Back

Include transactions and events as a part of internal reporting.


CONTROL ID
12413
CONTROL TYPE
Business Processes
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain an internal reporting program., CC ID: 12409

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • It is also important to establish and maintain the procedures for reporting of transactions, when found to have been actually made (P110.2. ¶ 2, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • Internal reporting reflects the underlying transactions and events within a range of acceptable limits. (§ 3 Principle 6 Points of Focus: Internal Reporting Objectives - Reflects Entity Activities, COSO Internal Control - Integrated Framework (2013))
  • Internal reporting reflects the underlying transactions and events within a range of acceptable limits. (CC3.1 ¶ 7 Bullet 3 Reflects Entity Activities, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (with Revised Points of Focus – 2022))
  • Internal reporting reflects the underlying transactions and events within a range of acceptable limits. (CC3.1 Reflects Entity Activities, Trust Services Criteria)
  • Internal reporting reflects the underlying transactions and events within a range of acceptable limits. (CC3.1 ¶ 7 Bullet 3 Reflects Entity Activities, Trust Services Criteria, (includes March 2020 updates))
  • All transactions are properly recorded, including exception items, and constitute an acceptable audit trail for each activity; (TIER II OBJECTIVES AND PROCEDURES E.2. Bullet 5, FFIEC IT Examination Handbook - Audit, April 2012)
  • Review operational reports showing monthly or quarterly ACH debit and credit activity and, if possible, compare levels with peer financial institutions. If ACH activity is greater than peer, determine whether institution is an originating institution (ODFI). Obtain reports listing those customers fo… (App A Tier 1 Objectives and Procedures Objective 8:2, FFIEC IT Examination Handbook - Retail Payment Systems, April 2016)
  • MFS activities. (AppE.7 Objective 6:2 a., FFIEC IT Examination Handbook - Retail Payment Systems, April 2016)
  • Trends, volumes, and changes in activity over time. (AppE.7 Objective 6:2 c., FFIEC IT Examination Handbook - Retail Payment Systems, April 2016)