Upload
ngohanh
View
238
Download
2
Embed Size (px)
Citation preview
E-Ticketing AUDIT PROGRAMME
Page 1 of 39
Auditor Responsible Audit Reviewed by
Audit Month/Year Estimated Man Days
OBJECTIVE The E-ticketing work program is developed in order to assess controls in the e-ticketing process, aiming at: • Completeness, accuracy and timeliness of revenues related to e-ticketing; • Reliability and availability of IT systems involved in e-ticketing.
E-Ticketing AUDIT PROGRAMME
Page 2 of 39
Introduction This E-Ticketing work program is the outcome of an IAAIA workshop dedicated to e-ticketing, which was conducted on March 17 and March 18 in Schiphol, Netherlands. The work program is a so-called ‘integrated work program’, with elements from financial, operational and IT auditing. As the manners in which airlines execute processes differ from airline to airline, the applicability of this work program for a specific audit must be carefully assessed. Some risks may not be applicable and other risks may not have been listed. Likewise, controls mentioned may not be applicable and other controls may be in place. Implementing all controls mentioned in this work program will not always be necessary and may even lead to an over-complete control environment. Several ways can be followed to implement controlled processes and – deliberately – no selection of controls has been made in this program. Consequently, tailoring the work program will be necessary to match the audit procedures with the specific situation within your company. This work program is focused specifically on E-Ticketing and is not suitable for audits on paper ticket processes. Participants of the IAAIA E-Ticketing workshop: • Iyimola Akinbola - Virgin Nigeria Airways • Bashar Al Qudah - Royal Jordanian Airlines • Bodosahondra Andriamialison - Air Madagascar • Genevieve Braganza - Jet Airways • Michelle Au-Chan - WestJet • John Dunker - Surinam Airways • Roshni Jagannathan – Emirates • Kishore Kanojia - Emirates
• Mohamed Khalaf Hasan - Gulf Air • Suvi Kruse - Finnair • Pauline Liew - Royal Brunei Airlines • Syed Abdul Qader Mohd Ansari - Malaysia
Airlines • Kim Nehls - Scandinavian Airlines System • Bartosz Ryters - LOT Polish Airlines • Gudny Sigurdardottir - Fjarvakur
• Geoffrey Smith - Air Canada • Stefan Stapfer - Swiss International Air Lines • Sharon Ti Lien Heng - Malaysia Airlines • Angelique Cue-Tinsay - Philippine Airlines • Anna Gudrun Tomasdottir - Icelandair • Vivek Tuli - Qatar Airways • Antony Wamatu - Kenya Airways • Margaret Zimunhu - British Airways
Facilitators: • Robert Engelbarts – KLM Royal Dutch Airlines
• Jacqueline Holla – KLM Royal Dutch Airlines
• Sjoerd Jansen – KLM Royal Dutch Airlines
E-Ticketing AUDIT PROGRAMME
Page 3 of 39
S.No Area of Audit
A Reservation, booking and airport handling
B Revenue Recognition
C Revenue controls and monitoring (e.g. flown not sold, sold not flown)
D Manual interventions and critical transactions
E Electronic miscellaneous documents (EMDs)
F Interline / Non interline
G Management information
E-Ticketing AUDIT PROGRAMME
Page 4 of 39
A. Reservation, booking and airport handling Potential Risk Expected Controls Audit Testing/ Questions WP Ref./
Completion Date
Initials
Not all E-Tickets are paid for • Issuance without payment • Duplicating paid E-Tickets
(2 usable tickets, 1 payment)
• IT control preventing issuance of E-Tickets without payment record
• IT control preventing issuance of earlier issued E-Ticket
Assess and test design and actual functionality of application
Report that matches E-tickets with payments
Assess whether a control that matches issued tickets with payments is available and used
Ticketing systems and reservation systems not fully integrated
Detailed analysis of compatibility of systems performed before linking systems
Assess whether analysis of compatibility has been (adequately) performed
Execution of tests before implementing a link between systems
• Assess whether tests before implementation have been (adequately) performed (e.g. the user organisation was involved in developing test scenarios en signing off on test results)
• Perform sample testing on accuracy of key functionalities (e.g. change in booking leads to change in ticket, payment makes ticket available for use etc.)
E-Ticketing is not applied on all routes
IT control preventing the issuance of E-Ticketing on not E-Enabled routes
• Assess maintenance of list of non E-Enabled routes • Test of one by trying to book an E-Ticket for a non E-Enabled
route
Ticketing systems and DCS’s not fully integrated
See above See above
Mismatch between booking data and ticketing data
Application, database and interface design preventing such occurrences
Assess application, database and interface design (e.g. what is regarded as primary source of data and what is done to prevent mutation of data in other sources?)
E-Ticketing AUDIT PROGRAMME
Page 5 of 39
Potential Risk Expected Controls Audit Testing/ Questions WP Ref./ Completion Date
Initials
Interface controls Assess whether data transfers are automatically checked for completeness, accuracy and timeliness and whether follow-up of exceptions occurs
Restricted access to database and logging of database administrators activity
• Assess whether database administrator access is limited (need to have)
• Assess whether critical changes to database records are logged and reviewed
Incomplete and/or incorrect data entry
Input validations • Assess whether required fields cannot be left empty • Assess whether input is subject to automated validity checks
(e.g. date formatting check, inability to make a booking for a flight in the past, etc.)
Lack of audit trail (e.g. log files)
Logging and audit requirements established by management (preferably in design phase of systems)
• Assess whether logging and audit trails were addressed in the design phase of systems and agreed upon by those that need them (revenue assurance, anti-fraud department, etc.)
