Please enable JavaScript.

Coggle requires JavaScript to display documents.

3.4.3 (include: (Reports generated from the system (represent the data…

- - - - The form log should be routinely reconciled to have inventory on hand,
  - - - should properly account for all exceptions, rejections and mutilations
  - - - most reliable and accurate data sources, improperly configured, constructed and prepared reports are still a significant risk.
- - - - Output reports should be distributed according to AUTHORIZED DISTRIBUTION PARAMETERS
      - Operations personnel should verify that
        reports are complete and delivered according to schedule.
      - reports should be LOGGED PRIOR TO DISTRIBUTION
      - Spooling control
        
        processing output is spooled to a buffer or print spool on completion of job processing, where it waits for an available printer.
        
        Risk on reports from being deleted accidentally from print spools or directed to a different printer.
        
        changes to the output print priority can delay printing of critical jobs.
      - Access to distributed reports can compromise confidentiality
        
        physical distribution of reports should be controlled adequately
        
        Reports containing sensitive data should be printed under secure, controlled conditions
        
        Output disposal should also be secured to ensure that no unauthorized access can occur
        
        Secure output drop-off points should be established
        
        Electronic distribution should also be considered, and logical access controls should be put in place.
    - - Data processing application program output should be BALANCED ROUTINELY TO CONTROL TOTALS
        
        Audit trails should be provided to facilitate the TRACKING OF TRANSACTION PROCESSING AND RECONCILIATION OF DATA
    - - Procedures for REPORTING AND CONTROLLING ERRORS contained in the application program output should be established
        
        error report should be timely and delivered to the originating department for REVIEW AND ERROR CORRECTION.
    - - retention schedule should be adhered to firmly. Any governing legal regulations should be included in the retention policy.
      - IS auditor should be aware of existing concerns regarding record retention policies for the organization and address legal requirements.
    - - To provide assurance that sensitive reports are properly distributed, the recipient should SIGN A LOG AS EVIDENCE of receipt of output