Embed Size (px)
Citation preview
Computers & Security, 9 (1990) I? I-1 16
Belden Menkus
T here is far more to computer security than pratccting the
hardware and the software against various threats. Effective measures also must bc employed to safeguard the integrity and essential trustworthiness of the transactions processed-and the records ciedrcd and maintained-
bY the system. What are termed commonly as audit trails play a
cricital role in this process. They belong in any transaction- oriented computing cnviron- ment in which the transaction recordin ultimate B
process will lead y to record modika-
tion. Typically, something of value will be at issue in such a
0 1990, Bclden Menkus.
situation. Thus the system might be dealing, for instance, with the dispersal of benefits, the issuance of tools or supplies, or changes in the status of individuals. The details of audit trail USC will vary
with the nature of the trans- action process in question. The role of the audit trail is considc;-t-d in this discussion in the ret& merchandising environment.
When the Audit Trail is Missing
The function that an audit trail should perform can be under- stood better by examining what tan occur when it is missing.
Consider these four situations in real life retailing organizations.
0 7 St: grocery chain treats even cxcl :angcfook stump s&3 as no sale transzciiom, cvcn though both the menhandisc involved and the food istamps have a specific cash value? The point-of-sale (point- of-sze) terminals installed in the chaitrs various stores produce a yapel refisfer tape for the enzonrer, bet the individual terminal’s transaction counter does not advance and no record of the transaction is created in the chain’s automat4 account- ing system. Effective!y, the merchandise involved just simply ceases to exist in its inventory when the transaction is com- pleted.
o The hardware store &A'S
0167-4048/90/$3.5@ Q 1990, Ekevier Science Publishers Ltd. 111
8. MenkudMaintahing lnforma tion Integrity
stockkccping unit records for large power tool and otlcr big ticker items do not include individual item serial numnbcrs. The chain‘s inventory records for such items arc accumulated and scgrcgatcd by model type and class It ‘, not possihlc to dctcr- mint from the chain’s data pro- cessing system records if a particular item is in the chain’s warchousc stock or a spccitic stor+or already has been sold. In f&x it is not possit42 to dctcr- mine that the item cvcr was in the store’s posscssion, or, for that matter, was dchvcrcd by the manufacturer.
l The dcparancnt store chain dots not provide positive idcnti&ation of the individual clerks who enter transactions into its point-of-sale system terminals. It is not possible to dctcrminc who crcatcs crron~~)us sales transactions or who is rcsponsiblc for possibly qucstionablc customer account crcdis. In fact, it is not possible to trace any problem transaction record to its source.
* The fast food chain switches off-lint at midnight local time dir point-of-& terminals at those of its units that remain open 2-1 hours a day. TThc chain’s central data processing facility only opcratcs for two sh;%. And, not all of its locations arc open around-the-clock.) During the overnight hours thcjc tcrmina!s bccomc, in cffcct, L.cc-standing clcctronic cash rcgisxrs. No record of overnight salts is kept
beyond the displayed rcgistcr totals. The diffcrcncc bctwccn the midnight and 6 a.m. cash- on-hand totals is cntcrcd as the first transaction of the new salts day when the terminals go back on-lint again. Howcvcr, thcrc is no valid indcpcndcnt way to dctcrminc how much cash acn.:lly was rcccivcd during that six hoar period.
Dcspitc the significant diffcr- cnccs in operating style, size, and geographic location separating thcsc four retail store chains, they have this in comnion- adcquatc audit trails arc not b&g crcatcd in the operation of their point-of-salt systems. Yet, thcsc systems arc the primary tool that the managcmcnt of thcsc retail chains has for cnsur- ing the csscntial honesty and accuracy of the transactions cxricd out in the stores that they t’pXV.
What an Audit Trail is
While of prime intcrcst to auditors, tlic air&f hd is an important clcmcnt in ensuring cffcctivc moniroring at. d control of day-to-day activities in any transaction-oriented cnviron- mcnt. In retailing the audit trail plays a crucial role in ensuring the trustworthiness of the information proccsscd through
. the point-of-sale system.
In retailing, an audit trail is not something that is provided auto- matically when the point-of-salt terminal is plugged in, unlocked, and its internal itemizers arc
rcsct. To bc cffcctivc the audit trail must bc dcsigncd into the way in which the point-of-salt terminal and the information that it records arc to bc used.
An audit trail provides a full record of what an information- handlin
K system has been used to
accomp ish-how, what. with what, and by whom. In d non- ElX retail rccordkccping system the audit trail lcavcs a visible paper record. T);Fically, this is a second journal tape crcatcd in the rcgistcr. Its contents will bc supported by supervisor-signed credit and refund slips and other documents. In a point-of-salr system thcrc is no visible record routinely crcatcd by the cquip- mcnt that can scrvc as an a&f trail. Prorcdurcs for creating a rcrord to perform thcsc functions must be dcsigncd into the sofiwarc used in the system.
What an Audit Trail Should Contain
In a retail point-of-sale cnviron- mcnt the audit trail record should include at Icast thcsc data clcmcnts.
