430 likes | 588 Vues
Inspection of Computerized Offices. Objectives. Correctness of implementation Effectiveness of computerized operations Preventive vigilance. General Environment. Whether all the computers are installed, configured and working with latest versions with patches
E N D
Objectives • Correctness of implementation • Effectiveness of computerized operations • Preventive vigilance
General Environment Whether all the computers are installed, configured and working with latest versions with patches Computers and peripherals supplied to the office are free from dust Whether the design of the counter is conducive for the counter PA and the customers. Whether computers can be pooled in one room Ensure by general observation that the consumables are not being wasted
Maintenance of Computers, Peripherals & Networking Equipment Whether network cables are numbered for easy recognition in case of failures Whether cables are connected firmly Whether computers are drawing power from UPS & load on UPS (no. of systems connected) Whether the UPS is giving adequate backup. If not, batteries of the UPS, may need a check. Ensure that only computers and peripherals are connected to the UPS and no other electrical gadgets are connected Whether computers and UPS are covered by maintenance contract Whether tool kit for first line of maintenance is available?
Whether history sheet is maintained for systems, printers & UPS Whether any parts are replaced & why Whether hard disk capacity of the computers needs to be increased Are there any non functional computers or peripherals? Take remedial action. Upgrade computers where necessary Take action for condemnation of machines that are beyond repair or have outlived their utility. Whether systems shifted frequently – reasons for the same
Operating System & Backup Whether licensed OS is installed and updated with latest service packs Whether original copies of OS & RDBMS software are in personal custody of Postmaster? Whether unnecessary programs like games etc. are installed – they have to be removed Whether files are well organized and unnecessary files are deleted Whether the data backup is available for the data bases of all modules Check capability for restoration of data if required.
Security Are the Postmaster, supervisors & operators aware of the security policy? Whether the tasks pertaining to computer operations are incorporated in the MDW of the operators & supervisors? Ensure that the Supervisor is capable of performing role independently contd..
Security Whether users enter user account for connecting to the network Whether each user is having individual user account Whether users leave their systems, after logging their user accounts Confirm that users are not allowed to logon to server
Security Whether administrator has set the security policy for password? Whether the users are disclosing their pass word to colleagues? Whether account lockout policy is in force? Whether the Servers are physically accessible to unauthorized users?
Security Whether all data CDs are under safe custody If any programming language application is installed, get it removed Ensure that only client portion of MS SQL server is loaded on the clients.
Security • Whether all computers (especially communication computer) are protected with anti-virus software and they are updated regularly • Whether officials are using communication computer for browsing personal email etc • Whether floppy and CD drives on the workstations are disabled?
Security Features in Applications … Access permissions Users can be made inactive when transferred/ shifted to another branch in the PO Users who are allocated job only can work in the applications Unauthorized modification not possible Log of users and transactions kept Database is password protected Contd…
… Security Features in Applications Work allocation based on the counter hours specified for each operator in the counter Shift reports can be printed only after the user has performed shift end Tariff rates/other limits can be configured by the supervisor only In the total computerisation environment, users cannot perform shift end till their accounts are submitted to the treasury
... Security Features in Applications Details of user login/logouts known to supervisor Log files of tariff and other revisions made by the Supervisor are available in administrator login Cancellation of transactions are permitted only in the client/server module and can be done only by the administrator
General Checks in Applications • Use of latest version & patches • Guidance on operational problems • Security environment • Training requirements & utilization of trained personnel for workplace training • Status of total computerization & utilization of all modules • Utilization of all functionalities available in applications
Point of Sale - Points to Check … • Whether MPCM counters actually function as multipurpose counters? • Whether bar code stickers and other consumables are near at hand and there is sufficient stock of these items • Examine the articles booked at random, especially the stamps pre paid articles.
Point of Sale - Points to Check … • What is the average number of transactions per machine daily? • Whether Point of Sale is integrated with Treasury? • Whether the SQL Server personal edition is installed in the client system where the Point of Sale module is being used – a security risk
Point of Sale - Points to Check … • System Administrator: Access “Tools – Supervisor Log Information” and view the log of changes made to tariff, weight etc., by the supervisor • Supervisor: Access “Work progress” and find out the number & types of transactions handled by each counter • Access the menu Tools – MIS – Log information and check the log patterns for the current day
Point of Sale - Points to Check … • Access the menu Reports – Other Reports – Work Allocation and examine the work allocation for the past one week • Select the menu Reports – User Account report for four dates at random and check whether the amount collected by the counter PAs are properly accounted for
Point of Sale - Points to Check … • Check the Shift reports of all users for four dates at random to see whether there are any cancelled transactions. If so, check whether both copies of the receipts are attached to the shift report • Whether there was any period during which the Point of Sale module was not used and the office resorted to manual booking of articles/ MOs? • Physical verification of stock of IPOs with IPO Module
Point of Sale - Points to Check • Whether the SO IPO sold and paid data are entered in the HO by one of the operators in Point of Sale and reports are generated • Access the Configure – Tariff revision menu and test check a few items to ensure that the rates available are latest • Access the Configure – Limits menu and check whether the limits are the latest ones
Despatch Module • Whether Due bags are configured and the despatch lists are being generated through Despatch Module? • Whether all articles booked through the POS are collected for despatch • Whether articles for despatch are being collected from the Postman module • Whether articles booked under special journals/BO’s are collected
Postman Module Security features: Treasurer cannot issue MO cash to postman unless supervisor transfers the concerned data In respect of VP data supervisor has to transfer it to POS module
Postman Module Points to check: Whether this module is working in isolation or linked to treasury Check the articles in deposit with reference to the Reports of articles in deposit and window deposit Check the Registered abstract for four dates at random, as generated by the Postman module
Postman Module • View the Performance report of delivery staff over a period and examine the efficiency of delivery(Menu: Reports – Registered articles/money orders/parcels – Performance Report) • Examine whether the office is taking the help of Enquiry menu available both for Supervisor and operator, in replying queries on disposal of articles
Sub Accounts Security Features Posting transit/advance, verifying remittance and adjusting transit/advance are to be attended by the Supervisor Only after the Supervisor verifies the Error entries marked by the PA they find entries in SO/BO Slip and till then SO/BO slip of such SOs/BOs cannot be printed eMO paid info of non eMO offices will get updated only after daily account for the date of payment is captured and total eMOs paid tallies with the payment info updated.
