Wednesday, July 3, 2013

The Importance of Data Entry Accuracy

Everyone has heard the axiom, "garbage in, garbage out" (GIGO). The term originated and is still mostly associated with the field of information technology. It refers to the fact that computers will unquestioningly process the most nonsensical of input data (garbage in) and produce nonsensical output (garbage out).

This illustrates why auditors of all stripes, financial auditors, internal auditors, Sarbanes-Oxley auditors, and government auditors, are profoundly concerned with "data input controls". We are not yet "paperless" and much of the data that goes into computers, originates with paper. Someone has to glean data from paper and enter it into the computer.

Take a simple purchase, for example. The purchase might originate with a purchase request which goes to a "buyer" who initiates a purchase order. The purchase order goes to a vendor who fills the order, issues an invoice, a picking slip, and perhaps a packing slip. The customer receives the invoice which must be entered into a computer. The shipping/receiving department receives the merchandise, verifies receipt (kinds and quantities) and probably enters that into a computer. Consider the potential for data to get messed up along the way. A simple date slip up could mean the difference between getting and losing an early payment discount. An address mistake might send the product to the wrong company. A coding error could send the cost to the wrong account, or the wrong project.

All companies, and Government contractors in particular need internal controls in place to help ensure that all input data are authorized and complete, and data are consistently recorded, accumulated, processed, and reported in a controlled environment to produce timely and accurate information. These controls normally include written procedures for originating, authorizing, collecting, preparing, and approving input transactions to the contractor's accounting system.

When auditors begin their work, they first assess the adequacy of internal controls. Strong controls typically mean that auditors can scale back the number of transactions they need to review. Concerning data entry controls, the auditors might look to see if the company has implemented the following:

  • Documentation exists to identify all input data and/or files
  • There are established authorization procedures for all source documents feeding the system.
  • The functions of originating, approving, and converting source documents into computer data are adequately segregated. If anyone in the data input area performs more than one of the operations related to the origination, entering, processing, or distribution of data, there should be compensating controls for the lack of segregation of duties.
  • All input data is properly authorized, validated, and recorded
  • All authorized data remains complete, accurate, and valid through the source document origination process.
  • All input data is transmitted in a timely manner.
  • Source documents are periodically reviewed for proper completion and approval
  • Erroneous source documents are handled appropriately and are not entered into the system.
  • An audit trail is maintained during and after data input.

It might be useful to self-assess how your internal controls stack up against these attributes.

No comments:

Post a Comment