OCGOV Home Living & Working Law & Justice Health & Human Care Doing Business Board of Supervisors Agency Directory Jobs Search
Orange Conty Auditor Controller
 
Quick Jump Menus
 
 
OC Home | Online Services | OC Links | OC Info | News | Contact | OC Directory | FAQs | Sitemap |
   
left top scan lines curve
Left bottom scan lines

AUDITOR-CONTROLLER NAVIGATION
AC Home Blue arrow down
Property Tax Accounting Blue arrow down
Departmental Information Blue arrow down
Financial Statements Blue arrow down
Accounting Manual Blue arrow down
County Budget Act Blue arrow down
County Financials Page Blue arrow down
Audits Blue arrow down
Your Property Taxes Blue arrow down
Related Links Blue arrow down
Auditor-Controller FAQs Blue arrow down
How To Contact Us Blue arrow down
Some pages are in Adobe
Acrobat PDF format
Download Adobe Now 		 
Home   >   Accounting Manual
Accounting Manual
Development of Financial Computer Systems
SUBJECT:

DEVELOPMENT OF FINANCIAL COMPUTER SYSTEMS
 NUMBER:

S.1.

DEPARTMENTS & DISTRICTS AFFECTED:

ALL AGENCIES, DEPARTMENTS, AND DISTRICTS GOVERNED BY THE BOARD OF SUPERVISORS

EFFECTIVE: 02/05
 
1.   POLICY
  At the beginning of a financial information system development, the owner of the system (County department) is required to (1) notify the Auditor-Controller and Internal Audit Department and (2) ensure adequate internal controls are present in the system.
 
   
1.1   Purpose
 
1.1.1  

Notifications
To prescribe the appropriate notifications when implementing a financial information system.
   
1.1.2   Internal Controls
To designate the responsibility for ensuring financial information systems include appropriate internal controls.
   
1.2   Authority
 
Board of Supervisor's Resolutions No. 82-162, dated February 2, 1982, and 85-337, dated March 12, 1985.
   
1.3   Definitions
 
1.3.1   Development
Creation of, purchase of, implementation of, substantial modification or changes to, or upgrade of a computer system.
   
1.3.2   Financial Information System
Any computer system which includes but is not necessarily limited to the recording and processing of fines, fees, invoices, collections, receivables, cost applications and other revenue or expenses.
   
1.3.3   Internal Controls
A process, effected by the management and other personnel of a department, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:
  • Safeguarding of assets.
  • Effectiveness and efficiency of operations.
  • Reliability of financial reporting.
  • Compliance with applicable laws, regulations, and contracts.
Internal controls should assist in ensuring that accurate data is produced, sensitive information is protected, the system is available and maintainable, and all operations are performed as directed by management.
   
1.3.4   Notification
A formal memo as prescribed, signed by the department head.
1.4   Forms
 
1.4.1   Required Memo for Notification of Financial System Development Projects. See (Exhibit I)
   
2.   PROCEDURES
 
   
2.1   Notification
 
Departments are required to notify the Auditor-Controller and the Internal Audit Department during the planning phase (at the beginning of the system development lifecycle) for a new or upgraded financial information system. First, the department will determine with the Auditor-Controller whether the new system or upgrade will interface with any of the Auditor-Controller's systems. Then, the department will send written notification as follows:
   
2.1.1   Financial Systems that DO Interface with any Auditor-Controller System
The department must: (1) contact the Auditor-Controller's Information Technology Division to help coordinate system requirements, design specifications and testing, and (2) notify the Internal Audit Department in writing, providing a brief description of the system to be implemented or upgraded including the project's scope and objectives, preliminary cost estimates, projected timelines, and internal control responsibility.
   
2.1.2   Financial Systems that DO NOT Interface with any Auditor-Controller System
The department must notify the Internal Audit Department in writing, providing a brief description of the system to be implemented or upgraded including the project's scope and objectives, preliminary cost estimates, projected timelines, and internal control responsibility.
   
2.1.3   Internal Audit Department Review
Upon notification from the Department, the Internal Audit Department will determine whether or not to review the new system or upgrade. Available audit resources and technical expertise will be considered. The Internal Audit Department will notify the department in writing whether or not a review will be performed. The review could include an on-site review of the system or a desk review of pertinent documents. After the Internal Audit Department's review is completed, they will issue a letter to the department describing the results of their review.
   
2.2   Controls
 
2.2.1   Departmental Responsibility for System Contols
Neither the Internal Audit Department or the Auditor-Controller have the resources or charter to provide project management or ensure all necessary controls are designed and embedded in the new system or upgrade.

The responsibility for designing and ensuring a financial information system has appropriate internal controls and that such controls are properly maintained, rests solely with the management of the department responsible for the financial information system. Internal controls for a financial information system should address, at a minimum, the following areas:

  • Information Security - The financial information system should ensure the logical use of I/T resources is restricted by adequate identification, authentication, and access controls that link users and resources with access rules.
  • Audit Trails - The financial information system should be designed so that documentation exists to follow a transaction from its initiation to its conclusion (and vice versa), as well as identify what changes have been made, when, and by whom.
  • Segregation of Duties - The financial information should have system controls that prevent the same user from authorizing, processing, recording/inputting, or reviewing/verifying/reconciling a transaction.
  • Documentation - The financial information system should include user procedure manuals, operations manuals, and training materials.
   
2.2.2   Internal Control Information Sources
Management should consider consulting professional/authoritative internal control sources for guidance, including:
  • County of Orange Accounting Manual Procedure S-2, Internal Control Systems
  • County of Orange Internal Audit Department
  • United States General Accounting Office (GAO) and related Financial Information Systems Control Audit Manual (FISCAM)
  • Information System Audit and Control Association (ISACA) and related Control Objectives for Business and Related Information Technology (CobIT)
   
 
Back to Top Up Arrow
 
PrivacyDotLegalDotADA © 1997 - 2004 All rights reserved
Living & Working | Health & Human Care | Law & Justice | Doing Business
OC Home | Board of Supervisors | Agency Directory | Online Services | OC Info | OC Links | News | Contact | OC Directory | FAQs | Sitemap