VAC Flashcards
Frame work access controls
identified
authenticated
authorized
iaa-
Segregation of duties
VALIDITY
The same person should not be responsible for multiple
functions within a function
(Students must state exactly who should perform each
function in order to achieve this)
Custody of assets
VALIDITY/ CUSTODY OF ASSETS
-Assets should be kept behind locked doors.
- Only authorised personnel should be given keys.
- Security guards should monitor access to the premises
- Visitors should be required to show identification before
entering the premises and visitors should sign a log book
to document their visit - CCTV cameras should be in place to monitor assets
(Students should state which assets the above controls
should be over – inventory, cash, etc.)
Reconciliations
Validity/accuracy/
completeness
- Subsidiary ledgers to be reconciled to control accounts
(e.g. debtors ledger to accounts receivable control
account) - Between documents from subsequent stages (e.g.
reconcile amounts on invoices to amounts on delivery
notes and orders)
(Students clearly state what is being reconciled i.e. a
reconciliation of XXX to YYY).
See ‘Management Controls’ below for the review of the
reconciliation
Controls over unused documents
Validity
Unused documents should be:
- Difficult to copy
- Crossed/stamped when no longer in use/paid
- Kept in a safe with only management having keys
Documents should be issued to staff only when necessary
- This should be logged
- Both the staff member and management to sign as
evidence of issuance
Management controls
Validity
Management should set policies and communicate these with
staff. Policies might include those over:
- limits (overtime hours, credit limits, wage rates etc.)
- authorised suppliers
- hiring and firing of staff
Management should give specific authorisation for any
override of policy (evidence by signature)
Management should review the following
Validity/accuracy/
completeness
Logs of documents issued
- Reconciliations carried out by employees
- Customer/employee complaints
-
Management should train staff on the operation of controls
Management should monitor the operation of controls by
performing spot checks