Establish and maintain reconciliation audit trails.
CONTROL ID 11647
CONTROL TYPE Establish/Maintain Documentation
CLASSIFICATION Preventive
SUPPORTING AND SUPPORTED CONTROLS
This Control directly supports the implied Control(s):
Establish, implement, and maintain records management procedures., CC ID: 11619
This Control has the following implementation support Control(s):
Establish, implement, and maintain a data processing output log., CC ID: 06624
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
AIs should identify the locations of customer data residing in different parts of AIs' networks and systems and ensure that adequate logical access controls are in place at different levels (e.g. application level, database level, operating system level, network level) to prevent unauthorized access… (Annex C. ¶ 1, Hong Kong Monetary Authority Customer Data Protection, 14 October 2014)
Banks may need to migrate the complete transaction data and audit trails from the old system to the new system. Else, banks should have the capability to access the older transactional data and piece together the transaction trail between older and newer systems, to satisfy any supervisory/legal req… (Critical components of information security 12) (v), Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds)
The integrity of information contained in Critical spreadsheets should be assured by conducting reconciliations of information entered into the spreadsheet (e.g., by manually checking against source information or physical records, or by implementing an automated process that checks information as i… (CF.13.02.06c, The Standard of Good Practice for Information Security)
The integrity of information contained in Critical spreadsheets should be assured by conducting reconciliations of information entered into the spreadsheet (e.g., by manually checking against source information or physical records, or by implementing an automated process that checks information as i… (CF.13.02.06c, The Standard of Good Practice for Information Security, 2013)
The system must automatically reconcile computer-generated control totals between jobs to check if the processing is complete. (CSR 8.4.3, Pub 100-17 Medicare Business Partners Systems Security, Transmittal 7, Appendix A: CMS Core Security Requirements CSR, March 17, 2006)
A record of each security-based swap portfolio reconciliation, whether conducted pursuant to § 240.15Fi-3 or otherwise, including the dates of the security-based swap portfolio reconciliation, the number of portfolio reconciliation discrepancies, the number of security-based swap valuation disputes… (§ 240.17a-3 (a)(31)(i), 17 CFR Part 240.17a-3 - Records to be made by certain exchange members, brokers and dealers)
Timely clearance or charge-off of missing items or out-of-balance situations. (App A Tier 1 Objectives and Procedures Objective 6:7 Bullet 3, FFIEC IT Examination Handbook - Retail Payment Systems, April 2016)
Retail payment system supervisory personnel periodically review reconcilement and exception item reports. (App A Tier 2 Objectives and Procedures F.1 Bullet 2, FFIEC IT Examination Handbook - Retail Payment Systems, April 2016)
The organization should monitor and log all access to the funds transfer systems by maintaining an audit trail of all transactions. (Pg 16, FFIEC IT Examination Handbook - Wholesale Payment Systems, July 2004)
