Menu
Chapters
Events
Search
Membership
2024-25 Membership Challenge
Area 8
Area 7
Area 6
Area 5
Area 4
Area 3
Area 2
Area 1
Member Benefits
Membership Types
Group Membership
Join or Renew
Professors/Higher Education
Students
Young Professionals
Give the Gift of Membership
Membership FAQ
About AGA
Awards & Scholarships
Chapters
My CPE
Job Board
Join AGA
My AGA
Advance. Grow. Accelerate.
Search for:
Membership
Member Benefits
Membership Types
Group Membership
Join or Renew
Professors/Higher Education
Students
Young Professionals
Give the Gift of Membership
Membership FAQ
CGFM Certification
CGFM Promo
Candidates
My Path to CGFM
CGFM Process
Preparing for Exams
Scheduling Your Exams
Work Verification Form
Candidate FAQ
CGFMs
My CGFM
Digital Badge
CGFM Frame
Maintaining Certification
CPE Requirements
Renew
CGFM Month
CGFM Military
CGFM FAQ
Employers
Verify CGFM Status
Schedule Group CGFM Training
Apply
The CGFM Process
Maintaining Your CGFM
Verify CGFM Status
National Events
Performance Counts Summit (FREE for Everyone)
ERM Workshop
Professional Development Training
Internal Control & Fraud Prevention Training
Technology & Transformation Summit
National Leadership Training
Datathon
NextWave Federal Finance Leadership Program
AGA Smart Start: Free Breakfast Seminar
Continuing Education
Webinars
CGFM Self-Paced Courses
Budgeting Training
CGFM Live Courses
Federal Self-Paced Courses
On-Site or Virtual Group Training
Research & Publications
Journal of Government Financial Management
Publication Library
Pandemic Program Management and Oversight Series
Standards & Guidance
Citizen-Centric Reporting
Certificate of Excellence in Accountability Reporting
Harold Steinberg Award
Financial Management Standards Board
Recent Guidance
2021 CARES Act Spending Survey
Tools & Resources
Accountability Talks Podcast
intergov
Cybersecurity Hub
ERM Hub
Focus on Ethics
Fraud Prevention Tool
Corporate Partners
About the Corporate Partner Advisory Group (CPAG)
CPAG Benefits
CPAG Calendar
CPAG Committees
CPAG Members
Research Sponsorship
Advertisers & Sponsors
Tools & Resources
Internal Controls — Information Systems & Technology
IT policies, procedures, and definitions are clearly communicated.
Organizational structure, policies and procedures are clearly defined and communicated.
Systems changes are authorized and approved.
Master files are monitored for integrity.
Verifying accuracy of output.
Proper design and use of information system documents and records are maintained.
Access to and use of the information system, assets and records are reasonable and restricted to authorized individuals.
Segregation of duties exists in functions related to the information systems.
Transactions and activities related to the information systems are properly authorized.
Performance of information system functions is independently verified.
All staff are trained on cybersecurity awareness and best practices.
System users are granted only the access needed to perform their duties.
Control may be superficial, inconsistently followed or subject to override or circumvention.
Opportunities to perpetrate and conceal fraud may exist if personnel have direct or indirect access to assets, or if any user has too much access to systems or information.
Personnel may not fully understand users' needs or the accounting aspects of the systems; systems may be developed that perform improper calculation, prepare erroneous reports or cause other processing errors.
Systems may be designed with inadequate control in the application programs.
User control may be incomplete or ineffectual as a result of poor knowledge of the system and the processing functions performed by the application programs.
Unauthorized persons may obtain detailed knowledge of applications and use that knowledge to perpetrate irregularities.
Personnel may make systems changes that do not conform to users' needs, resulting in processing errors.
Unauthorized program modifications may be implemented to perpetrate and conceal fraud.
Master files may contain erroneous data that cause errors in all transactions using those data.
Master file data may be altered to allow the processing of fraudulent transactions.
Master file data may be altered prior to the preparation of statements or confirmation.
Unauthorized or fraudulent transactions introduced during processing may not be detected.
Employees are susceptible to spam and phishing attacks, and/or password hacking.
Explore Related
Fraud Risks