Para 3.22.41 — MSO (Audit)

MSO (Audit)mso-audit

3.22.41 These controls are meant to ensure that the computer and computer files are safeguarded from unauthorised access, loss or theft. Controls relating to reception, conversion and processing of data and distribution of the final output promote the completeness and reliability of these operations and safeguard against the unauthorised processing of data or programmes. File controls and procedures adequately safeguard files and software against loss, misuse, theft, damage, unauthorised disclosure and accidental or deliberate corruption. As the computer provides a means of holding, assessing and amending information, it is imperative that its use is controlled. There
should be a definite schedule of work that is authorised to run on it and restrictions should be placed on the number and type of staff allowed access to it. Computer files are also records of an organisation that require to be properly safeguarded.
# Change Management Controls

What This Means

Operation and file controls protect computer hardware and data files from unauthorised access, loss, or theft. These controls ensure that data reception, conversion, processing, and output distribution are complete and reliable. There should be an authorised work schedule for the computer, restrictions on who can access it, and proper safeguards for all computer files, which are official records of the organisation.

This explanation was generated with AI assistance for educational purposes. Always refer to the official gazette notification for authoritative text.

Key Points

1Computer files must be safeguarded against loss, misuse, theft, damage, and unauthorised disclosure
2A definite schedule of authorised work should govern what runs on the computer
3Restrictions must be placed on the number and type of staff allowed access
4Controls over data reception, conversion, processing, and output distribution ensure completeness and reliability
5Computer files are official records of the organisation and require proper safeguarding

Practical Example

In a district treasury office, the computer running the treasury accounting system has a daily operations schedule: payroll processing runs at 9 AM, receipt entries from 10 AM to 4 PM, and batch reconciliation at 5 PM. Only the designated operator and supervisor have access to the computer room. All data files are backed up to external media at the end of each day and locked in a fireproof cabinet.

This explanation was generated with AI assistance for educational purposes. Always refer to the official gazette notification for authoritative text.

Frequently Asked Questions

Why do computer files need the same level of protection as physical records?▼

Computer files are official records of the organisation containing financial data, personnel information, and other sensitive details. Unauthorised modification or loss of these files could lead to incorrect financial statements, fraud, or inability to reconstruct important records.

What kind of restrictions should be placed on computer access?▼

Only staff who need the computer for their authorised duties should have access. The number and type of personnel permitted should be defined, and a work schedule should specify what tasks are authorised to run on the system.

This explanation was generated with AI assistance for educational purposes. Always refer to the official gazette notification for authoritative text.

Para 3.22.41 — MSO (Audit)

Original Rule Text

What This Means

Key Points

Practical Example

Frequently Asked Questions

Related Rules