Free ACCA & CIMA online courses from OpenTuition

Free Notes, Lectures, Tests and Forums for ACCA and CIMA exams

March 2025 ACCA Exams

Comments & Instant poll >>

20% off ACCA & CIMA Books

OpenTuition recommends the new interactive BPP books for June 2025 exams.
Get your discount code >>

Risks to data and Document and record retention policies

Free FIA FA1 Notes
Free FIA FA1 Notes
Click here to download

CAT FA1 Course Notes Contents Page

Risks to data

In large organisations, which typically can have thousands of transactions, it is very easy for

  • errors to be made
  • unauthorised transactions to take place
  • fraud to be carried out.

Additionally, after data has been successfully recorded it can be lost and this is perhaps an acute danger in computer-based accounting systems where it is very easy to overwrite or erase information.

Good control of all transactions is therefore necessary. ‘Internal control’ is the name given to the system used to control transactions. All transactions should be:

  • authorised
  • completely recorded
  • accurately recorded
  • safeguarded

An important part of internal control is known as the segregation of duties. This means that transactions are broken down into different stages with a different person being responsible for each stage. So in a purchase transaction, one person should order the goods, another receive and check them, and a third person should pay for them. Because several people are involved in the transaction it will be more difficult for unauthorised transaction to slip through and also each person to some extent checks up on what the previous one has done. For a fraudulent transaction to be processed would probably require collusion (co-operation) between all the parties, and this can be dangerous for the fraudster to organise.

Other types of controls include: signatures to authorise amounts, control totals to ensure all transactions have been processed and the use of sequential documents so check if any go astray.

Accounting data needs to be safeguarded:

If ledgers are maintained manually, then they should be locked each night in a fireproof safe.

If ledgers are computer-based then back-up copies should be taken regularly, ideally daily. Additionally, passwords should be used to prevent improper access to data and all systems should be equipped with virus checkers and firewalls to prevent improper access to data over the internet.

Document and record retention policies.

Documents and records should be kept for some time in order to:

  • Answer queries (for example, what were the sales over the last 4 years to a certain customer?).
  • Defend legal actions (for example, a customer alleges some years later that faulty goods had been supplied)
  • Comply with legislation (for example tax legislation in case an enquiry is launched by the tax authorities).

Typically documents have to be retained for around 5 – 10 years depending on local rules.

The documents do not have to be kept on the business premises and it is now becoming more common to scan the documents and keep computerised images rather than the originals  – which can be very bulky and expensive to store.

Reader Interactions

Leave a Reply