Standing data is data that is held in the system for long-term use and is not expected to change frequently (hence the term standing data). Another term for standing data is “master list” or “master data” Standing data can consist of customer information, product information, employee information, pay rates, tax codes, sales tax rates, etc.

Preventive controls that should be implemented by a company include:

1) Access is restricted: Only authorized individuals should be able to access the master data on the network. Additionally, specific individuals should receive read, write, or edit access based on their role. Access should require login credentials (username and password).

2) Routine backup to network: Standing data should be stored on the network and included in the regular/routine backups the company would perform for any key information that the company maintains.

3) Track changes: Any changes made to standing data and master files should be tracked.

Detective controls that should be implemented by a company include:

1) Review of access rights: The appropriate manager of the business process should review the access rights to standing data sets and determine the appropriateness. Job roles change and as employees move laterally or horizontally through an organization, their access rights may need to change.

Controls over standing data are key controls that every company should have implemented in a business process. Other key controls include segregation of duties, account reconciliations, data entry input controls, data processing controls, spreadsheet controls, and supervisory controls.