(a) mnriwnl idcntijkr. This should bc a unique code not modifiable by the salcspcrson. This code should cnsurc that USC of this dcvicc can bc rccognixd cvcn when the records of its trans- actions arc mcrgcd with those crcatcd clscwhcrc in the store or at other chain locations.
(b) sulqwm idtw$f;‘pr. N~xmally a straightforward digital code
112
Computers and Security, Vol. 9, NO. 2
should bc sufficient. But, whcrc significant amounts arc involved-such as in jcwch-y, app!iancc &Iegoods (such as rcfrigcra tars and stoves). and other so-called big ticket operations-it may bc prcfcrablc to have a more positive identifi- cation of the person cntcring the transzd tion record. The latter approach may call, f;,r example, reading a salrspcrson’s magnetic stripe personal identification card when the transaction recording process begins.
(c) transaction record number. This may be a stmdulone identifier or it may be usrd in conjunction with the first two data dcmcnts.
(d) trmsuction d&e ard inter-day sequence. This permits dctcrmin- ing the order in which trans- actions occurred and relating them to a particular time.
(c) transaction type-in this case, the categories would bc cash, check, or credit in some form. It may be advisable to record as well the application of a so- called senior citizen discount or some other form of prcfcrcntial pricing. When a check is acccptcd f;om a customer the bank and account numbers should also be rccordcd.
(f) tratzsactiorz details. This should include, at lcast, stockkccping unit class and item serial numbers-which might bc read optically from a bar-rcdcd label attached to the product being sold. Also, of course, this entry
will include normal sales price and taxation data and customer account idcntificrs.
(g) f;:le i/lunge “intnge’! This should consist of both the before and the afier records when the transaction dirccdy akcrs an inventory record or a cu~omcr account balance.
Not all of this information will bc rcquircd in every audit trail, but it should bc rccordcd routinely when it is necdcd. In total this audit trail information plays an important continuing role in management’s efforts to monitor and to control a point- of-sale system.
How an Audit Trail is Used
Retail organization managcmcnt and its internal and cxtcmal auditors share a concern for the adequacy and cffcctivcness of this audit trail information.
Managcmcnt uses this audit trail as a key component of two different systems. The first system keeps track of current sales detail by stockkeeping unit-in terms of such things as sale date, geographic location of the selling unit, and the pcrformancc of discounts and other salts promotion tools. The second system monitors indi- vidual salcspcrson pcrformancc- in terms of such thi:lgs as accuracy in handling customer salts transactions and consistency in following store operations proccdurcs. In a sense the point-
of-s& terminal-based system’s audit trail complcmcnts-and, in some situations, rcplaccr-the surveillance and supervision of‘ the salcsprrson’s work practices long provided by managcmcnt’s direct observation of the retail salts floor. In a p&.t-of-salc terminal cnvironmcnt rhc paper record trail of dorutncnt topics, tallicrs, and the like that long augmcntcd that direct obscrva- t-ion no longer exists.
And, as point-of-sale sales trans- acrions arc intcgratcd in so- called advmced systems with such things as automated inventory control and restocking acavitics and customer accounts recciv- able balance processing thcrc is no other way than fXowirzg ouc the audit trail to identify and correct errors--\)r to locate possible dishonesty-at the source. (This tracing and idcn- t&cation pmccss also Gil cnablc managcmcn: to spot substandard job performance and to focus sales training efforts on task- oriented cmployce work improvement needs.)
Finally, mn~ClllCllt USC'S the
audit trail to locate those aspects of controls over operations which arc vulncrablc to error, theft of assets, or &aud. Once the apparent source or cause of such a condition has been idcntificd, cffcctive ~corrcctivr action can bc taken. By prcvcnting the dis- appcarancc of key salts trans- action and illdcntory data when individual records arc aggrcgatcd into larger databases, the audit
113
B. MenkuslMain taining Information integrity
trail plays a major ro!c in helping management discharge its legal rcmonsibilities for maintaining ---r -~
and safeguarding the way in which an organization’s assets arc UWd.
The Auditors’ Role
The auditors’ use of the audit trail tends to complement thcsc management conccms. Truly cf&ctivc modem auditing prac- tices focus on more than vcri+- ing the arithmetical calculations used in creating an organization’s financial statcmcnt. The modern auditor tests the validity of the data on which those calculations arc based, as well as the tr\zst- worthiness of the procedural controls that shaped the procc%es of revording and using that data. The auditor is cxpcctcd to dctcrminc two things. First, that an organization’s reported financial data actually is what it purports to bc. Secondly, that the organization’s management is maintaining effec five controls over its assets. The audit trail provides a reliable indcpcndcnt ?r_etbod for making &SC two determinations.
