Electronic Recordkeeping Committee

Document Sample
Electronic Recordkeeping Committee Powered By Docstoc
					                Auditing & Electronic Records Test Considerations
                                                  (Revised on 5/9/01)
For Electronic Records (E-Forms) Practices




Synopsis -- a logical tool to address auditing and electronic record / e-form issues and
practices. The scope of the tool surrounds the "back-end," or Indexing, Storage /
Retention, and Retrieval.


1 -- Any E-Form (in general) ............................................................................................3
  1.1 For Availability of data ..............................................................................................3
  1.2 For Auditability of data .............................................................................................4
  1.3 For Integrity of data: (to include authenticity and completeness)...............................4
  1.4 For Control over data (to include confidentiality) ......................................................5
  1.5 Legal Aspects ............................................................................................................6
  1.6 Indexing, Storage & Retrieval. (for all types of Electronic Forms) ............................7
  1.7 For Programming & Change .....................................................................................8
Glossary ............................................................................................................................10




Audit and Electronic Records (E-Forms) Practices -- Release V1.7
                                                  Printed as of: 04/25/10 -- Page 1 of 17
                                   Auditing & Electronic Records Test Considerations
                                                                   (Revised on 5/9/01)
Introduction / Purpose
The objective of this document is to provide developers of electronic records (e-record) and e-forms with a logical tool to address auditing and
electronic record issues and practices. This tool is a good complement as part of one's "developer tool set." While not int ended to be a substitute for
legal advice, it does provide pertinent Test Considerations to review and work through while developing the "back-end" (indexing, storage, retention
and retrieval) of your e-record / e-form.

What's It Mean To You?
 Provides criteria needed to examine your information system for reliability and authenticity for e-records / e-forms.
 Helps identify the best way to achieve reliability with your e-record / e-form application.
 Assists in ensuring that your information system for e-records / e-forms are accountable to the state and citizens and that they create and maintain
  reliable and authentic information and records.
 Offers a catalyst for forging new working relationships between your: State Auditor representative (SAO), Information Services staff and
  agency's Records Officer.
 Provides a means to engage positive contributions.
 Provides a thorough, effective and practical set of questions and activities you may need to develop.
 Can help to answer what it takes to have a reliable e-records / e-forms information system.

How Do You Use This Tool?
Use this tool to look at technical and non-technical aspects of your e-record / e-form information system by reviewing the "Test Consideration"
questions. The tool is organized into subject categories that are of interest to the State Auditor's Office in looking at information technology systems.
Use this tool any time during the development of your e-record or e-form. The earlier during your e-record / e-form lifecycle that you consider these
Test Considerations, the better off you will be. The more "yes's" you have in place, the better off you are in ensuring you have a reliable e-records /
e-forms system.

What's within the scope of this tool? Back-end, Indexing, Storage / Retention, Retrieval
What is presently outside the scope and remains to be addressed? Development practices / tests (for Auditing & Electronic
Records)



Audit and Electronic Records (E-Forms) Practices -- Release V1.7
                                                                   Printed as of: 04/25/10 -- Page 2 of 17
                                     Auditing & Electronic Records Test Considerations
                                                                   (Revised on 5/9/01)


Feel free to contact your State Auditor if you would like more information or details. Better yet, why not consult them earl y on
in the process of your e-record / e-form application!

                                                                                      In Place?       Planned?
                  E-Form Test Considerations                                                                                     Mitigations
                                                                                     Yes     No      Yes     No

1 --    Any E-Form (in general)
        (includes moving from a paper process to an Electronic Form)
If:                                                                                                               Note: If SAO was interested in the
                                                                                                                  program in the past, they will likely be
    this information (or formerly paper process) application has been                                            interested in it now.
       audited in the past or
    it is a system that is a mission-critical e-form / application
then you will need to consider the following tests