• Assess whether logging and audit trails were implemented as designed, saved to a secure location and used
Malperformance of third parties (e.g. GDSs) • data integrity • contingency
Agreed IT controls ensuring data integrity and contingency
Assess whether a control framework ensuring data integrity and contingency has been agreed upon with the GDS and has been formalised in the contract
Right to audit or SAS 70 / ISAE 3402
• Assess whether a right to audit the GDS on (amongst others) data integrity and contingency is present in the contract or
• Assess whether a SAS 70 Type II / ISAE 3402 statement with a relevant scope is periodically provided
• In case of a right to audit, perform an audit focusing on data integrity and contingency at the GDS
Boarding passes are issued without a ticket (e.g. by airline check-in staff, IT staff) and used
Queries on boarding passes without valid reference to ticket
Assess whether reports of boarding passes without a valid reference to a ticket are available and used
E-Ticketing AUDIT PROGRAMME
Page 6 of 39
Potential Risk Expected Controls Audit Testing/ Questions WP Ref./ Completion Date
Initials
Multiple boarding passes for same stretch refer to a single e-ticket
Queries on repeated use of e-tickets on same stretch
Assess whether reports of repeated use of e-tickets on the same stretch are available and used
Status change from Flown to Open and subsequently reused or refunded
Restricted access to status change function at application level
Assess whether access is restricted to those that need to perform related tasks in order to do their jobs
Restricted access to database and logging of database administrators activity
• Assess whether database administrator access is limited (need to have)
• Assess whether critical changes to database records are logged and reviewed
Lists of suspicious status changes
Assess whether suspicious status changes are listed and follow-up takes place
Tickets voided after flown See above See above Passengers are incorrectly identified
Instruction of staff in contact with passengers
Assess whether staff is trained and periodically reminded on the importance of proper identification of passengers
Redundancy (identification both at check-in and at boarding)
• Assess whether procedures (and IT in case of check-in kiosk) support redundant identification
• Assess whether working practice is according to procedure
Disclosure of booking code – name combination
Restricted access to PNR Assess whether access is restricted to those that need to view PNRs in order to do their jobs
Non-disclosure agreement (internally and with other parties handling PNRs)
Assess whether non-disclosure agreements are signed by all parties working with PNRs
Procedures regarding distribution of booking codes
Assess whether a procedure is in place and followed to properly identify the passenger before communicating the booking code
Secure exchange of data between systems
Assess whether exchanged data is adequately encrypted or adequate secure channels (VPN) are used
E-Ticketing AUDIT PROGRAMME
Page 7 of 39
Potential Risk Expected Controls Audit Testing/ Questions WP Ref./ Completion Date
Initials
Abuse of credit card data Restricted access • Assess whether credit card details cannot be made visible (on screen, in print, through exports, etc.) with standard transactions
• Assess whether each retrieval of credit card data (also at database level) is logged and whether this logging is reviewed
• Assess whether credit card details are stored in an encrypted manner
• Assess whether database administrator access is restricted; • Assess the progress and outstanding issues of the PCI-DSS
compliancy project.
Discounted fare control in fully automated process (seamen, missionary, senior, staff, etc.)
Verification of legitimacy of use of discounted fares (issuer’s agent code, passport, seaman’s passport, personnel ID, etc.)
• Assess the presence of automated controls for verifying the legitimacy of discounted fares (e.g. by checks with reference data)
• Assess whether ground handling staff is instructed to verify the legitimacy of discounted fares
• Assess whether ground handling staff verifies the legitimacy of use of discounted fares and takes appropriate action in case of (probable) misuse
Passenger shows up for cancelled / rescheduled flights
SMS service, email • Assess whether passengers are recommended to leave their contact details at the time of booking
• Assess whether a procedure regarding passengers showing up for rescheduled / cancelled flights is in place and is followed up
Incorrect claim on inventory (e.g. duplicate booking)
Cancellations of unpaid bookings within x hours
Assess whether unpaid reservations are automatically cancelled after a certain amount of time
Lack of e-Ticket interline agreements and as a consequence settlement issues
System does not allow E-Ticketing for stretches flown by airlines that do not have an interline agreement
Verify that ticketing application does not allow the issuing of e-tickets for stretches flown by airlines that do not have an E-Ticket interline agreement
E-Ticketing AUDIT PROGRAMME
Page 8 of 39
Potential Risk Expected Controls Audit Testing/ Questions WP Ref./ Completion Date
Initials
System control: no check-in for non-interlined passenger allowed (or other interline restrictions)
Verify that passengers with electronic ticket of airline with no E-Ticket interline agreement cannot check-in with E-Ticket
No collection of service fees from agents (service fees received from agents not included in fare amount (in some cases manually registered under remarks))
Consistent coding of service fees in one of the ticket fields
Assess whether instructions were provided to agents regarding how to report collected service fees on tickets
Matching of received services fees with tickets and reporting unmatched tickets
Assess whether matching takes places and reports of unmatched tickets are followed up
Incomplete revenue accounting
Interface controls Assess whether controls on the interface between the e-ticketing environment (e.g. sequence checks) and the revenue accounting environment are in place and exception reporting is followed up.
Check on presence of pax boarding status data for each executed flight
Assess whether a match between flight schedule execution and boarding reports is made and mismatches are reported and followed up
Check on completeness of accounting for each individual flight leg
Assess the existence and use of control query that checks whether for each flown leg on non-free tickets a revenue > 0 has been calculated
Abuse of IT systems, leading to unauthorised transactions that involve revenue leakage (e.g. changes to bookings, generation of boarding passes without ticket reference)
Role based access, Segregation of Duties
• Assess whether the available user profiles are free of conflicting tasks / contain safeguards against unauthorised bookings (e.g. segregation between creation and approval of exceptional bookings)
• Assess whether conflicting profiles are not granted to a single person
Access control lists Assess whether access is restricted to those that need to perform related tasks in order to do their jobs
E-Ticketing AUDIT PROGRAMME
Page 9 of 39
Potential Risk Expected Controls Audit Testing/ Questions WP Ref./ Completion Date
Initials
Authentication of users of IT systems
• Assess whether systems are protected with authentication mechanisms of sufficient strength (complex and personal passwords that frequently change, personal swipe cards, etc.)
