Literary Warrant for Functional Requirement #2

This requirement derives from the law, customs, standards and professional best practices accepted by society and codified in the literature of different professions concerned with records and recordkeeping. The warrant is as follows:
Citation Electronic Industry Data Exchange. ASC 12 Convention : Version 3 : Electronic Industry Data Guidelines. Washington Publishing Co., 1994.
Pages 12
Extract Internal control systems should be reevaluated in the cont
Extract of EDI to assure responsibility for data maintenance, including audit trails, transaction reconciliation, and backup capability.

Citation "Auditing in a Microcomputer Environment" Bailey, Larry P. Miller GAAS Guide: A Comprehensive Restatement of Generally Accepted Auditing Standards . 1995
Pages 8.05
Extract Adequate documentation of microcomputer system procedures usually includes: A description of the functions that are to be performed by various personnel The procedures for authorizing transactions The procedures for authorization of changes in microcomputer systems Designation of the personnel responsible for testing microcomputer software, when applicable.

Citation The Institute of Internal Auditors Research Foundation; Systems Auditability and Control, Module 7, End-user and Dept. Computing, 1991.
Pages 7-40
Extract CLASSIFICATION OF APPLICATIONS. One of the most difficult problems organizations face in connection with EUC [END USER COMPUTING] is how to create and enforce a set of policies and procedures governing documentation, back-up, security, development standards, and testing requirements. In the traditional mainframe environment, it is recognized that these basic controls are necessary. All of these control procedures require a substantial amount of time and cost to implement. As EUC [END USER COMPUTING] has grown so rapidly, in part because users can satisfy their information needs quickly, it is not surprising that they are reluctant to take the time to address such issues as documentation and security.

Citation The Institute of Internal Auditors Research Foundation; Systems Auditability and Control, Module 10, Contingency Planning, 1991
Pages 10-25
Extract INTRODUCTION. The success of the contingency plan is directly related to the quality of the documentation. The structure of the contingency plan document should facilitate understanding, implementation, and maintenance.

Citation Performance Guideline for the Legal Acceptance of Records Produced by Information Technology Systems:"Part III: Implementation of the Performance Guideline for the Legal Acceptance of Records Produced by Information Technology Systems;" Technical Report ANSI/AIIM TR31-1994; Association for Information and Image Management.
Pages 20
Extract Accuracy may be increased by systematic quality control and audit procedures, as well as operational oversight by persons with detailed knowledge of the process or system used to produce the records.

Citation Performance Guideline for the Legal Acceptance of Records Produced by Information Technology Systems:"Part III: Implementation of the Performance Guideline for the Legal Acceptance of Records Produced by Information Technology Systems;" Technical Report ANSI/AIIM TR31-1994; Association for Information and Image Management.
Pages 24
Extract The measures taken to insure the accuracy of the data entered may be challenged. Normally, introduction of the systems documentation will be sufficient to demonstrate the accuracy of the data. However, it may be necessary to have expert testimony on verification, proof reading, internal audit trails, or computer security in general. It may be necessary as well to introduce the training records of the data entry staff.