Territory Stories

February 2008 report to the Legislative Assembly

Details:

Title

February 2008 report to the Legislative Assembly

Collection

Report to the Legislative Assembly; Reports; PublicationNT

Date

2008

Description

Made available via the Publications (Legal Deposit) Act 2004 (NT).

Notes

Date:2008-02

Language

English

Subject

Northern Territory. Auditor-General's Office -- Periodicals; Finance, Public -- Northern Territory -- Accounting -- Periodicals; Northern Territory -- Appropriations and expenditures -- Periodicals

Publisher name

Northern Territory Auditor-General's Office

Place of publication

Darwin

ISSN

1323-7128

Copyright owner

Check within Publication or with content Publisher.

Parent handle

https://hdl.handle.net/10070/223559

Citation address

https://hdl.handle.net/10070/686148

Page content

62 Auditor-General for the Northern Territory February 2008 Report Department of Health and Community Services cont Improvement in segregation of duties, including leveraging off the functionality of the newly implemented Ascribe system The audit observed that there are areas for improvement in segregation of duties, including leveraging off the functionality of the newly implemented Ascribe system. Inspection of the Ascribe System User Report found that: 60 of the 73 active accounts had the ability to both order and receive goods; 51 of the 73 active system accounts had level 8 access to the stock module. This allows users to update the approved customer list used for requisitions, update drug file minimum stock levels and update supplier details; and 60 of 73 active accounts had a level of access that allowed them to authorise purchase orders. It is acknowledged that the newer version of Ascribe (v9) provides greater system security and segregation of duties functionality. A lack of segregation of duties increases the risk that individuals could process inappropriate or fraudulent transactions in Ascribe and result in a breach of regulatory requirements. If an excessive number of users have the ability to update master file type details, there is a risk that details could be inappropriately altered in the system. The audit recommended to the agency that incompatible and sensitive functions within the Pharmacy department be identified, documented and appropriately addressed (e.g. compiling a segregation of duties matrix). Ascribe system access settings should be utilised to enforce these segregation of duties where possible. Where it is not practical to implement all segregation of duties controls at smaller sites, it is recommended that at least basic segregation of duties controls be implemented (including segregating ordering and receiving) and appropriate manual or IT compensating controls address the other main risks.