• Assess whether accounts are locked after repeated failed login attempts
Maintenance of access rights to IT systems
• Assess whether granting of access rights is only executed after approval of designated authorising managers
• Assess whether leaves and staff transfers lead to revocation of access rights
• Assess whether outstanding access rights are periodically reviewed by management
Logging of critical activities Assess whether critical activities are logged, log files are archived and reviewed, and access to log files is restricted
Restricted access to database and logging of database administrators activity
• Assess whether database administrator access is limited (need to have)
• Assess whether critical changes to database records are logged and reviewed
Unavailability of reservation and booking systems
Redundancy of IT servers, storage, power and network elements
• Assess hardware, networking and power supply for absence of single points of failure. In case single points of failure exist, verify whether the related risk is consciously accepted by management
• Obtain comfort from external providers regarding their redundancy
Continuity plans to minimise adverse effects of outages
Assess whether continuity plans are present, up-to-date and tested
Testing of changes to IT Assess whether changes to IT are subject to testing and sign-off for proper performance before the production environment is changed
E-Ticketing AUDIT PROGRAMME
Page 10 of 39
Potential Risk Expected Controls Audit Testing/ Questions WP Ref./ Completion Date
Initials
Loss of application and data Back-up and recovery • Assess whether frequent back-ups are made and stored at a distant and safe location
• Assess whether back-ups are scheduled and execution is monitored
• Assess whether recovery tests are performed
Process Notes & Test Results
E-Ticketing AUDIT PROGRAMME
Page 11 of 39
B. Revenue Recognition Potential Risk Expected Controls Audit Testing/ Questions WP Ref./
Completion Date
Initials
Incorrect revenue accounting (e.g. cut-off)
Follow the accounting rules of the company set in the financial policy
• Assess testing of application before it was implemented • Compare system rules to what has been set in the accounting
policy
Rule in the system: • correct classification of
earned and unearned revenue
• correct cut off rules in the system
• Assess reports of tests executed prior to implementation • Perform sample testing of correct cut of flight(s)
Restricted access to application parameters
Assess whether access to application parameters that influence the accounting method is restricted (need to have)
Management reporting is provided for review
• Test to determine whether management reviewed management reporting
• Test whether systems provide adequate management reports
Unrecognized/overrecognized revenue
Proration rate/agreement according to IATA and SPA
• Check the correctness/completeness of the proration parameters (comparison with agreement)
• Perform sample testing of correct proration calculation
Reconciliation of unbalanced coupon batches
Review reporting provided by the system identifying unbalanced coupon batches (exception reporting). Ensure that appropriate actions are taken by management.
Management reporting is provided for review
• Test to determine whether management reviewed management reporting
• Test whether systems provide adequate management reports
Presentation of revenues (pax versus ancillary)
System mapping based on accounting policy of the company.
• Assess testing of application before it was implemented • Compare system rules to what has been set in the accounting
policy
E-Ticketing AUDIT PROGRAMME
Page 12 of 39
Potential Risk Expected Controls Audit Testing/ Questions WP Ref./ Completion Date
Initials
Pricing inaccuracies – tickets are priced higher or lower than your published fares
Fare audits Assess scope (sufficient coverage of sales), quality of execution and follow-up on fare audits
Exception report • Review exception report for fare discrepancies and justification
• Ensure ADMs were issues and collected on a timely basis
System controls Assess whether a system control is implemented which ensures compliance with the pricing policy Assess whether automated pricing and ticket module for reissue and revalidation is in place (if possible)
Pricing policy Assess whether a policy regarding pricing and manual tariffication exists and is implemented
Incomplete revenue accounting
Interface controls Assess whether controls on the interface between the e-ticketing environment (e.g. sequence checks) and the revenue accounting environment are in place and exception reporting is followed up.
Restricted access to database Assess whether access to the database of the revenue accounting system is limited (need to have)
Check on presence of pax boarding status data for each executed flight
Assess whether a match between flight schedule execution and boarding reports is made and mismatches are reported and followed up
Check on completeness of accounting for each individual flight leg
Assess the existence and use of control query that checks whether for each flown leg on non-free tickets a revenue > 0 has been calculated
Loss of application and data
Back-up and recovery • Assess whether frequent back-ups are made and stored at a distant and safe location
• Assess whether back-ups are scheduled and execution is monitored
• Assess whether recovery tests are performed
Unavailability of revenue accounting system
Continuity plans to minimise adverse effects of outages
Assess whether continuity plans are present, up-to-date and tested
E-Ticketing AUDIT PROGRAMME
Page 13 of 39
Potential Risk Expected Controls Audit Testing/ Questions WP Ref./ Completion Date
Initials
Testing of changes to IT Assess whether changes to IT are subject to testing and sign-off for proper performance before the production environment is changed
Untrained use or abuse of IT systems, leading to transactions that involve revenue leakage (e.g. with regard to interline settlement)
Access control lists Assess whether access is restricted to those that need to perform related tasks in order to do their jobs (e.g. changing pro-rate settings)
Authentication of users of IT systems
• Assess whether systems are protected with authentication mechanisms of sufficient strength (complex and personal passwords that frequently change, personal swipe cards, etc.)
• Assess whether accounts are locked after repeated failed login attempts
Maintenance of access rights to IT systems
• Assess whether granting of access rights is only executed after approval of designated authorising managers
• Assess whether leaves and staff transfers lead to revocation of access rights
• Assess whether outstanding access rights are periodically reviewed by management
Logging of critical activities Assess whether critical activities are logged, log files are archived and reviewed, and access to log files is restricted
Restricted access to database and logging of database administrators activity
• Assess whether database administrator access is limited (need to have)
• Assess whether critical changes to database records are logged and reviewed
Process Notes & Test Results
E-Ticketing AUDIT PROGRAMME
Page 14 of 39
C. Revenue controls and monitoring (e.g. flown not sold, sold not flown) We ran out of time during the workshop to touch this topic. Please feel free to come up with potential risks and related controls and audit tests / questions. Potential Risk Expected Controls Audit Testing/ Questions WP Ref./
Completion Date
Initials
Flights are made with unsold tickets
Reporting and follow-up on ‘flown not sold’ tickets
Assess whether the ticket numbers of flown coupons are matched with the related booking and payment, and coupons that cannot be matched are investigated
No insight in aging of ‘obligation’ towards customers
