JUZGADO LOCAL CIVIL DE PUERTO CABEZAS ... - Poder Judicial

Electronic Records and Computer-Assisted AuditingAccess authorization or securitycodesUnalterable date-stamping of transactionsand transaction filesSystem and data access logsData alteration logs and preservationof original unaltered data recordRejected transaction or transmissionprocedures and logsRegular review of access alterationand rejection logs or trailsArchival retention of electronicrecords for the statutory periodPreservation and security of dataintegrity of archival records for thestatutory periodStorage of historical transactionsummary and control total reports,and related informationThird-party documentation thatsupports electronic transactions,(including but not limited to auditreports, bills of lading, exemptioncertificates, acknowledgments ofreceipt, payment vouchers, contracts,trading-partner agreements)Existence of a formal security policyor applicable procedures manualWill the department analyze thesystems integrity of electronicrecords including EDItransmissions?In an audit of electronic records thatincludes electronic data interchange(EDI) transactions, we may analyzeyour EDI and business transactionsystems. This allows us to verify thatthe system components impacting theproper application of tax are valid. Ouranalysis will tell ushow and what data flows through thesystem;what files are used;what reports are generated;what manual processes relate to thedata flows; andwhat internal controls are present.Most electronic accounting systems arenot completely EDI, and will includesome paper-based transactions.Changes in business operations,especially acquisitions and mergers ofentities already engaged in EDI, andchanges in accounting and computersystems, could affect existing EDIgeneral controls. It is important to keepsystem documentation up to date.Will any other systems beanalyzed?We may examine, through a systemintegrity audit (SIA), the system andsubsystem that implements the EDIprocess.What is the purpose of an SIA?The purpose of an SIA is to help usattain an acceptable level of confidencein the EDI system. For any tax audit,both the taxpayer and the departmentneed to agree that the data examined isan accurate and complete record of thetransactions that occurred. Many of thedocument controls, which provided adesired level of confidence for atraditional form of record keeping, maynot be available in an EDI environment.We will, on an audit by audit basis,determine whether to conduct the SIA.The results of an SIA could reduce theoverall scope of the tax audit.What will the department needto know in order to establishconfidence in our EDI system?We will need to know the answers tothe following questions:Are there policies and procedures inplace that govern the system andsubsystem processes and implementcontrols?Are the controls subject to manipulation,and if so, to what degree?Can individual transactions betraced?Are translation software controlprocedures in place?Does the information generated bythe system tie to the financial statements,or similar reports?Are relevant system audit reports(e.g., internal, third party) available forreview?If, while conducting the SIA, we attainan acceptable level of confidence, wemay stop the SIA at that point.Who conducts and pays for theSIA?An SIA can be conducted bythe department,you, the taxpayer, ora third party.If we perform the SIA, we will pay forthe cost and will provide you with anywork products or opinions, that aregenerated as a result of the SIA.If we agree, you or a third party mayconduct the SIA. Generally, you will payfor the cost of an SIA performed by youor a third party.What methods are used toverify the effectiveness ofinternal controls and EDItransactions?Various methods, including computerassistedaudit techniques or traditionalmanual techniques, may be used toverify the effectiveness of internalcontrols and EDI transactions. Thesemethods may include:Transaction recording proceduresIndividual and batch transaction-leveltestingRandom transactions testingTransaction flow analysisPre and post translator testingWhat records and data aboutdetermining correct tax liabilitycan I expect the department torequest?We will request only records and datathat are relevant to the audit.We will ensure the transaction data ismaterial to the audit and is usedproperly. We will take into account thenature of transactions and the ease withwhich data can be accessed andanalyzed. The scope of the examinationand the extent of detailed review willdepend on how confident we are in yoursystem’s internal controls.Ifyou do not understand a request, wewill explain what type of informationwe need and why.the information is not available in theform requested, you should supplyequivalent information.Page 2 of 4PUB-107 (N-12/98)