Contributed August 22, 2001 by Keith_Pierce@hesc.com 

ELECTRONIC FUNDS TRANSFER - INTERNAL CONTROL CHECKLIST


CONTROL OBJECTIVE 1: To ensure that the EFT terminal is physically secure,
and its use is restricted to authorized persons and functions. 


Physical Security

1. Is the terminal located in secure premises?

2. Is the terminal kept locked when not in use?

3. Is the terminal accessible by authorized persons only?

4. Is there adequate management supervision over the terminal?



Logical Access Control

5. Does the system use physical tokens to control access?

6. Are there satisfactory controls over the receipt, storage and issue of 
physical tokens?

7. Does the system validate all users as authorized?

8. Does the system validate all users as authorized for specific functions?

9. Is the ability to establish a session path restricted to authorized 
persons?

10. Does the system record by whom the session path/logon is established?

11. Does the system provide a record of all attempts to work outside 
authorized functions?

12. Is this record scrutinized by management?

13. Does the system provide a record of all password/ logon violations?

14. Is this record scrutinized by management?

15. Where passwords/PINs are used, are they changed on a regular and 
frequent basis?

16. Are staff made aware of the importance of keeping passwords
confidential and secure? 



System Maintenance Procedures

17. Is the System Manager a suitably senior and independent officer?

18. Are all sensitive functions, such as setting up new users or 
changing authority levels performed under dual control?

19. Are all changes to user/functions properly authorized?

20. Does the system report all accesses by the SM?

21. Are all accesses by the SM supported by properly authorized requests?

22. Are all accesses by the SM scrutinized by management?

23. Is a list of authorized users/functions available?

24. Has this been approved by management?

25. Are there controls to ensure that all staff leaving the EFT section 
have their access rights revoked at once?



CONTROL OBJECTIVE 2: To ensure that there is a satisfactory division of 
responsibilities surrounding the system.

1. Is a current list of authorized users and their allocated functions
available? 

2. Is the allocation of functions designed to establish a good division of
responsibilities? 

3. Does the system enforce a division of duties between:

        - Input and verification?
        - Input/verification and authorization?

        - Input/verification and collection of output? (Logs etc.)




CONTROL OBJECTIVE 3: To ensure that all messages are properly authorized.

1. On establishing the session does the system validate the terminal ID? 

2. Does the system require the use of a secure key to validate (company
name) as an authorized user? 

3. Before transmission, does the system ensure that all messages are
authorized? 

4. Does the system prevent transmission of unauthorized messages?

5. Does the system validate the user as being authorized to transmit the
message type in question? 

6. Are there procedures for reporting unauthorized messages at transmission
time? 

7. Are all input documents checked for proper authorization by the
originator? 

8. Are there controls to ensure that extensions to the daily/individual 
value limit for messages are property authorized?




CONTROL OBJECTIVE 4: To ensure that all messages are validated.

1. Are all messages sent in a standard format? 

2. Is alteration to the standard format prohibited? 

3. Does the system ensure that all validated fields are entered? 

4. Does the system ensure that all fields are entered in the required
format? 

5. Does the system highlight/report amounts outside of expected range? 

6. Are there controls to ensure that no values beyond the expected limits

are accepted? 

7. Are there controls to ensure that the total value of messages is within
an agreed (daily) limit? 

8. Does the system provide acknowledgement of satisfactory validation of
transmitted messages? 




CONTROL OBJECTIVE 5: To ensure that all messages are input accurately and 
are transmitted without alteration.

1. When messages are input are they re-keyed/proved?

2. Are all messages checked to originating documents by the authorizing
officer? 

3. Are the originating documents appropriately endorsed at time of input
and authorization? 

4. Does the system enforce re-input and proving of any differences? 

5. Are there written procedures for handling errors?

6. Is an input register maintained? 

7. Does the system generate control totals for number and value of
messages input? 

8. Are these checked against input records? 

9. Does the system provide a report of all accepted and rejected messages
with appropriate control totals? 

10.  Are these checked against input records? 

11. Are there written procedures for dealing with rejects? 

12. Does the system generate any check-sums etc.? 

13. Does the systems generate a MAC? 

14. Does the communications protocol use any error detection/correction
techniques? 




CONTROL OBJECTIVE 6- To ensure that all messages are delivered completely 
and are fully accounted for.

1. Are unbroken sequential serial numbers assigned to each massage? 

2. Are they recorded on input documents/register? 

3. Does management scrutinize these for any interruptions? 

4. Is a permanent record kept of all transmitted messages? 

5. Is this checked against a record of all accepted/rejected messages? 

6. Is it possible to retrieve individual message data? 

7. Is an audit trail produced of all input messages which records: 

a unique message reference number?
date and time of input?
by whom input verified/authorized
who established session path? 
date and time of transmission? 
whether message accepted/rejected? 
details of message contents ?

8. Is the audit log delivered to someone independent of input function?

9. Is the audit log accessible by authorized persons only?

10. Is the audit log scrutinized by management? 

11. Is there a regular reconciliation between transmitted messages and 
bank statements?

12. Are all input messages notified to their originators after acceptance? 





CONTROL OBJECTIVE 7: To ensure that the system offers adequate provision 
for controlled recovery in the event of a system failure.


1. If there is an interruption during transmission, does the system
provide a record of accepted messages? 

2. Are there written procedures for the re-transmission of non-accepted
messages? 

3. Is an incident log kept of all interruptions to normal processing? 

4. In the event of a hardware failure can processing be switched to an
alternative terminal? 

5. Are there written procedures for this? 

6. Can processing revert to an alternative system or manual system? 

7. Are there written procedures for this? 

8. Are there controls to prevent duplication of messages following system
recovery? 

9. In the event of line failure, is processing switched to other
communications media? 
 



CONTROL OBJECTIVE 8: To ensure the confidentiality and security of 
messages in transit and message details held on local computer media.

1. Are all messages transmissions encrypted?

2. Are all messages received encrypted? 

3. Are log file details on the hard disk encrypted? 

4. Are other history files encrypted? 

5. Does the local terminal allow dial-in? 

CONTROL OBJECTIVE 9: To ensure that the EDT service is covered by an 
appropriate written legal agreement.

1. Is a written, signed legal agreement in force for the EFT service? 

2. Has this agreement been reviewed and approved by the Group legal
department? 

3. Does the Agreement define what constitutes an authorized message? 

4. Does the agreement specify the accounts to which/from which transfers
may be made?