Aging analysis of that have been sold but not yet used
Assess whether a ‘sold not flown’ aging analysis exists and is reviewed by management
Incomplete measurement of revenue
Sequence check on issued e-tickets
Assess whether a sequence check on issued e-tickets is performed and that any gaps are investigated
Coupon status of flying passenger not changed
Reconciliation of sum of e-ticket list and gathered coupons with passenger name list
Assess whether the sum of the e-ticket list and the paper tickets for a flight is reconciled with the number of passengers on the passenger name list and whether discrepancies are investigated
Expired tickets are not closed Check periodically for expired tickets in operational database and take corrective action in line with general terms and conditions (ticket data must remain available for refunds)
Assess whether periodical check and corrective action takes place
Process Notes & Test Results
E-Ticketing AUDIT PROGRAMME
Page 15 of 39
D. Manual interventions and critical transactions (refunds, flight disruption, charge backs, flight interruption manifest (FIMs), etc.) Manual interventions and refunds appeared to be key risks related to E-Ticketing. A good practice (best practice?) appears to be: 1. Try to reduce the need for manual interventions as much as possible by creating (critical) application transactions for actions that are frequently
performed; 2. Keep the group that performs manual interventions as small as possible; 3. Keep the group that performs critical transactions as small as possible; 4. Control these small groups well. Potential Risks – high level Expected Controls Audit Testing/ Questions WP Ref./
Completion Date
Initials
Unauthorised manual (database) changes, e.g. changes from final status (flown / exchanged / refunded) to open
Periodical review of database authorisations
Assess whether authorisations for manual changes at database level are periodically reviewed
Logging of manual changes Assess whether manual changes are logged and logs cannot be manipulated
Periodical review of executed changes
Assess whether these logs are periodically reviewed / analysed
Coupons remaining in database with intermediate status
• Query of coupons that have intermediate status for more than x hours / days
• Follow-up on query
Assess whether coupons with an intermediate status for a long time that are in the database are queried and corrective action is taken
Unauthorised critical transactions
Periodical review of transaction authorisations
Assess whether authorisations for critical transactions are periodically reviewed
Logging of critical transactions Assess whether critical transactions are logged and logs cannot be manipulated
Periodical review of executed transactions
Assess whether these logs are periodically reviewed / analysed
E-Ticketing AUDIT PROGRAMME
Page 16 of 39
Potential Risks – high level Expected Controls Audit Testing/ Questions WP Ref./ Completion Date
Initials
Process Notes & Test Results Manual interventions (not exhaustive): • Changing bookings • Manual pricing • Special offers/discounts • Promotional tickets • Coupon status changes • Re-issues • Exchanges • Refunds • Waiving of fees • Flight Interruption • Upgrades/downgrades • SSR’s • Booking class changes and restrictions • Out of sequence coupons • Revalidation of e-tickets • Frequent flyer manipulation • PNR Changes
• Booking class changes and restrictions • Out of sequence coupons • Revalidation of e-tickets • Extension of ticket validity/fare validity • Ancillary fee manipulation • Checking in e-ticket passengers as paper tickets • Baggage allowance limits (printed on ticket) • Re-routing • Frequent flyer manipulation • PNR Changes • Extension of ticket validity/fare validity • Ancillary fee manipulation • Checking in e-ticket passengers as paper tickets • Exchanging e- to p-tickets • Baggage allowance limits (printed on ticket) • Re-routing
E-Ticketing AUDIT PROGRAMME
Page 17 of 39
Potential Risk – more detailed
Expected Controls Audit Testing/ Questions WP Ref./ Completion Date
Initials
Identical manual interventions are very frequently executed
Report and root cause analysis of most frequently executed interventions
• Assess whether the most frequent interventions by type are reported an known to management
• Assess whether the root cause for these interventions is analysed
Research into possibility of reducing the number of manual interventions
Assess whether management researched the possibility of reducing the number of manual interventions (e.g. by tightening procedures, storing more fares or automating the intervention)
No revenue due to issuance of a ticket without a booking (Is this possible? Booking open segments is possible)
Each ticket has a PNR Query the ticket database for issued tickets without PNR
Incorrect issuance of open segment ticket
Applicable fare for open tickets permits electronic issuance with open segment, consequently reducing the need for manual fare adjustments for open tickets
Assess ticketing business rules and fare filing relative to total of fares offered (the more fares filed, the less need for manual fare adjustments)
E-Ticketing AUDIT PROGRAMME
Page 18 of 39
Potential Risk – more detailed
Expected Controls Audit Testing/ Questions WP Ref./ Completion Date
Initials
Loss of revenue due to unauthorized booking class changes and removal of fare restrictions
• System reports to identify magnitude of lost revenue and frequency of such transactions on an agent/base basis
• Access controls and audit trails
• Preventive controls in system for changes and collection
• Policies and procedures with respect to booking classes and changes to fare restrictions
• Automated re-issuance of tickets with new booking class
• Fare controls • Sample testing of fares • System automatically
compares PNR booking class against the e-ticket and identifies exceptions for management review
• Compare class data according to DCS with class data according to ticket. Additional information required regarding frequent flyers (frequent flyer database) and involuntary upgrades (e.g. due to a/c change or cancellation)
• Trend analyses and comparisons between stations • Check who is authorised to grant upgrades and check
whether he/she is fed back on excessive amount of upgrades • Review reports for evidence of management review • Review access controls for reasonability against policies • Review for evidence of monitoring of audit trails • Tests of one for application controls (preventive controls over
changes and collection, automated re-issuance of tickets with new booking class, system auto compares PNR booking class against the e-ticket)
• Review fare audit results (ensure audit coverage is appropriate) and perform sample testing
E-Ticketing AUDIT PROGRAMME
Page 19 of 39
Potential Risk – more detailed
Expected Controls Audit Testing/ Questions WP Ref./ Completion Date
Initials
Circumstances of downgrades not documented, leading to incorrect or double complaint handling
• Entering remarks to support claim handling and compensation
• Central complaint registry and agreements regarding complaint handling for flights by other airlines
• Check for duplicate claims (station plus headquarters or even other airlines)
• Spot checks on claims • Assess whether policy and process manual are in place and
followed • Check for recurrence of same credit card number, bank
account number, booker’s IP address, etc.
Unauthorised application of special fares
Authorisation code reconciliation
• Fare audit procedure • Check on recurring use of authorisation code • Obtain list of special fares, including group fares, with details
(period, station, etc.) • Group fares by group
Authorising party for special fares needs to pay / is charged the discount amount
• Audit the charge account setup (are correct accounts / cost centres charged?)
