Your Ask Joey ™ Answer

What are controls over standing data?

Standing data is data that is held in the system for long-term use and is not expected to change frequently (hence the term standing data). Another term for standing data is “master list” or “master data” Standing data can consist of customer information, product information, employee information, pay rates, tax codes, sales tax rates, etc.

Preventive controls that should be implemented by a company include:

1) Access is restricted: Only authorized individuals should be able to access the master data on the network. Additionally, specific individuals should receive read, write, or edit access based on their role. Access should require login credentials (username and password).

2) Routine backup to network: Standing data should be stored on the network and included in the regular/routine backups the company would perform for any key information that the company maintains.

3) Track changes: Any changes made to standing data and master files should be tracked.

Detective controls that should be implemented by a company include:

1) Review of access rights: The appropriate manager of the business process should review the access rights to standing data sets and determine the appropriateness. Job roles change and as employees move laterally or horizontally through an organization, their access rights may need to change.

Controls over standing data are key controls that every company should have implemented in a business process. Other key controls include segregation of duties, account reconciliationsdata entry input controls, data processing controls, spreadsheet controls, and supervisory controls.


Back To All Questions

You might also be interested in...

  • What are data processing controls?

    The BEC section of the CPA exam will test you on the key data processing controls. The purpose of processing controls is to verify that data was properly processed through the system. Processing controls will identify if the data was processed incorrectly. The company would have data entry input controls to verify data is inputted properly into the system, but then it would need data processing controls to maintain high integrity and quality in the data. The main data processing controls include: 1) Run-to-run totals (sum checks): Ensures that the cumulative totals of records from one data processing run to another are consistent. 2) Data matching: When the data across various sources is compared, does it all match or agree? For example, does the date on the PO agree to the date on the corresponding invoice? 3) Data sequence checks: If data is supposed to be in sequential order, is the sequence complete, or is data missing? For example, if there should be invoices numbered 1 through 10, are all 10 listed in the system data? Data processing controls are key controls that every company should have implemented in a business process. Other key controls include  segregation of duties, data entry input controls, controls over standing data, account reconciliation controls, spreadsheet controls and supervisory controls.

  • What are the types of data entry input controls?

    The BEC section of the CPA exam will test you on the key data entry input controls. Data entry input controls are preventive controls that a company should have in place for systems that collect data across various business processes. Data entry input controls help maintain high integrity and quality of the data entered into the system so that processes can be executed properly. Below is a list of the different types of data entry input controls: 1) Field check: So what is a field check? A field check determines what types of characters can be inputted into the field. The different types of characters include numbers, text, dates, symbols, etc. So if the field is for collecting a date, then a field check would only allow data that is in a valid date format to be entered into the field. If the data entered was a number or text, the field check would render the data entry as invalid. 2) Sign check: So what is a sign check? A sign check determines whether a field with numeric values should be positive or negative. For example, most fields that collect order quantity only allow a positive numerical entry. The customer wouldn’t want to have a negative order quantity, right? 3) Limit check: So what is a limit check? A limit check tests to make sure that the entered value does not exceed a predetermined value. For example, if the max value is 5, then a limit check would only accept a number entered that is 5 or lower. An easy way to remember a limit check is a speed limit. Assuming there is no minimum speed limit, you won’t be pulled over by the police if you drive at the speed limit or slower. 4) Range check: So what is a range check? A range check tests whether the entered amount falls between a predetermined lower and upper limit. So if the field requires an entered number to be between 5 and 15, then 10 would be considered valid while 24 would be invalid. A range check is different from a limit check in that a range check has a lower and upper limit, whereas a limit check only has an upper limit. An easy way to remember a range check is a minimum and maximum speed limit! 5) Size check: So what is a size check? A size check is used to ensure the data input will fit into the prescribed field. For example, if a password must have 6 characters or more, then the size check would make sure that the entered password is 6 characters or more! We have all been trying to create a new password and the system tells us our entered password isn’t enough characters! 6) Completeness check: So what is a completeness check? A completeness check is used to verify that all required data fields in a form have data entered. So if a form has 10 required fields, there must be data entered into all 10 fields. If one of the fields is missing data, then the form cannot be submitted. We have all been trying to fill out an online application and we got to submit and the form is rejected because we didn’t fill in a required field. Well, this is an example of a completeness check in action! 7) Validity check: So what is a validity check? A validity check is used to verify that the data entered into the field is listed in the company’s master file data. For example, if a customer enters a product ID or a discount code, the system will do a lookup to the company’s master file data to see if the product ID or discount code exist. If the data entered exists, then the system will register the entry as valid. If the data entered does not exist, then the system will register the entry as invalid. 8) Closed loop verification: So what is a closed loop verification check? A closed loop verification checks the accuracy of input data by using it to receive and display other relevant info. For example, if you enter a customer ID and the system brings up the name and address of the customer, then you should be able to verify the customer ID is correct by verifying the name of the customer. Data entry input controls are key controls that every company should have implemented in a business process. Other key controls include segregation of duties, account reconciliations, data and system processing controls, controls over standing data, spreadsheet controls, and supervisory controls.