1.1 For Availability of data
1.1.1   Who is responsible for the destruction of records?
1.1.2   Who can access metadata?
1.1.3   Have you considered having the application and Data files backed up and
        stored off-site?
1.1.4   Have the application and backed up data files been put through a
        restoration process?
1.1.5   If you have a "mission critical" application, then you will also have
        "Essential Records." These are records that are required to get your
        agency back and up running after a disaster. Do you have some way to
        recreate the application?
1.1.6   Can you ensure that the system / application has a backup system and that                                 4/1/01 --New material from Lead Attny for
        the backup is regularly and consistently performed?                                                       review

Audit and Electronic Records (E-Forms) Practices -- Release V1.7
                                                                   Printed as of: 04/25/10 -- Page 3 of 17
                                     Auditing & Electronic Records Test Considerations
                                                                   (Revised on 5/9/01)
                                                                                      In Place?       Planned?
                   E-Form Test Considerations                                                                                  Mitigations
                                                                                      Yes    No      Yes     No
1.1.7  Can you ensure that the system / application backup system is reliable
       (i.e., have you tested the backup)?
1.1.8A To what degree have you considered the ability to restore individual
       records without the need to do a full restoration?
1.1.8B How do you propose to go back to retrieve a document and make it
       readily available?

1.2 For Auditability of data
1.2.1   If, your e-form has approvals along the way, are you able to go back to
        the original receipts that support the document / object?
1.2.2   Does the system automatically assign unique consecutive numbers and
        time-date stamps to the individual units of storage media as they are
        written to for the first time to prevent the addition of false units or the
        removal of legitimate ones from the storage series?
1.2.3   Does the system automatically assign new identifiers to modified records?

1.3 For Integrity of data: (to include authenticity and
completeness)
1.3.1   If the data you started with is not the same data you have when your e-
        form is done, then are you able to explain and demonstrate reconciliation
        of where data changed?
1.3.2   Do you have a developed means by which this information can be
        reconciled to an independent source of information to show
        completeness?
1.3.3   Is the data safeguarded? (How?)                                                                           Some combination of process.

1.3.4   Plan for a way(s) in your e-form to be able to show there are no
        alterations to the content and data?
1.3.5   Can you demonstrate how you would show there are no missing records
        (test of completeness)?
Audit and Electronic Records (E-Forms) Practices -- Release V1.7
                                                                   Printed as of: 04/25/10 -- Page 4 of 17
                                     Auditing & Electronic Records Test Considerations
                                                                   (Revised on 5/9/01)
                                                                                      In Place?       Planned?
                   E-Form Test Considerations                                                                                   Mitigations
                                                                                     Yes     No      Yes     No
1.3.6   Do you have a description of how will the record be reproduced to meet
        the needs of internal and external secondary users? And, what are the
        reproductive formats?
1.3.7   Does the system automatically assign new identifiers to modified records
        to establish that each record is unique?
1.3.8   If the records are not individually authenticated, does the record series                                 (E.g., Approving batches of records or
        metadata include the name of title of the individual responsible for                                      header records.)
        validating or confirming the data within the record series and for
        confirming that the particular series was produced in accordance with
        standard procedures?

1.4 For Control over data (to include confidentiality)
1.4.1   Do you have built in controls into the e-form application that facilitates
        showing the auditor that he/she is looking at the whole universe of
        transactions?
1.4.2   What safeguards have you put in place to prevent fraud? (The Auditor
        will test for fraud.)
1.4.3   Have you applied design features in your E-Form that increases the
        probability of fraud and hacking detection?
1.4.4   Do you have a process / processes in place to authorize a new version of
        an e-form?
1.4.5   If the record was created in the course of business then are you able to
        identify the snapshot points or gates in which your e-form was "touched"
        by different hands?
1.4.6   If the agency relies on the document / object then is there a way to
        identify if it was prepared in a manner of preparation that is documented,
        explainable, and defensible? (Adequate internal controls on the process?)
1.4.7   Are there practices in place of how reuse of hardware, software and
        storage media is prevented?
1.4.8   What is the process of how information is purged from the system?
Audit and Electronic Records (E-Forms) Practices -- Release V1.7
                                                                   Printed as of: 04/25/10 -- Page 5 of 17
                                      Auditing & Electronic Records Test Considerations
                                                                    (Revised on 5/9/01)
                                                                                        In Place?       Planned?
                    E-Form Test Considerations                                                                                     Mitigations
                                                                                       Yes     No      Yes     No
1.4.9    Is there a process in place to ensure that no individual can make changes
         to the system without proper review and authorization?
1.4.10   Have you defined who (creator, current owner, system administrator, etc.)
         can grant access permission to an object after the object is created?
1.4.11   RE: External System Security -- for a record originating outside of the
         system, is the system capable of verifying their origin and integrity?
1.4.12   RE: External System Security -- for non-system records is there
         verification of the integrity or detection of errors in the transmission or
         informational content of record?
1.4.13   Have your System administrators established audit trails that are                                          Note: Additional clarification is needed on
         maintained separately and independently from the operating system?                                         this item.
1.4.14 Who can alter metadata? What is the process?
1.4.15 Who can delete metadata? What is the process?
1.4.16 Who can add metadata? What is the process?
1.4.17 Do you have established procedures and practices that synchronized and                                       This attribute also ties in with Indexing,
       managed the particular Shana E-Form template in parallel with:                                               Storage and Retrieval
        ASP language versions?
        Java language versions?

