corrected and re-submitted.
(g) Automated suspense files should be generated by the system
for all rejected transactions. These error suspense files should
be maintained by the data processing organization to follow up
corrected transactions that are rejected.
(h) Discrepancy reports from the error suspense file should be
printed periodically and provided to users of the system to
ensure that the handling of errors results in their correction
and re-entry in a timely manner.
(a) A formal library system should be developed for the
handling of all application system data files.
(b) External and internal labels should be used to prevent the
misuse of files.
(c) Access to records and files should be restricted to
authorized users by security-classification level.
(d) All system enquiries should be recorded on an independent
file, and an enquiry report should be produced for review by data
processing management.
(e) Access authorization tables should be updated regularly
and only on the basis of authorization by those with designated
authority.
(f) Procedures should provide for formal authorization of any
program modification. Such modifications should be authorized
only by the user.
(g) Steps should be taken to ensure that the master file can
be reconstructed by maintaining independent copies of it and the
intervening transactions. Access to file copies should also be
restricted to authorized users.
(h) Systems should be designed to report on an exception basis
those records and fields which exhibit no activity for a
significant period of time.
(i) Systems should be designed to report on an exception basis
those records and fields which exhibit excessive activity.
(j) Critical files should be scanned periodically by an audit
program to report illogical or incorrect file content.
(k) Back-up procedures should exist for all critical files.
These procedures should provide for off-site data, program
back-up, and hardware back-up.
(l) Recovery and restart procedures should exist for all
critical application systems.
(m) A disaster plan should be in place in case of loss of
application data or system software, or of equipment or key
personnel.
(a) Output control totals should be reconciled with input
totals before reports are released.
(b) Statistical records of output reports should be maintained
on the system and printed, summarizing the number of application
reports generated, number of pages per report, cost per report,
and number of lines per report.
(c) In on-line systems the number of transactions per period
should be balanced against output control totals. Variances
between input and output quantities should be monitored.
(d) Output reports should be scheduled so that users know when
to anticipate them, and follow-up action should be initiated when
reports are delayed.
(e) Output reports should be delivered only to authorized
recipients.
(f) Report distribution should be limited to the authorized
number of report copies.
(g) Users should be furnished with a report that reconciles
manually maintained batch totals with totals accumulated by the
computer system for the particular application.
(h) Sampling and other quality-control techniques should be
used for checking the accuracy and completeness of reports.
(i) Negotiable documents should be moved from the storage area
to the computer operations area and back, under the dual custody
of members from data processing and the user organization.
(j) An independent history file of errors should be kept
independently of processing files to analyze report error trends
and statistics by type, source, and frequency.
(k) Provision should be made for feedback from output
recipients as to the timeliness, accuracy, and suitability of
system reports.
|