Professional Documents
Culture Documents
[CYCLE]
Prepared: [insert name of Preparer]
Reviewed: [insert name of Reviewer]
I2 System Integration
Interface Controls
I2-1 Review controls in place to ascertain completeness and accuracy of
data transfer between interfacing systems
1] Identify the critical processes performed on the business application under review
2] Walkthrough the process with the process initiator and perform input validation tests.
3] Identify important date, numeric and text fields and perform the following tests to
ensure the accuracy of data inputted on the application:
- Attempt to input a date format other than the appropriate date format
- Attempt to input negative amounts in fields that shouldn't accept negatives
- Attempt to submit a form without inputs in the compulsory fields
- Attempt to input rate values not within the defined acceptable range
- Attempt to input text or inaccurate values in numeric fields
- Ascertain that calendar controls implemented are adequate
- Ascertain that drop down options are available for fields with multiple options to
minimize the risk of erroneous entries
1] Identify processes in which credit limits are initially granted to customers (i.e. sales of
cement) as well as updated.
2] Review the customer's credit limit as implemented on the application
3] Attempt to post a transaction using an amount higher than the credit limit (The
expectation is that the application declines the entry)
1] Identify processes that require authorizations outside the application.
2] Review all the postings on the module against the authorization document to ascertain
that appropriate authorization was gotten prior to posting and the postings are in line
with what was authorized
1] Identify fields on the application that should be unique per the process defined by
business
2] Obtain a spool of all transactions and review for duplicates
3] Follow up with noted exceptions
1] Review the access privileges of sample user profiles on the application against their job
functions
2] Discuss noted exceptions with business process owners and follow up to resolution
1] Review the access privileges of the personnel responsible for managing user profiles
(i.e. profile modification, profile creation)
2] Ascertain that the responsible personnel is not required to carry out
business/operational processes on the application to avoid the risk of collusion and
possible fraud
1] Identify processes that require an initiator and authorizer (i.e. the same transaction
should not be completed by one user)
2] Perform walkthroughs of the process on the application to ascertain that the same
person cannot initiate and authorize same transaction
3] Review the roles and privileges of the initiator and authorizer to ascertain that the
initiator cannot complete the transaction
1] Discuss with the business process owners to gain an understanding of how master data
is maintained on the application
2] Ascertain that appropriate levels of management approvals are gotten before updates
are made
3] Review the master data changes on the system against the relevant authorization
document to ascertain that the update was done as authorized
4] Review the roles and privileges assigned to personnel responsible for maintaining
master data and ascertain that it is in line with their job function
5] Review the roles and privileges of all users on the application to ascertain that only
authorized personnel have access to maintain master data
1] For the application under review, review a sample of system-generated reports utilized
during the review period to ascertain that errors were logged, reviewed and remediated in
a timely manner
Review Status
Completed
TABLE OF CONTENT