1.5 Legal Aspects
1.5.1    Do you have a plan for a way(s) in your e-form to be able to show that the
         document did come from the person it says it did?
1.5.2    Describe what are the minimal components necessary to provide evidence
         of the transaction? (If you went to court, what would be the minimum
         information you would need?)
1.5.3    Describe what information is necessary to interpret the contents of the
         document / object?


Audit and Electronic Records (E-Forms) Practices -- Release V1.7
                                                                     Printed as of: 04/25/10 -- Page 6 of 17
                                      Auditing & Electronic Records Test Considerations
                                                                    (Revised on 5/9/01)
                                                                                       In Place?       Planned?
                   E-Form Test Considerations                                                                                    Mitigations
                                                                                      Yes     No      Yes     No
1.5.4   Are you able to determine / define which record is the "original" e-record
        or e-form?
1.5.5   Are you able to determine / define which record(s) is / are the "duplicate"
        e-record(s) or e-form(s)?
1.5.6   Have you properly classified the e-record or e-form as an "official public                                 4/17/01 --Get clarification from Lead Attny
        document" or "nonpublic document?"                                                                         Is this aimed at making a distinction of a
                                                                                                                   discloseable record or archiveable
1.5.7   Have you determined / notified the records officer for the e-records or e-
        form?
1.5.8   Is an approved Records Retention Schedule [http://secstate.wa.gov/GS/]
        in place for the information being retained and disposed of, and an
        approved Disposition Authority Number (see Glossary) in place for the
        records which will be disposed of?

1.6 Indexing, Storage & Retrieval. (for all types of Electronic
      Forms)
1.6.1   For each transaction: have you considered at a minimum, the following
        Index attributes?
         Agency #
         /Unique ID # or UserID #
         / Date Save
         / Date to Dispose
         / Name
         / TID Template
         / Template Version
         / Data “blob” (XML)
         Or: Use your Agency’s existing Document Mgmt. System (e.g.,
            FileNET, Eastman, DoxSys)



Audit and Electronic Records (E-Forms) Practices -- Release V1.7
                                                                    Printed as of: 04/25/10 -- Page 7 of 17
                                     Auditing & Electronic Records Test Considerations
                                                                   (Revised on 5/9/01)
                                                                                      In Place?       Planned?
                  E-Form Test Considerations                                                                                    Mitigations
                                                                                     Yes     No      Yes     No
1.6.2  Establishing File Structures:
       Consider using Shana's Java framework, Form.ASP and then extend it
       yourself by developing a file structure within your server for each
       application. (E.g., App 1, App 2).
1.6.3 Storage of E-Form Template:
       Consider storing the Form.ASP template within each E-Form application.
       Using a URL can provide for accessing the template. Example:
       URL/TID/Form Name
Note: Consider measures to assure that if the URL is changed, than there will be
       a redirect to the new URL.
1.6.4 Storage of Data at Agency designated "Gates:"**                                                             **Capturing the document or data at the
       Have you identified all "Gate" areas where your E-Form is:                                                 right point in the process is the
        Relied on?                                                                                               responsibility of the agency.
        Changed (at the agency level)?

