Literary Warrant for Functional Requirement #7a
This requirement derives from the law, customs, standards and
professional best practices accepted by society and codified in the literature of different professions concerned with records and
recordkeeping. The warrant is as follows:
Citation Institute of Internal Auditors Research Foundation. Systems Auditability and Control Report.
Module 2 Audit and Control Environment
Pages 2-7
Extract Application controls are specific to the flow of transactions for a particular system or function and
are designed to ensure authorized, accurate, and complete processing of a transaction from input,
through processing, to the output of information. Application controls are designed to prevent, detect,
and correct errors and irregularities as transaction flow through the business system.
Citation "Internal Control Structure" Bailey, Larry P. Miller GAAS Guide: A Comprehensive Restatement
of Generally Accepted Auditing Standards . 1995
Pages 7.10
Extract Recording transactions. Policies and procedures must be adopted to reasonably ensure that
authorized transactions are properly recorded. To be properly recorded, a transaction must be recorded
for the correct quantity, in the correct account, and in the proper accounting period.
Citation The Institute of Internal Auditors Research Foundation; Systems Auditability and Control, Module
5, Managing Info. & Developing Systems, 1991
Pages 5-42
Extract Controls should ensure that only information that adheres to data standards is accepted by the
system for either addition or update.
Citation The Institute of Internal Auditors Research Foundation; Systems Auditability and Control, Module
5, Managing Info. & Developing Systems, 1991
Pages 5-43
Extract Edit and Validation Rules - Proper edit and validation rules ensure that only data that are in the
proper format and range can be added to the database. These rules help to ensure that the integrity of
the database is maintained and that only the proper form and value ranges can be entered into the
system.
Citation The Institute of Internal Auditors Research Foundation; Systems Auditability and Control, Module
6, Business Systems, 1991
Pages 6-102
Extract AUDIT CONSIDERATIONS The internal auditor should consider the following when reviewing
retail merchandise planning and buying systems: Verify the accuracy and completeness of interfaces to
the open-to-buy, reordering, and accounts payable systems, and the item master and vendor master
subsystems.
Citation American Institute of Certified Public Accountants; Management Advisory Services Practice Aids:
Technical Consulting Practice A ID 11; "Conversion to a Microcomputer-Based Accounting System,
1989.
Pages 15
Extract ESTABLISH CONTROLS FOR DATA INPUT Control of data input is essential to produce
accurate and complete computer files. The controls, which can include document counts, item counts,
dollar totals, batch totals, and hash totals, are suitable for monitoring the input of both start-up
information and daily operations. If input is accurate, the previously established control values will
correspond with the computer-generated output.
Citation EDI Security, Control, and Audit by Albert J. Marcella, Jr., and Sally Chan (Massachusetts:
Artech House 1993)
Pages 75,76
Extract Validation controls. These controls prevent or detect errors or omissions in the recording,
preparing, and entering of data for processing.
Citation Ian B. Gilhooley Information Systems Management, Control and Audit (Altamonte Springs, Fla.:
The Institute of Internal Auditors 1991)
Pages 241
Extract The data control responsibilities under the heading of quality control are fairly straightforward: to
make sure that the input to the various application systems is complete, accurate and timely and that the
output reports from these systems are similarly complete, accurate, timely and properly distributed to the
correct users.
Citation Ian B. Gilhooley Information Systems Management, Control and Audit (Altamonte Springs, Fla.:
The Institute of Internal Auditors 1991)
Pages 286
Extract INPUT ERRORS Input errors which are allowed through the editing process can have a potentially
devastating impact on an application system. All processing subsequent to the edit routines within an
application system usually assumes that only val ID data are now being handled. Consequently, little
revalidation is performed and the erroneous input is applied to the master files and/or to the report files.
To correct a problem of this type it is often necessary to take special custom coded routines to "cleanse"
the master files of the erroneous data.
Citation Ian B. Gilhooley Information Systems Management, Control and Audit (Altamonte Springs, Fla.:
The Institute of Internal Auditors 1991)
Pages 366
Extract Domain checking by the DBMS ensures the adherence of the values in a data element to the
attributes or value ranges that have been established for that data element.
Citation Ian B. Gilhooley Information Systems Management, Control and Audit (Altamonte Springs, Fla.:
The Institute of Internal Auditors 1991)
Pages 403
Extract INTEGRITY CONTROLS In order to ensure correct transmission, the content and form of the
message should be standardized and strictly followed. The minimum tests for message validity are as
follows: * Positional edits for correct control characters, address and data fields, and line and
format constraints. * Data validation for routing numbers, addresses, type codes, and user specific,
content-oriented information. * Authorization checks for coded data, test words, and other security
tests, such as identical currency fields.
Citation "Procedures and General Requirements" `NVLAP' National Voluntary Laboratory Accreditation
Program (U.S. Department of Commerce/Technology Administration and National Institute of Standards
and Technology, NIST Handbook 150)
Pages 24
Extract All measuring and testing equipment having an effect on the accuracy or validity of calibrations or
tests shall be calibrated and/or verified before being put into service. The laboratory shall have an
established program for the calibration and verification of its measuring and test equipment. The
program will ensure the recall or removal from service of any standard or equipment which has
exceeded its calibration interval or is otherwise judged to be unreliable.
Citation "Guideline on Functional Specifications for Database Management Systems" Category: Software;
Subcategory: Data Management Applications. Federal Information Processing Standards Publication 124
(U.S. Department of Commerce/ National Bureau of Standards, 30 September 1986)
Pages 8
Extract Integrity (mandatory). The DBMS must allow checking occurrences of attribute values against a
specified set of allowed values. The DBMS must also allow the specification of assertions and
triggers.
Citation Condition of Participation: Medical Records Services, Health Care Financing Administration, 42
CFR, Chapter 4, 482.24
Extract (b) Standard: Form and retention of record. The hospital must maintain a medical record for each
inpatient and outpatient. Medical records must be accurately written, promptly completed, properly filed
and retained, and accessible. The hospital must use a system of author identification and record
maintenance that ensures the integrity of the authentication and protects the security of all record
entries.
Citation Wright, B. The Law of electronic commerce. 1991.
Pages 114
Extract To admit electronic message contents into evidence or, ultimately, to prove their authenticity to the
trier of fact, the proponent generally must show origin and integrity. He must show who or what
originated the message and whether its contents are complete and in the form intended, free from error
or fabrication.
Citation Electronic Industry Data Exchange. ASC 12 Convention : Version 3 : Electronic Industry Data
Guidelines. Washington Publishing Co., 1994.
Pages 8
Extract Integrity of the information is extremely important in EDI because the same data is used many
times in the interchange process. EDI is at its best when data is validated at the front-end of the
process so it is correct for the rest of the steps in the process.