Using the Audit Trail
Despite the differences in tbcir objectives, both retail chain management and auditor USC the audit trail in much the same fashion. This is demonstrated by the way in which each might test accounts receivable data. Management might want tc know, for instance, if credit
transactions wcrc created correctly and if outstanding balance collection efforts have been undertaken promptly and prop&v. In particular, it will want t<l’ idcntitjr the source of
possible erroneous or fraudulent transaction data. The auditor must dctcrminc if the account data r&cts real salts trans- actions and if any errors or improprieties arc rcflccted in this dao
Both ulic the audit crdrl in the same maniler. Take, ds an example, the way in which conso!idatcd accounts rcccivablc is handled. It is processed in three phascg It is compared, first of all, to a control total that Vericics the number- of active accounts in the file and the dollar total outstanding. Nest, an aging of the file is crcatcd; it lists the balances outstanding for individual customers for, say, 30-60-90-l 80 days. Finally, a lidcing subset of the files is crcatcd. It includes, say, outstanding totals by class or type OH/~ for the 30 day accounts and both the customer account numb-r and the transaction record number for all older items. Additional data-such as transaction detail or sales person identifiers-might be included as well if the file is to be used for more than just analysis of controls over credi: issuing and fund collection.
Anot& illustration of audit trail usr 1s with an inventory conrrol f%. The tracing subset of the file
might include transaction detail and salesperson identificr as well as the transaction record number for all items-or just for those during a particular salts period or above a specific value. In each instance, the data used I;om the audit trail record will be dctcrmined by the type of test or investigation being made.
Designing and Constructing Audit Trails
For the needed audit trail data to be available when it is required. provision for collecting and maintaining the information must be designed into the data processing system that support point-of-& terminal use. And, provision must be made within the structure of Lr design both for selcctivc rctricval of the desired information and for prevention of unauthorized modification of it.
Audit trail information capture and use is best provided for at the carlicst possible point in the system design process. Generally these arc the steps that should bc followed.. .
(1) Specijj record content by idcn- ti@ng those data items that arc necdcd for tracing a particular transaction back to its source. (When the audit trail concept is first being used, it may be wiser to provide for every possi- bility, rather than failing initially to provide for recording data that must bc inserted into the
system design structure at some
114
Computers and Security, Vol. 9, No. 2
later time. Expcricnce in using the audit trail will help dctcr- mint what data, if any, can bc climinatcd safely from audit trail
records )
(2) Providefir data capture as a part of the point-to-salt terminal operation routine. (In particular,
provide far as much UPC as possible of terminal function keys, bar code readers, and the like. Avoid the USC of any rcscttablc counters or rcgistcrs that may have been provided with the terminal device.)
(3) Ensure that the a&t frail data is maintained consistently. Creating and using audit trail data imposes a processing and opcra- tional ovcrhcad that should bc allowed for in planning data processing hardware and communications facilities USC. Providing this data also imposes costs for collecting and retaining tt that should bc recognized early in the system development life cycle.
(4) Expedite disposal ofnata na longer needed by releasing data storage space as soon as control
checks and audit processes have
been completed. (Select a trigger event, such as the close of a particular sciling season or the issuance of the auditor’s letter dealing with that period, to ensure that this is done routinely. Prompt disposal of this data wiil limit system overhead and improve its operating efhcicncy.
Audit trail adequacy and pcrformancc cfficicncy should be tested as an integral part of the system design acccptancc process by those who actually will USC the data. These same people should participate, as well, in periodic operational audits of the systems efficiency and effective- ness. The latter will vcrifj that the audit trail is being used and will validate the way in which the data it generates actually arc
being used.
Maintaining the Audit TrS!
The audit trail must bc used regularly and in a consistent fashion if it is to be full value. Them arc three aspects to this.
(1) Ensurc that regular tests arc made of the operational and integrity controls that it makes
possible. Be sum that the S&X- people know that drcsc tests arc bcirg made.
(2) Monitor salcvpcrson con- formity to store proccdurcs that govern the routine creation of audit trail records. Take corrcc- tivc action with those who arc not following those procedures.
(3) Bc sure that individual store managcmcnt does not try to slrorr circuit audit nail record creating proccdurcs during periods when sales activity is especially heavy. Allowing any attempt to fi-cc up sales person time by reducing the point-of-sale terminal operation routine -will prove in almost every instance to bc a f&c economy.
The audit trail is a key clement in providing effective controls over point-of-sale terminal- based data processing systems. It is used by both corporate management and the auditors In vcrif+g the reliability of the information handled by these systems. An audit trail is best designed into the system in the beginning of its development and it is maintained by being
used.
115
in taining lnforma tiun In tegriiy
Hc is 2 h!je,y nFh,\A A. K . . h 1 _. __..I .--. _nns.. .!?Sri- nttc of Adminismtivc Managcmrttt and the Am&an Associatton of Ctiminol- ogy, He is a member of the Board of the
EDP Qtahty Assurance lnstttutc, and rhc Pattc: of Arbitrarxs of& Atxtican
Arbirtarion Association. the Associadon t‘or Systems Management. the New York
Crime prevention Council. and the Business Forms Mattagcmcnr Associa- tion.
Hc has rwicc brytt awarded rhc silver mcdaliian of rhc American Managcmcm
Association and has received the distinguished service citations of both the National Micmgraphics Association
attd the Association of Records EXCU- rives and Administrarors. He has been named a life honorary member of the
Federal Emergency Management Administration SraKCollegc faculry.
116
