An Auditor's Viewpoint on Critical Data Changes

by Eileen Shannon, Independent Audit Associates, Inc.

I read BOL Guru John Burnett's response to a question concerning the verification of master file changes (file maintenance). In his response, he commented that a random sampling of the maintenance input from a system report to the source document would be acceptable. While I agree that a 100% review is not practical, we use a different approach.

We suggest to our clients that they identify "critical" data changes (ex. name or address, interest rate, loan delinquency history, advancing due dates on loans, etc.) that may be used for fraudulent purposes. We suggest once the "critical" changes have been defined, 100% of those changes be verified. This verification would include a procedure where the source document is compared to the system report for accuracy and to ensure the change was properly documented and approved.

After these items have been reviewed, the maintenance report should be scanned for "critical" date changes that were made without documentation. Research should be done on these file maintenance changes.

First published on BankersOnline.com 8/25/03