• Reviewing follow-up on unauthorised application of discounts
Interface between revenue accounting system and fare filing database (enabling automated fare audit, e.g. by SIRAX)
• Assess interface controls • Assess follow-up on exceptions
Unauthorised application of tour codes (auto quoted)
Authorisation code (tour code) reconciliation
Compare list of authorisation codes floating in the market with authorisation codes on ticket
E-Ticketing AUDIT PROGRAMME
Page 20 of 39
Potential Risk – more detailed
Expected Controls Audit Testing/ Questions WP Ref./ Completion Date
Initials
Out of sequence coupons
• System controls to automatically suspend the ticket based on chronological error
• System voids out of sequence coupons
• Access controls limit ability to perform this function (Help Desk users only, for example)
• Reporting out of system to identify out of sequence transactions for management review
• Test of one over application controls (auto suspension of out of sequence coupons, system voids out of sequence coupons)
• Review access controls • Review management review of out of sequence transactions
Misalignment of information where there is a separate reservation and e-ticketing database system
• System prompts • System reports on
discrepancies between the reservation and e-ticketing databases
• Test of one over application controls (system prompts) • Review management’s review of reports regarding
discrepancies
Frequent flyer program manipulation (fraud risk – e.g. agents inputting their own account number for bookings)
• System has a name check function to ensure that name on program account matches that on the e-ticket
• If system does not have name check functionality, review report detailing account usage/points acquired over a period of time
• Test of one over application controls (system check on names)
• Review management’s review of account usage/points (high frequency and/or high points accumulation as compared to average) acquired reporting
E-Ticketing AUDIT PROGRAMME
Page 21 of 39
Potential Risk – more detailed
Expected Controls Audit Testing/ Questions WP Ref./ Completion Date
Initials
Extension of ticket validity/fare validity
• system prevents ability to extend ticket/fare validity (including differences in validity based on fare class)
• System produces report of exceptions for management review
• Test of one (prevent ability to extend ticket/fare validity, prevent creation of booking where fare class/date of travel does not match with e-ticket validity)
• Evidence of management review *** Is a re-issue the same as an exchange? Need to confirm vs. IATA standard ***
Checking in e-ticket passengers as paper tickets (coupon status remains as not flown)
• Post-flight procedures will show how many passengers are paper vs. e-ticket. These numbers are reconciled against the system.
• System generates report to facilitate reconciliation of passengers manifested against ETL/paper coupons collected and management reviews this report
Review reconciliation performed post-departure with respect to paper vs. e-ticket passengers and manifest
Incorrect change of coupon status
Segregation of Duties Check for conflicting authorisations with one user Audit trail Check presence, retrievability and usability of logs Exception reporting Follow-up on exception reporting Review and feedback Assess existence and use of reports regarding coupon status
changes
Incorrect reissues Fare audits Assess scope, quality of execution and follow-up on fare audits Automated controls (in transaction)
Assess whether automated controls that minimise the risk of incorrect reissues are implemented
Four eyes (check by second person)
Check whether the retained copy of a reissued ticket is accompanied by 2 names and signatures
Incorrect exchanges of tickets See Expected Controls for reissued tickets
See Audit Testing / Questions for reissued tickets
E-Ticketing AUDIT PROGRAMME
Page 22 of 39
Potential Risk – more detailed
Expected Controls Audit Testing/ Questions WP Ref./ Completion Date
Initials
Exchanging e- to paper tickets without a status change made to the e-ticket
System report that shows paper tickets with exchange value equalling to an e-ticket number. Report is reviewed and transactions validated.
Review report for evidence of management review
Baggage allowance limits (printed on ticket)
System report identifies where baggage allowance on the ticket database does not match with prescribed limit. This report is reviewed.
Review report for evidence of management review
‘Unnecessary’ waiving of change / cancellation fees
Audit trail in application Assess the adequacy of the scope of the audit trail in the application (are all waivers logged in sufficient detail for further analysis?
Authority list showing who is authorised to wave fees
Obtain access control list and verify that rights to waive are only assigned to those that must be able to waive in order to perform their duties
Investigating legitimacy of reason for waving fee
Obtain evidence for waiving fee (based on principle that not documenting reason is a control exception)
Collecting (or deducting from refund) the wrong change / cancellation fee
Preventive IT controls (feasible due to dependency from GDSs?)
• Assess whether prescribed fees per type of change can be overruled and if yes, by whom. For those who can change prescribed fees, assess a sample of tickets changed / cancelled by the persons that can overrule the prescribed fees
• Assess whether rights to overrule are limited to those that need to be able to overrule and that an audit trail is in place and usable
• Take a sample of changed / cancelled tickets and compare actual collection / deduction with prescribed fees for the change / cancellation performed
Mix-up of fees, taxes and fare Fare audit (detective control) • Recalculate historic refunds
E-Ticketing AUDIT PROGRAMME
Page 23 of 39
Potential Risk – more detailed
Expected Controls Audit Testing/ Questions WP Ref./ Completion Date
Initials
in refund Calculating fare per segment • Check that calculation of refund is based on fares and taxes per segment
System controls • Check that pricing elements (fees, taxes, fare) are classified correctly
Incorrect refunding Refunding only after showing ID (refund to same person)
• Check existence of procedure • Assess presence of copies of IDs in refund administration
Refunding on same form of payment (same credit card, same bank account, etc.)
• Check existence of procedure and supporting IT controls (application does not allow refund to different account / credit card)
• Test application controls are take a sample of refunds to check for refund on same form of payment
Obtaining authorisation from and calculation of amount from issuing office
• Check enforcement of authorisation from issuing office by procedure or workflow in application
• Take a sample of refunds to check for presence of authorisation or test automated workflow
Ancillary fee manipulation
• System reports identifying where fields have been changed. Reports are reviewed.
• System automatically generates fees, as required.
• Fee overrides are monitored and reviewed.
• Review report for evidence of management review • Test of one (System automatically generate fees, as required)
Re-routing • Access controls restrict which users are able to execute re-routing transactions.
• System reports when re-routing has occurred. These reports are reviewed.
• Review access controls against prescribed policies • Review report for evidence of management review
E-Ticketing AUDIT PROGRAMME
Page 24 of 39
Potential Risk – more detailed
Expected Controls Audit Testing/ Questions WP Ref./ Completion Date
Initials
Tickets are unvoided Application design / IT control that prevents unvoiding
Test of one to ensure that system control works as intended
Voiding tickets with used segments
Application design / IT control that prevents voiding of tickets with used segmants
Test of one to ensure system control works as intended
Incorrect processing of flight interruptions
FIM is auto-generated with e-tickets
Remark: Involuntary reissuing of tickets also applied instead of FIMS
Excessive SSRs that cannot be accommodated for flight safety reasons
Counters on excessive requests
Review SSR types on each flight (sample basis) for reasonability
Unintended use of SSRs (e.g. wheelchair in order to use the fast lane)
Require official documentation to request SSR
Select a sample of tickets with SSRs and obtain supporting documentation
Requesting a Special Service which was not requested (and paid if applicable)
Putting proof of request on ticket (as a surcharge / tax code)
Review system workflows to determine whether proof of request is printed on ticket
Showing MCO at check-in Observe procedures at check-in to determine whether agents request to see MCO’s
Marry MCO to ticket in DCS (check-in agent sees what service is requested)
Test system configuration
Ticket and MCO are linked Test system configuration Fill in MCO details in endorsement field of e-ticket (system requires this)
Test of one
Unauthorised interventions, leading to revenue leakage
Minimal or no interventions by customer-facing employees front office)
Assess whether the possibility to execute manual interventions is restricted to supervisors or is taken away from all customer facing staff (back office only) if feasible
E-Ticketing AUDIT PROGRAMME
Page 25 of 39
Potential Risk – more detailed
Expected Controls Audit Testing/ Questions WP Ref./ Completion Date
Initials
Role based access, Segregation of Duties
• Assess whether the available user profiles are free of conflicting tasks / contain safeguards against unauthorised bookings
• Assess whether conflicting profiles are not granted to a single person
Access control lists Assess whether access is restricted to those that need to perform related tasks in order to do their jobs
Authentication of users of IT systems
• Assess whether systems are protected with authentication mechanisms of sufficient strength (complex and personal passwords that frequently change, personal swipe cards, etc.)
