IT application controls are part of an internal control principle that is defined by accounting and auditing and helps an organization to operate in an effective and efficient way and fulfill compliance guidelines, law regulations and policies. In a more broader concept internal controls means to manage and control the risks that an organization has to face. Most internal control frameworks differentiate between IT application controls and IT general controls like It-security, authorizations, change management, testing processes.
IT application controls are preventive or detective controls within information processing. These can be further divided into:
- Edit checks to validate data entry
- Accounting for transactions in numerical sequences
- Comparing file totals with control accounts.
This Log Table routine can be helpful for interface implementations in accounting and can be classified as a data entry validation IT application control. In a case of periodical and recurrent processing the user should not be able to process the same data twice. This control should avoid the risk for dublicate processing that would lead to deviations and eventually to financial statement errors if not noticed and corrected in time.
A simple program solution to this problem could be to create a log table record of each produtive run that contains information about the last program execution like timestamp, userinformation, programname.
Before the produtive run this log table needs to be validated if the data entered was already processed before.
If that’s the case the user should not be able to process the data again. (dublicate processing). The message type ‚E‘ Error prevents that the user is able to process the program further.
For practical reasons (case of error handling, maintenance) it is recommended to create a table view (SM30) on this table to be able to remove an entry manually without customizing demand.