We put the IT in city®

CitySmart Blog

Friday, November 18, 2016
Brian Ocfemia, Technical Account Manager

Brian OcfemiaData processing is a complex topic involving lots of technical know-how. Experts have written books about it and IT professionals spend their entire careers staying up on its developments. For this post about data, we’ll focus on a few key critical data processing concepts that especially impact security and need to be addressed in your application controls policy.

Overall, your data processing is the bridge between your data input and output. Now let’s look at some important data processing aspects.

Transaction Logs

These logs record all electronic information about transactions that take place within an application. For example, you may enter payroll information each week into your accounting application for each employee. Each completed set of data that you input for each employee counts as a transaction if the data is processed between, for example, your system and a bank.

Transaction logs must match what are known as “source documents.” For example, payroll information may originate from a timesheet (either on paper or sent electronically). If the timesheet and the paycheck doesn’t match, then there may be a transaction error. Experiencing many transaction errors may indicate a problem with your application or with the way your employees are using it.

Edit Reports

Edit reports note incorrect information, incomplete information, and errors about transactions. It’s important to run these reports for your most critical applications to make sure that transactions are accurate. For example, edit reports are useful when you’re sending out paychecks, tax information, or utility bills. You can then note any errors and make fixes before officially completing the transactions.


Applications are designed to accurately capture information and ensure high data quality. Your override procedures need to be strict and for exceptions only. Don’t abuse an override function just to get around inconveniences. In addition, and as a security precaution, it helps to monitor overrides along with all other logging information to look for patterns and possible security violations.


In case of a power outage, a data interruption, or lags between different applications, your applications need to reconcile inputted transactions with your database. For example, if 10 users submit utility billing information onto your website while you’re having a server outage, those 10 transactions should reconcile to your database once your server is back up. Also, reconciliation applies from an accounting perspective. You need reconciliation processes in place to ensure that your general and subsidiary ledgers match up.


Experienced IT professionals should monitor everything related to your data processing such as:

  • Transactions and processing
  • Errors and incorrect information
  • Overrides
  • Unauthorized use of the application (especially when it appears that someone is altering data or ignoring/tampering with processes)
  • Reconciliations
  • Application performance (such as after a power outage or server failure)

Any data processing policy needs to be reviewed by business and application stakeholders to make sure you are complying with the law and using best practices. In a future post, we’ll look at data output—the final stage of data after it’s inputted and processed.

Questions about the security of your data processing? Reach out to us today.