Pages

Monday, August 4, 2014

User Account Issuance Flow to Support the Internal Control

You don't get 'Internal Control' kinda thing so well.
You will run away, if someone asks you "Try to explain some cases of internal control".

But you don't have to think it's so difficult. It simply is 'Activities to eliminate Fraud'.
  • a. Slogan on the Office wall, ' Fraudulent Accounting, NEVER!'. (Control Environment)
  • b. Analyze whether there might be a guy that pilfer the cash in the office. (Risk Assessment)
  • c. Summarizing the authority of the Director and members into a strict regulation. (Control Activities)
  • d. Keep the mechanism that customer complaints to be surely transmitted to more than one person. (Information & Communication)
  • e. Keep the Daily-Reports to be able to be browsed by management personnel of other departments.(Monitoring)

These activities for example, are one of the 'Activities to eliminate Fraud'.

However, it should be noted today, that we cannot ignore the use of computer and internet for the activities of this kind. That is, all the enterprises must (1) Understand the IT environment surrounding the company, (2-1) Promote the use of IT that supports those activities, and same time (2-2) tightly manage the IT itself. In fact, the internal control of Japan is assessed in six terms , the above five plus "Responding to IT".

The following Workflow definition is an operation of 'Issuance of New User Account' for IT system. It is no exaggeration to say that business to support the foundation of "Internal Control".

You will understand by looking at the business flow diagrams, it is also compatible with "Delete issuance in emergency" or "Delete Account", in addition to "Account issuance". That means, all the User Accounts that being used right now, will be able to be checked that when it was requested or when it was approved by the supervisor, at any time. In addition, the request data which flowed on this can be an important basic information on creating Control Reporting by the Management, such as;
  • 'Was it requested at an appropriate time?'
  • 'Useless account has not been issued?'
  • 'Check system for Account Issuance is working well?'

[System ID Management (Except Password reset)]



[System ID Management (Except Password reset);'1. Rookie Account Issue Request' screen]



By the way, even if I say "Managing IT", there are some differences that the person in charge should perform or the skills to be required, in between
  • (x) Activities to check if all the business data has been registered precisely in the information system
and
  • (y) Activities to verify if the Access Permission to the information system has been set properly.

The business like 'System Id Management' that I have mentioned here, is the business of basically IT infrastructure side, which is in the range called 'IT General Controls'. Nevertheless, IT is used for operations to control the IT infrastructure itself,,, after all, there is also a need to ensure that all business data has been registered. (Whoops, I am almost gone too confusing...)

[Email Setting screen]

[Data Items List screen]


[Free Download]
<Similar Models>

<<Related Articles>>