In an EDP environment, an entity will establish an organizational structure and procedures to manage the EDP activities. Characteristics of an EDP organizational structure include:
Concentration of functions and Knowledge-although most systems employing EDP methods will include certain manual operations, generally the number of persons involved in the processing of financial information is significantly reduced. Furthermore, certain data processing personnel may be the only ones with a detailed knowledge of the interrelationship between the source of data, how it is processed and distribution and use of the output. It is also likely that they are aware of any inte4rnal control weaknesses and, therefore, may be in a position to alter programs or data while stored or during processing. Moreover, many conventional controls based on adequate segregation of incompatible functions may not exist, or in the absence of access and other controls, may be less effective.
Concentration of programs and data – Transactions and master file data are often concentrated, usually in machine-readable form, either in one computer installation located centrally or in a number of installations distributed throughout an entity. Computer programs, which provide the ability to obtain access to and alter such data are likely to be stored at the same location as the data. Therefore, in the absence of appropriate controls, there is an increased potential for unauthorized access to, and alteration