February 2008 report to the Legislative Assembly
Report to the Legislative Assembly; Reports; PublicationNT
Made available via the Publications (Legal Deposit) Act 2004 (NT).
Northern Territory. Auditor-General's Office -- Periodicals; Finance, Public -- Northern Territory -- Accounting -- Periodicals; Northern Territory -- Appropriations and expenditures -- Periodicals
Northern Territory Auditor-General's Office
Check within Publication or with content Publisher.
68 Auditor-General for the Northern Territory February 2008 Report Department of Health and Community Services cont The agency identified the following mitigating controls / factors: QANTEL must be installed on the users PC before users can access the application; Network passwords must be changed at regular intervals (and users must access the network prior to accessing QANTEL); Only Datagaard can create/modify/remove user accounts; Monthly analytical review/perusal of inventory records to identify and follow up potential anomalies; and Cost centre owner monthly management accounting activities. No segregation of duties The audit identified that there is no segregation of duties between the role of purchase order entry and the role of receiving stock in the dental stock control area in Darwin. If purchase order entry and receiving roles are not segregated there is an increased risk that an individual could inappropriately acquire stock (e.g. facilitated via the creation of fictitious receiving reports). It was recommended to Agency management that where possible, it should consider segregating the purchase order and receiving roles for dental stock control. Segregation of functions within QANTEL should be system enforced via appropriate access profiling (regarding dental stock control). Where it is not practical to implement all segregation of duties controls (e.g. at smaller sites), it was recommended that at least basic segregation of duties controls be implemented (including segregating ordering and receiving) and appropriate compensating controls address the other main risks. Examples of compensating controls may include: Independent review of goods received in the system to physical inventory; and Management review of stock variances at the product or departmental level. It should be noted that the main compensating controls rely on the knowledge of one key person (Procurement and Inventory Manager) and should this person become unavailable to perform these functions, further consideration will be required to address the issues raised by the audit.