NCJ Number
67397
Journal
Journal of Accountancy Volume: 146 Issue: 4 Dated: (OCTOBER 1978) Pages: 89-92
Date Published
1978
Length
4 pages
Annotation
INTERNAL SAFEGUARDS FOR ELECTRONIC FUNDS TRANSFER SYSTEMS (EFTS) ARE DESCRIBED.
Abstract
THE DEVELOPMENT OF SAFEGUARDS FOR ON LINE EFT SYSTEMS MAINLY INVOLVES THE EXTENSION OF FAMILIAR AUDITING AND CONTROL CONCEPTS TO DEAL WITH THE EFT ENVIRONMENT. ONE ASPECT IS TO SEPARATE THE FUNCTIONS OF PERSONNEL IN THE DESIGN AND CODING PHASE OF THE SYSTEM DEVELOPMENT PROCESS, SO THAT ONE EMPLOYEE DOES NOT HAVE THE OPPORTUNITY IN REGULAR JOB FUNCTIONS TO INITIATE AND COVER UP FRAUD. A DATA BASE ADMINISTRATOR SHOULD CONTROL ALL PROGRAMS ADDED TO THE SYSTEM LIBRARY. SUCH PROGRAMS SHOULD BE DESK CHECKED AND TESTED FOR CORRECTNESS BEFORE THEY ARE ADDED. MINIMUM DOCUMENTATION STANDARDS SHOULD BE ESTABLISHED FOR ALL APPLICATIONS CODES. THIS DOCUMENTATION SHOULD INCLUDE SUCH ITEMS AS INPUTS REQUIRED, OUTPUT PRODUCED, STANDARDS FOR OPERATION OF THE PROGRAM, SIZE OF THE PROGRAM, AND LISTING OF THE SOURCE CODE. ANY EXTERNAL REFERENCES SHOULD BE INCLUDED, ALONG WITH A BOUNDS CHECK ON ANY RUNNING PROGRAM. A VARIETY OF AUTOMATIC CONTROLS SHOULD BE BUILT INTO THE SYSTEM, INCLUDING 'REASONABLENESS' CHECKS ON TRANSACTION SIZE OR NUMBER OF TRANSACTIONS AND EXCEPTION REPORTS ON ACCOUNTS THAT SUDDENLY BECOME ACTIVE. THOROUGH INVESTIGATIONS SHOULD BE MADE ON ALL PERSONS WHO SET UP ACCOUNTS TO COLLECT FUNDS. AN INDEPENDENT REVIEW OF APPLICATIONS SOFTWARE AND ITS ASSOCIATED DOCUMENTATION SHOULD ALSO BE CONDUCTED. ENSURING THE TOTAL CORRECTNESS OF THE SYSTEM IS NOT THE FUNCTION OF THE SOFTWARE AUDITORS. THE SOFTWARE AUDITOR SHOULD REVIEW THE CODE AND PROVIDE RECOMMENDATIONS TO STRENGTHEN WEAK SPOTS IN THE INTERNAL DOCUMENTATION AND STRUCTURE OF THE PROGRAM. (AUTHOR ABSTRACT MODIFIED --RCB)