Literary Warrant for Functional Requirement #9b
This requirement derives from the law, customs, standards and
professional best practices accepted by society and codified in the literature of different professions concerned with records and
recordkeeping. The warrant is as follows:
Citation The Institute of Internal Auditors Research Foundation; Systems Auditability and Control, Module
7, End-user and Dept. Computing, 1991.
Pages 7-23
Extract Specific risk considerations that apply to EUC [END USER COMPUTING] include the following:
A user may access database files directly and independently of the program. Files may be rearranged, or
data may be changed or deleted. The structure of the database may be compromised, and its continued
operation may be unreliable.
Citation The Institute of Internal Auditors Research Foundation; Systems Auditability and Control, Module
7, End-user and Dept. Computing, 1991
Pages 7-25
Extract Some specific areas of spreadsheet risk include the following .. Spreadsheets tend to grow quickly
and uncontrollably, often with no record of changes. Structural changes implemented at a later date can
often change correct data into incorrect data, especially when successive changes are not
documented.
Citation The Institute of Internal Auditors Research Foundation; Systems Auditability and Control, Module
5, Managing Info. & Developing Systems, 1991
Pages 5-61
Extract When the data of one system are manipulated or data are added or deleted to accommodate the
new system (whether done programmatically or manually), controls should be in place to ensure that
data are converted accurately and completely.
Citation The Institute of Internal Auditors Research Foundation; Systems Auditability and Control, Module
6, Business Systems
Pages 6-54
Extract Additional EFT Controls -- Additional control features specific to an EFT system may include the
following: ... Use of multipart transfer request forms to facilitate verification and prevent unauthorized
changes.
Citation EDI Security, Control, and Audit by Albert J. Marcella, Jr., and Sally Chan (Massachusetts:
Artech House 1993)
Pages 17
Extract EDI translation software typically includes these security and control provisions * Routines that
are designed to facilitate sequencing of both sending and receiving EDI transmissions for which (1)
sending translations provide error correction, suspense file maintenance, and transmission compression;
and (2) receiving translations provide translation verification from public standard format to internal
format, as well as provisions for detecting "dropped" data via record control counts.
Citation EDI Security, Control, and Audit by Albert J. Marcella, Jr., and Sally Chan (Massachusetts:
Artech House 1993)
Pages 129
Extract Auditors should consider how processing might go wrong, given the additional opportunities for
error that the EDI translation and communications software layers introduce. For example, with respect
to the control objective of ensuring that all transactions that should be recorded are recorded, the
possibility that transactions might be lost between the business application and the translation software
or vice versa must be addressed.
Citation "Electronic Manuscript Preparation and Markup", Z39.59-1988, ISSN: 1041- 5653; American
National Standard for Electronic Manuscript Preparation and Markup, Approved 1 December 1988 by
American National Standards Institute (ANSI) Developed by The National Information Standards
Organization (NISO), (New Brunswick: Transcation Publishers 1988).
Pages 4
Extract 3. Generic Tagging, popularly called generic coding, is the process of identifying document
elements without specifying the ultimate presentation function, typographic or visual, to be performed.
The tagged elements can be recognized and processed at each step from manuscript creation through
production of publications without rewriting or rekeying the text. Generic tagging derives from data
management techniques whereby data structures are identified independently of any particular
information processing system or application. Tagged documents may be used in multiple system, for
diverse application.
Citation 8 CFR Sec. 299. 4 Chapter I Subchapter B Part 29. Reproduction of forms by private
parties.
Extract An electronic reproduction must be complete, containing all question which appear on the official
form. The wording and punctuation of all data elements, and identifying information must match
exactly. No data elements may be added or deleted. The sequence and format for each item on the
form must be replicated to mirro the authorized agency form. Each item must be printed on the same
page in the same location.....2) Final form must match the design, format, and dimensions of the officail
form. All blocks must remain the same size and lines must remaind the length. No variation will be
permissilbe.
Citation 36 CFR PART 1234 -- ELECTRONIC RECORDS MANAGEMENT. Subpart C -- Standards for
the Creation, Use, Preservation, and Disposition of Electronic Records
Pages 1234.28
Extract Agencies shall select appropriate media and systems for storing agency records throughout their
life, which meet the following requirements: (3) Retain the records in a usable format until their
authorized disposition date