Sub Accounts Points to check On the date of visit check whether the balances as reported in the daily accounts are correctly entered. Test check on four dates, each in a separate month, printed reports of SO slips, transit figures, advance remittance figures & SO Summary. Ensure that the job of posting/ adjusting transit is actually performed by the Supervisor. Check whether there are any items unadjusted for long.
Treasury In the Supervisor module, check the work distribution of the treasurers and ensure that duties are correctly assigned. Check up the balance of cash/ stamp/ publications with reference to relevant reports. Check up whether the HO is generating HO summary using the application. With reference to the list of cheques in deposit check up whether all cheques are available
MO Compilation Check up whether up to date posting of MO issue/paid figures of HO/SOs are being made in the application and day-to-day agreement is taking place. Check up whether the application is being used for generating reports for returns. Check up whether the current progressive totals agree with the HO Cash book
SB Cash Check whether SB cash application is installed and being used. This is important because this application links totals of SB/SC transactions to the HO summary.
Accountant In the Pay module, check whether pay is being drawn for all categories of officials using the application Test check a few cases with reference to service book whether pay is correctly configured in the application Check whether allowances like DA are correctly configured for the current rate
Accountant In the main module, check whether the HO is generating HO cash book and cash account automatically Whether backup of database is taken after printing paybills and acquittance rolls Ensure that the software is used for schedules, bills other than pay bills, GPF accounts, income tax etc.
SpeedNet • Check the articles in deposit with reference to the relevant reports • Check whether the SPCC is using the application for all its activities • Check the abstract of selected dates as generated in the application to see whether it tallies • In the Supervisor’s module, check whether there it is possible to alter the opening balances of BNPL customers. This can be done by checking the Finish check box. When this is done the Opening balance menu itself will disappear preventing any corrections
SpeedNet • Verify the reports of customer bills of the BNPL customers as regards payments made by them and confirm whether payment is actually made and duly accounted for in the PO records • If there are any customers from whom bulk articles are received check the possibility of getting the data of the articles in excel format, which can quicken the process of handling of articles • Check the possibility of deferred data entry for BNPL receipts
eMO • Collect the information for the eMOs booked in the office from the point of sale module and confirm whether all the eMOs are correctly transmitted to the office of payment. Confirmation can be had from the eMO MIS • Confirm whether all the eMO’s received for payment are paid at the office without loss of time.
eMO • Whether the counter PAs are aware of the need for ensuring correctness of PIN Code and capture of full address of payee at the time of booking. Track a few eMOs booked by the office at random & check whether there have been any redirections on account of wrong PIN Code. • Check whether there are any bulk remitters and bulk payees in the jurisdiction of the PO who can be registered by the Divisional Administrator. Bulk remitters may be requested to provide data in soft copy in prescribed format, for booking
Sanchaya Post … • Ensure that the operators and Supervisors are not using the usernames – Counter, Super and person name BPRO. These are test users built into the applications when they are installed and normally known to all. • Examine whether there is a proper allocation of duties in the software, to counters/supervisors according to the branches allotted
Sanchaya Post … • Check whether the supervisor is capable of working in the application independently. If the supervisor is dependent on the operator, counsel the supervisor on the need to perform his work himself and the necessity of taking care of the password. • In the Supervisor’s menu check whether any transactions received from the operators are still pending. If so, for how long. Advise the concerned on the need to pass the transaction immediately. You can get the printouts of log books of supervisors and operators and make a comparison for this purpose
… Sanchaya Post • Check whether the instant counter facility provided in the application is being used in offices where there is such a facility. If not advise the supervisor to initialize instant counter service in the application • Check the interest rates for various applications, in the Supervisor module and ensure that they are correctly initialized
Sanchaya Post • Check whether the interest calculation/posting is being done through the application. If the office being inspected is a sub office, whether the interest posting is done for all the accounts with reference to the list received from HO • Observe whether the operators/supervisors are leaving their seat, even temporarily, after having logged in to the application; educate them on the utility of the tool Lock Screen in the application to take care of their security
… Sanchaya Post • If there are difficulties in operations explore for solutions from other offices. If similar problem is faced by other offices, take up the matter with the Sanchaya Post Help Desk for solution. • Check the stock of passbooks with reference to the report available in the application • Check whether the Supervisor has initialized the details of all certificates reported lost/stolen as reported from time to time
… Sanchaya Post • Check whether the SOSB work is also being carried out through the application. If so, check the Consolidated journal generated for a few dates with reference to the LOTs of SOs to see that the totals are correctly captured • Test check for a few dates, the printout of the Submit accounts generated in the SB Cash module and compare them with the totals of transactions as reported by the journals/lists in Sanchaya Post to ensure proper accounting
Sanchaya Post • Collect the prescribed number of passbooks and test check a few transaction items to see whether they are properly accounted for • If the data entry work is completed check whether the data entry module is disabled