most cities use a form of software for accounting activities. But imagine if your
entire city accounting system is run on a bunch of simple electronic
spreadsheets. You open one up and start entering data. What could go wrong?
just thought about many things.
goodness you have that accounting software instead of a bunch of spreadsheets.
Yet, the Arkansas Division of Legislative Audit reports that “data integrity”
is the number one information security issue they found in the audits they
performed. They define data integrity as the “ability of employees to change
receipt or disbursement information after issuance or to edit or delete records
without proper approval.”
despite using software in many cases, cities still struggle with data integrity
issues like the ones that could happen in a simple spreadsheet. Let’s look at a
few ways to assess, fix, and overcome some common data integrity issues.
state requires an audit or not, it’s helpful to audit your financial systems to
identify data integrity issues. An experienced third party can evaluate overall
processes and issues with who may input, change, and delete data. On a technical
level, the auditor should also look at the underlying rules, code, and logic
that allow for data input.
something will come up in the audit that needs fixing. You may also find that
the auditor recommends modernizing with a new system (especially if an older
system lacks appropriate data integrity measures). Arkansas doesn’t mince words
when it says, “We recommend that application users work with the application
vendor to modify the software to include the data input edits that would
eliminate vulnerabilities.” Whichever route you go, work with experienced IT
professionals and application vendors to oversee any fixes, changes, or implementations
of new applications.
fixing your current application or using a new application, you want to ensure
that it has the proper controls and processes in place to prevent the chance of
data input errors or fraud. For example, once paychecks go out, an employee
shouldn’t be able to change payroll data after the fact or delete the record of
transaction—such as issuing a payment or deleting a record—must require a
higher-level access to accomplish. Too many systems allow any employee at any
authorization level to make changes. That increases the chance of major errors
and increases the risk for fraud. Exceptions will happen, but those exceptions
need to be inputted by authorized people with higher-level access and logged.
day-to-day data input risks lower data integrity if fields aren’t set up and
restricted in appropriate ways. For example, in a payroll application you may
reduce errors if:
integrity is an overlooked area of security. You’re typically on the lookout
for hackers and data breaches, but a lack of data integrity—missing
information, no controls over data, and making it easy to change or delete
data—can sneak up on you and lead to serious problems. Don’t wait until an
audit to find these issues. Address them by taking a hard look at your current
applications with a trained third party and fix any issues that you find.
this three-part series about application policy and security addresses input, processing, and output. You can
use these three articles as a checklist to see if you’re matching up to data
security best practices.
about data integrity? Reach out to us today.
Our Focus | Products | Resources | Company | Contact | Sitemap | Login
© 2009-2017 Mimsware Corporation, all rights reserved. Sophicity®, "We put the IT in City”, and the Sophicity logo are registered trademarks of Mimsware Corporation d/b/a Sophicity.