Chapter 8 Learning Track 4 13
mechanisms provide the most effective safeguards without sacrificing operational
efficiency or cost.
One of the criteria that determine how much control is built into a system
is the importance of its data. Major financial and accounting systems, for
example, such as a payroll system or one that tracks purchases and sales on
the stock exchange, must have higher standards of controls than a system to
inventory employee training and skills or a “tickler” system to track dental
patients and remind them that their six-month checkup is due. For instance,
Swiss Bank invested in additional hardware and software to increase its
network reliability because it was running critical financial trading and
Standing data, the data that are permanent and that affect transactions
flowing into and out of a system (e.g., codes for existing products or cost
centers) require closer monitoring than individual transactions. A single error
in transaction data will affect only that transaction, while a standing data
error may affect many or all trans-actions each rime the file is processed.
The cost effectiveness of controls will also be influenced by the efficiency,
complexity, and expense of each control technique. For example, complete
one-for-one checking may be time-consuming and operationally impossible
for a system that processes hundreds of thousands of utilities payments daily.
But it might be possible to use this technique to verify only critical data such
as dollar amounts and account numbers, while ignoring names and addresses.
A third consideration is the level of risk if a specific activity or process is not
properly controlled. System builders can undertake a risk assessment, determining
the likely frequency of a problem and the potential damage if it were
to occur. For example, if an event is likely to occur no more than once a year,
with a maximum of a $1000 loss to the...