  Point of focus — Maintains quality throughout processing

               Information systems produce information that is timely, current, accurate, complete, accessible,
               protected, and verifiable and retained. Information is reviewed to assess its relevance in supporting
               the internal control components.

               Information quality is necessary to maintain an effective system of internal control. Erroneous or
               missing data, and the information derived from such data, could adversely affect management
               decision making.

               The framework provides the following characteristics of quality information:
               –  Accessible — Information is easily obtained by users who need it. The users know what types of
                   information is available and where it is located. For example, an employee would know where and
                   how to access information concerning insurance coverage.
               –  Correct — The underlying data is accurate and complete. Information systems include
                   authentication controls to help ensure accuracy and completeness of information, including
                   exception-resolution procedures. For example, the owner-manager might decide to increase a
                   customer’s credit limit if the current amount of the credit sale added to the current balance
                   exceeds the current credit limit. This decision would be based on certain assumptions regarding
                   the historical and current accounts receivable data — that the current balance is correct, the
                   current amount of the credit limit is correct, and the customer’s payment history is accurate and
                   complete.
               –  Current — The data is from current sources and is gathered at the frequency needed.

                   For example, an entity would prepare monthly financial statements (frequency) using the current
                   month’s adjusted general ledger account balances.

               –  Protected — Access to sensitive information is restricted to authorized personnel.

                   For example, an entity that is a medical office often requires security codes to restrict access to
                   patient health information in order to comply with HIPAA requirements.

               –  Retained — Information is available for a certain time period to facilitate inquiries and inspections
                   by external parties.

                   For example, a retail store has a policy that it will permit customers to return items and receive
                   store credit for any return within two years of the original sales date. The entity would need to
                   retain detailed customer sales records for at least two years in order to provide assurance of
                   compliance with this policy.

               –  Sufficient — There is sufficient information at the degree of detail relevant to information
                   requirements.

                   For example, in variance analysis of sales at an entity that has five local retail locations, it might
                   be beneficial to isolate variances by store or by department within each store or by salesperson
                   within each store. It is important that the data is available to generate these detailed reports.








            © 2020 Association of International Certified Professional Accountants. All rights reserved.    6-6