• Assess whether accounts are locked after repeated failed login attempts
Maintenance of access rights to IT systems
• Assess whether granting of access rights is only executed after approval of designated authorising managers
• Assess whether leaves and staff transfers lead to revocation of access rights
• Assess whether outstanding access rights are periodically reviewed by management
Logging of critical activities Assess whether critical interventions are logged, log files are archived and reviewed, and access to log files is restricted
Legitimacy checks Assess whether checks regarding the legitimacy of interventions are executed
Restricted access to database and logging of database administrators activity
• Assess whether database administrator access is limited (need to have)
• Assess whether critical changes to database records are logged and reviewed
E-Ticketing AUDIT PROGRAMME
Page 26 of 39
Potential Risk – more detailed
Expected Controls Audit Testing/ Questions WP Ref./ Completion Date
Initials
Unavailability of systems Redundancy of IT servers, storage, power and network elements
• Assess hardware, networking and power supply for absence of single points of failure. In case single points of failure exist, verify whether the related risk is consciously accepted by management
• Obtain comfort from external providers regarding their redundancy
Continuity plans to minimise adverse effects of outages
Assess whether continuity plans are present, up-to-date and tested
Testing of changes to IT Assess whether changes to IT are subject to testing and sign-off for proper performance before the production environment is changed
Loss of application and data Back-up and recovery • Assess whether frequent back-ups are made and stored at a distant and safe location
• Assess whether back-ups are scheduled and execution is monitored
• Assess whether recovery tests are performed
No downstream updates of intervened records (bookings, coupons etc.)
Flagging and interfacing of changed records
Assess whether changed intervened records are flagged and downstream systems (e.g. departure control, revenue accounting) are informed about the intervention whenever necessary
Process Notes & Test Results
E-Ticketing AUDIT PROGRAMME
Page 27 of 39
E. EMD’s • not available on a widespread basis yet • MCOs • Link EMDs to ticket numbers to facilitate proper revenue recognition • There are some services for which the MCO is not initially linked to the ticket number – need a trigger for this link to occur • MCO purpose will define revenue recognition • Value is linked so that when utilized is properly recognized • Need to reconcile to form of payment and ensure that payment is collected • Change of coupon status (if MCO is not marked as used can be available for refunds) Objective – to ensure completeness and accuracy of revenue associated with EMD, ensure there are adequate controls over the accuracy of MCOs (in particular, fraud risk), ensure collection for fees over MCOs, accountability over MCOs and proper authorization, revenue leakage Potential Risk Expected Controls Audit Testing/ Questions WP Ref./
Completion Date
Initials
EMD utilization status is not reflective of the e-ticket status
System automatically associates EMD(s) with an e-ticket. Status of EMD is then reflective of e-ticket status.
Perform a test of one to check whether EMD(s) is automatically associated with an e-ticket
System report identifies EMDs that have a status that is not the same as the associated e-ticket. Report is reviewed.
Review management’s review of system report
Sequence controls in the system for EMDs issued.
Assess whether a sequence control in the system for EMDs is present
Fraudulent use of EMDs System report to identify EMDs unused for extended period of time. Report is reviewed.
• Assess whether a report that lists unused EMDs is in place • Review management’s review of system report
E-Ticketing AUDIT PROGRAMME
Page 28 of 39
Potential Risk Expected Controls Audit Testing/ Questions WP Ref./ Completion Date
Initials
EMD is not linked to an e-ticket System report identifies EMDs that to not have an associated e-ticket. Report is reviewed.
• Assess whether a report that lists all EMDs without associated tickets is in place
• Review management’s review of system report
Improper revenue recognition for amounts associated with EMDs
EMDs are coded to identify purpose.
Assess whether EMDs are coded in such a manner that the purpose can be easily / automatically identified
Accounting research is performed to identify proper revenue recognition method for each EMD type.
Review accounting research memo
System maps appropriate revenue recognition for each EMD type according to accounting policy.
Verify whether accounting department was involved in design of system and signed off on acceptance testing
Coupon status change makes EMD available for use more than once
System controls that prevent duplicate utilization.
Assess whether system blocks used EMDs for further use
Access controls limit the number of users that can make coupon status changes.
Review access levels and compare against policy and procedures. Ensure that an appropriate authority approved the access levels.
System generates an exception list that identifies coupons that have changed statuses. List is reviewed for reasonability and follow-up occurs.
Review management’s review of system report
Unauthorized issuance of EMDs
Stock control, including counts and reconciliation. Executed by Station Manager.
Review stock control and reconciliation working papers prepared by the Station Manager(s).
E-Ticketing AUDIT PROGRAMME
Page 29 of 39
Potential Risk Expected Controls Audit Testing/ Questions WP Ref./ Completion Date
Initials
Over-utilization of EMDs Values of EMDs are automatically loaded in the system and usage amounts are automated/linked to e-ticket usage
Assess whether EMDs are automatically valued
Improper refunding of EMDs Reconciliation between form of payment and form of refund
Assess whether form of payment and form of refund are reconciled and reviewed by management
Policies and procedures are in place that govern the appropriate refunding of EMDs
Review policies and procedures for reasonability and approval.
Policy defines that refund location must be the same location as sale of the EMD (where currency restrictions exist)
Review policies and procedures for reasonability and approval.
System generates exception reporting that shows transactions where original form of payment is not where the refund is processed. This report is monitored and reviewed by management
Assess whether location of payment and refund are reconciled and reviewed by management
Revenue from EMDs are not complete or do not exist
Reconciliation of EMD amounts per the system to form of payment
Review reconciliation of system amount with form op payment and ensure that reconciling items are appropriately dealt with and/or accounted for.
