Audit Serve, Inc.

The Premier Audit, Security and Sarbanes-Oxley Consulting Company

Evaluating Data Interface Controls
By: Mitchell H. Levine, CISA

                                                             

Low Cost & Highly Skilled 
IT Audit and SOX Consulting Resources Available Immediately
Call Mitch Levine at (203) 972-3567 or 
email levinemh@auditserve.com for additional information

Since organizations do not process data through one system, they are reliant on receiving data from other systems which could be within the same computer environment of externally. Regardless if the data 
interface is through an intermediary database shared by two systems or a data feed from a FTP (file transfer Protocol), controls need to be in place to ensure that the correct data is received and it is 
processed correctly. 

The ownership of the data interface controls cuts across the data center, production support and general user areas depending on which data interface control is being evaluated. From an audit standpoint, 
the review of data interface controls can be included in the scope of many audits (i.e., application, pre-implementation, post-implementation, IT General Controls, Data Center/Infrastructure and Integrated Audit) 
because its cuts across so many areas of an organization. Data interfaces is one of the core control areas of the Application and IT General Control portions of the Sarbanes-Oxley 404 project.

The following is a list of key controls which should be in place to identify missing data feeds and to ensure they are accurate:

Completeness Controls

- Synchronization points are defined to ensure that a complete set of  data is sent/received which is validated by the receiving system prior to processing. (Applies to transmission files which are continuous and do not 
have a separate file representing each day) 

- Controls are in place to detect data loss during transmission (EOF markers, record counts)

- Detective controls are in place to identify when data feed delivery does not occur within the required timeframes.


Processing Controls

- Controls are in place within the application to ensure that all processing requirements are met prior to creating of the transmission file.

- Controls are in place to identify duplicate transaction data processing

- Controls are in place to ensure that the current day’s data is being processed by the receiving system.

- Cross validation checks occur on financially impacted data to verify the accuracy of data being processed


Security Controls

- Update access to all transmission files are restricted to appropriate system support personnel.

- File transmission mechanisms used to deliver files ensures separation of data between sending/receiving areas.

- File transmission mechanisms used to deliver files has proper logon security control to prevent unauthorized updates.


From an audit standpoint, it is always preferable to have a systematic method to identify all of the data interfaces which are subject to review. Unfortunately, this is not possible since there is not any distinguishable 
characteristic of a data interface file which is being processed by an application Therefore, the starting point of the data interface control review is to obtain a list of the data interfaces. 

Copyright  2006, Audit Serve, Inc. All rights reserved. Reproduction, which includes links from other Web sites, is prohibited except by permission in writing.

Copyright  2006, Audit Serve, Inc. All rights reserved. Reproduction, which includes links from other Web sites, is prohibited except by permission in writing.

This article appeared in a past issue of the Audit Vision E-Mail Newsletter.

Technical Articles | Conferences | Audit Programs | Audit Serve Seminars | Consulting Services | Audit Vision Newsletter | What's New | Contact US

This website has been optimized for Netscape and Internet Explorer 4.0 and above.  Your comments and suggestions are always welcome, please email webmaster@auditserve.com.
Copyright © 2000  All rights reserved.  27 Pine Street, Suite 700, New Canaan, CT 06840 USA.