Application Protection - Part III

FCPA control measures for an adequate system of internal accounting controls include maintaining appropriate segregation of duties, allowing only authorized transaction execution, controlling access to assets, and reconciling documented assets to actual assets regularly. Completeness, accuracy, authorization, and accessibility are considered key internal accounting information protection controls that fulfill FCPA legal requirements. These control measures most often interact with — or are deployed through — IT financial applications, thus justifying information security management’s involvement in assessing compliance with the FCPA.

To dispatch FCPA information reliability requirements, an information security manager should identify, understand, test, and document internal accounting security controls for information assets. Essentially, an information security manager should assume responsibility for assessing financial applications for FCPA safeguarding compliance. Technically, application safeguarding controls should be present during input, processing, and output. IT procedures are expected to provide information protection throughout the life cycle of earmarked FCPA financial application systems. Key internal accounting controls can be mapped to information security confidentiality, integrity, and availability control measures. For instance, information security application accuracy controls include input edit and validation routines that ensure information integrity.

“View Part I of the Application Protection series here“