Abuse of IT systems, leading to unauthorised EMD transactions that involve revenue leakage
Role based access, Segregation of Duties
• Assess whether the available user profiles are free of conflicting tasks / contain safeguards against unauthorised EMDs (e.g. segregation between creation and approval of exceptional EMDs)
• Assess whether conflicting profiles are not granted to a single person
E-Ticketing AUDIT PROGRAMME
Page 30 of 39
Potential Risk Expected Controls Audit Testing/ Questions WP Ref./ Completion Date
Initials
Access control lists Assess whether access is restricted to those that need to perform related tasks in order to do their jobs
Authentication of users of IT systems
• Assess whether systems are protected with authentication mechanisms of sufficient strength (complex and personal passwords that frequently change, personal swipe cards, etc.)
• Assess whether accounts are locked after repeated failed login attempts
Maintenance of access rights to IT systems
• Assess whether granting of access rights is only executed after approval of designated authorising managers
• Assess whether leaves and staff transfers lead to revocation of access rights
• Assess whether outstanding access rights are periodically reviewed by management
Logging of critical activities Assess whether critical activities are logged, log files are archived and reviewed, and access to log files is restricted
Restricted access to database and logging of database administrators activity
• Assess whether database administrator access is limited (need to have)
• Assess whether critical changes to database records are logged and reviewed
Unavailability of systems Redundancy of IT servers, storage, power and network elements
• Assess hardware, networking and power supply for absence of single points of failure. In case single points of failure exist, verify whether the related risk is consciously accepted by management
• Obtain comfort from external providers regarding their redundancy
Continuity plans to minimise adverse effects of outages
Assess whether continuity plans are present, up-to-date and tested
Testing of changes to IT Assess whether changes to IT are subject to testing and sign-off for proper performance before the production environment is changed
E-Ticketing AUDIT PROGRAMME
Page 31 of 39
Potential Risk Expected Controls Audit Testing/ Questions WP Ref./ Completion Date
Initials
Loss of application and data Back-up and recovery • Assess whether frequent back-ups are made and stored at a distant and safe location
• Assess whether back-ups are scheduled and execution is monitored
• Assess whether recovery tests are performed
EMDs are not updated when related tickets are changed
Flagging and interfacing of changed tickets
Assess whether changed tickets are flagged and EMD system is informed about the change whenever necessary
Process Notes & Test Results
E-Ticketing AUDIT PROGRAMME
Page 32 of 39
F. Interline / Non interline Potential Risk Expected Controls Audit Testing/ Questions WP Ref./
Completion Date
Initials
Bookings made for OAL stretches for which endorsement is not allowed
System does not accept bookings on stretches for which endorsement is not allowed
• Assess whether the system rejects bookings on stretches when endorsement (for e-tickets) is not allowed / arranged
• Assess whether the list of non-endorsable stretches in the system is kept up-to-date
Passenger shows up with valid OAL reference but ticket cannot be found in DCS (interline tickets not existing)
Known procedure regarding verifying validity of OAL tickets not in DCS
Assess whether a procedure is in place for verifying the validity of OAL reference (e.g through e-ticketing backoffice with access to GDSs and OAL backoffices)
Contract incorrectly implemented in system
Verification of with contract during acceptance testing
Assess whether acceptance testing did include verification with the contract
Available date insufficient to live up to data exchange agreed in contract
Persons in charge of concluding contracts verify with information managers what information can be exchanged
Assess whether information managers reviewed contract proposals for possibility to implement proposed data exchange
Outdated or lack of interline agreement governing relationship for e-ticketing purposes
Contract management system/database that alerts stakeholders as to when contract term end is near (define period)
• Check for availability of contract register • Review alignment of booking classes with other airlines and
compare to what has been entered in to your prorate engine
Review significant interline agreements on a regular basis to determine whether re-negotiation is required
Review agreements on a sample basis
E-Ticketing AUDIT PROGRAMME
Page 33 of 39
Potential Risk Expected Controls Audit Testing/ Questions WP Ref./ Completion Date
Initials
Lack of integrity of data Proration method needs to be registered
• Assess whether proration methods are contractually agreed upon
• Review alignment of booking classes with other airlines and compare to what has been entered in to your prorate engine
• Sample testing to confirm whether proration is appropriately calculated (to be performed in cooperation with Revenue Accounting department)
Non-acceptance of tickets Availability of reports on number of rejected tickets on both a coupon and total value basis. Reports are reviewed.
Assess whether reports regarding rejected tickets are in place and reviewed by management
Inability of system to take control of coupons
Compare boarded pax figures versus boarded e-tickets to identify discrepancies
Assess whether failures to change coupon status for boarded passengers are identified, reported and solved
Policy and procedures exist to dictate required actions when there is inability to take control of coupons
Assess whether procedures regarding solving coupon control issues are in place and followed
Billing is not timely and/or complete
System parameters have been set to identify required billing and complete billing
• Verify that system parameters that identify required billing are in place
• Verify that aging reports regarding unbilled coupons are in place and reviewed
Billing delays Monitoring and prompt follow-up on rejected invoices
Assess whether rejected invoices are timely identified and prompt follow-up takes place
Overbilling by partners Tickets require SAC code or they are withheld for payment until further investigation ensues
• Assess whether the system refuses payment for tickets without SAC code
• Review investigation procedures
E-Ticketing AUDIT PROGRAMME
Page 34 of 39
Potential Risk Expected Controls Audit Testing/ Questions WP Ref./ Completion Date
Initials
Revenue accounting system identifies inaccurate billing by identifying unreported sales (including auto-rejection)
Assess whether revenue accounting system rejects tickets of which no sale is reported
Interline FIMs Reporting of FIMs issued by airport staff in order to map against billings from other airlines.
Review reporting and mapping performed by management.
FIM is mapped to an e-ticket Assess whether automatic mapping of FIMs to e-tickets is in place
Sequential control over the issuance of FIMs
Assess whether a sequence control in the system for FIMs is present
FIMs are issued but status of e-ticket has not been changed
System control that automatically updates coupon status when FIMs are issued
• Assess whether coupon status is automatically updated at issuance of FIMs
• Where system controls are unavailable, perform sample testing of transactions
Use Ticket Exchanger (include in service provider agreements)
Review service provider agreements
Abuse of IT systems, leading to unauthorised transactions that involve revenue leakage
Role based access, Segregation of Duties
• Assess whether the available user profiles are free of conflicting tasks / contain safeguards against unauthorised transactions
• Assess whether conflicting profiles are not granted to a single person
Access control lists Assess whether access is restricted to those that need to perform related tasks in order to do their jobs
E-Ticketing AUDIT PROGRAMME
Page 35 of 39
Potential Risk Expected Controls Audit Testing/ Questions WP Ref./ Completion Date
Initials
Authentication of users of IT systems
• Assess whether systems are protected with authentication mechanisms of sufficient strength (complex and personal passwords that frequently change, personal swipe cards, etc.)
• Assess whether accounts are locked after repeated failed login attempts
Maintenance of access rights to IT systems
• Assess whether granting of access rights is only executed after approval of designated authorising managers
• Assess whether leaves and staff transfers lead to revocation of access rights
• Assess whether outstanding access rights are periodically reviewed by management
Logging of critical activities Assess whether critical activities are logged, log files are archived and reviewed, and access to log files is restricted
Restricted access to database and logging of database administrators activity
• Assess whether database administrator access is limited (need to have)
• Assess whether critical changes to database records are logged and reviewed
Unavailability of systems Redundancy of IT servers, storage, power and network elements
• Assess hardware, networking and power supply for absence of single points of failure. In case single points of failure exist, verify whether the related risk is consciously accepted by management
• Obtain comfort from external providers regarding their redundancy
Continuity plans to minimise adverse effects of outages
Assess whether continuity plans are present, up-to-date and tested
Testing of changes to IT Assess whether changes to IT are subject to testing and sign-off for proper performance before the production environment is changed
E-Ticketing AUDIT PROGRAMME
Page 36 of 39
Potential Risk Expected Controls Audit Testing/ Questions WP Ref./ Completion Date
Initials
Loss of application and data Back-up and recovery • Assess whether frequent back-ups are made and stored at a distant and safe location
• Assess whether back-ups are scheduled and execution is monitored
• Assess whether recovery tests are performed
EMDs are not updated when related tickets are changed
Flagging and interfacing of changed tickets
Assess whether changed tickets are flagged and EMD system is informed about the change whenever necessary
Incomplete and inaccurate exchange of interline coupon data, leading to incomplete / incorrect settlement
Interface controls • Assess whether accuracy checks on exchanged data are in place (e.g. checksums)
• Assess whether completeness checks on exchanged data are in place (e.g. sequential numbering of data files)
• Assess whether double processing of data (at data file and coupon level) cannot occur
Process Notes & Test Results
E-Ticketing AUDIT PROGRAMME
Page 37 of 39
G. Management Information Purpose of management information: proper management and ability to steer a process. The following reports provide management information regarding E-Ticketing: 1. Unused MPDs 2. Non-existing staff IDs 3. Reissued ticket with name change 4. Manual pricing 5. Portion of paper ticket 6. Reason for use of paper ticket 7. Leakages 8. Sector mismatch 9. Class mismatch 10. Out of sequence usage (first coupon not used) 11. Tickets with unfiled fares (fare mismatch) Report Required KPI Indicator of possible fraud 1. Unused MPDs Report on unused MPDs Unused MPD by station Unreasonable/unexpected trending results
Unused MPD by type Unreasonable growth rates Aging of MPDs Usage of unused MPDs by staff (especially
refunds) 2. Non-existing staff IDs Report on activities by terminated staff Obtain IP address used to perform transaction Access to systems by staff who have been
terminated Number of free and/or reduced tickets being issued
High number or frequency of free and/or reduced fare tickets being issued by specific agents
Tickets issued/other benefits offered to terminated staff
Report on employee who actioned transaction on behalf of terminated employee
Personnel number on ticket does not appear as active employee in HR system
E-Ticketing AUDIT PROGRAMME
Page 38 of 39
3. Reissued ticket with name change Report identifying any reissued tickets where characters in name fields have changed
Frequency of reissued tickets with changes to name on a staff basis
Staff who perform this function on a frequent basis
4. Manual Pricing Report on all tickets with manual pricing Percentage of manually priced fares by country High percentage of manually priced fares compare
to prior periods or average Manually priced fares that have not been audited through fare audit
Time lag for audit of manually priced fares Unexplainable fare audit scope exclusions Percentage of issued ADMs Low percentage of ADMs (indicates
incompleteness) 5. Proportion of paper tickets Report on percentage of paper tickets versus e-tickets
Less than x% paper tickets (percentage is dependent on staff travel and regions you operate in)
High percentage of paper tickets
Reason why paper tickets are needed Invalid reasons for usage of paper tickets 6. Reason for use of paper ticket Breakdown of issued paper ticket per: • Origin & destination • Issuer • Special add-ons / requests • Carrier involved
% of paper tickets relative to total of issued tickets
Unnecessary issuances of paper tickets
Number of stretches and add-ons that require paper tickets
Unnecessary issuances of paper tickets
7. Revenue leakage Report on out of sequence coupons Number and percentage of out of sequence
coupons per base as compared to previous periods
High number and/or variance compared to previous periods
Cross border sales Number and percentage of cross border sales by country as compared to previous periods
High number and/or variance compared to previous periods
8. Sector Mismatch Report identifying when re-routing or changes to flight paths have been made.
Instances of where system has been overwritten without appropriate authorization and/or fare collected
Non-collection of fees and/or additional fare
E-Ticketing AUDIT PROGRAMME
Page 39 of 39
9. Class Mismatch Report identifying where there are discrepancies between class purchased versus what is actually flown
Number of instances or percentage of occurrence where there is a class mismatch
High number of transactions that do not comply with policy
Report comparing original ticket with go-show ticket to search for class mismatch
Excessive amount of go-shows High number of go-shows with a different class than booked for one specific employee or passenger
10. Out of sequence usage Breakdown of tickets for which coupons were not used in sequence per: • Booking class • Issuer • Passenger • Origin & destination
Percentage / number of out of sequence uses per booking class
Out of sequence usages not permitted for applicable booking class High out of sequence usage of tickets issued by a single agent / ticket office High number of releases of out of sequence blocks for a single employee (in case check in system or DCS blocks such use)
11. Tickets with unfiled fares (fare mismatch) Number and total value of tickets with manual fares broken down per: • Origin & destination • Issuer • Booking class
Percentage of offerings for which no fare is filed Agents / ticket offices with high numbers of application of erroneous (lower) fares Agents / ticket offices with high numbers of overrulings (if possible) of autoquoted fares