1.6.5   Consider storage of the completed E-Form with Data with the following:
         Pass data to Legacy system
         Save Form in Native format (to retain bus. Rules)
         Convert E-Form to image (GIF, PDF? TIFF)
         Write ASP for DB -- to trigger events for disposal dates
         Query DB via index attributes for Retrieval
         Or: Use your Agency’s existing Document Mgmt. System (e.g.,
            FileNET, Eastman, DoxSys)
1.6.4   Have you ensured proper storage on a durable medium of the "original"
        and any duplicates, including limited access, date and time stamp, etc.?
1.6.5   Retrieval:


1.7 For Programming & Change
1.7.1   What documentation can be maintained to show the auditor that the
        application development of the E-Form has been tested to ensure the
        output or processing is accurate?
Audit and Electronic Records (E-Forms) Practices -- Release V1.7
                                                                   Printed as of: 04/25/10 -- Page 8 of 17
                                     Auditing & Electronic Records Test Considerations
                                                                   (Revised on 5/9/01)
                                                                                      In Place?       Planned?
                  E-Form Test Considerations                                                                                    Mitigations
                                                                                     Yes     No      Yes     No
1.7.2   Is version control implemented? How?
1.7.3   Audit trails related to E-Forms design and control (transactions and                                      What version is / was used? Was there an
        changes) should be backed up periodically onto removable media to                                         approval process behind who authorized it
        ensure minimal data loss in case of system failure.                                                       and when it was put in service?
1.7.4   Is documentation maintained to show the different versions of E-Forms
        were approved before placed into operations?




Audit and Electronic Records (E-Forms) Practices -- Release V1.7
                                                                   Printed as of: 04/25/10 -- Page 9 of 17
             Auditing & Electronic Records Test Considerations
                                         (Revised on 5/9/01)




Glossary
Approved Media . . .                                               Media appropriate for storing objects or
                                                                   electronic records on which generally has a
                                                                   shelf life greater than 5 years and is a defacto
                                                                   or industry standard.
                                                                   The process of creating and transferring
Archiving . . .                                                    computer files or records (or a backup copy of
                                                                   computer files), for long-term storage. 2.
                                                                   Transferring records from a State Agency to
                                                                   the State Archivist.
                                                                   A record, or record series, which has been
Archival Record . . .                                              designated by the State Archivist to have
                                                                   historical administrative, fiscal, legal, intrinsic,
                                                                   evidential, or informational value. At the end
                                                                   of the Retention Period, such records should
                                                                   be transferred to the Archives for preservation.
                                                                   1. The non-current records of an organization
Archives . . .                                                     or institution preserved because of their
                                                                   continuing value. 2. The agency responsible
                                                                   for selecting, preserving, and making available
                                                                   archival records. 3. The building where
                                                                   archival materials are located; also referred to
                                                                   as an archival depository.
Audit Trail . . .                                                  A record showing who has accessed a
                                                                   computer system, or electronic record or e-
                                                                   form and what operations he or she has
                                                                   performed during a given period of time.

Authenticity . . .                                                 Authenticity is a function of an e-record's / e-
                                                                   form's preservations and is a measure of an e-
                                                                   record's / e-form's reliability over time.




Audit and Electronic Records (E-Forms) Practices -- Release V1.7
                                         Printed as of: 04/25/10 -- Page 10 of 17
             Auditing & Electronic Records Test Considerations
                                         (Revised on 5/9/01)

Glossary
                                                                   1. A process used to verify the integrity of
Authentication . . .                                               transmitted data, especially a message.
                                                                   2. The process of assuring that data has come
                                                                   from its claimed source by means of
                                                                   corroborating the claimed identity of a
                                                                   communicating party. In security systems,
                                                                   authentication is distinct from authorization,
                                                                   which is the process of giving individuals
                                                                   access to system objects based on their
                                                                   identity. Authentication ensures that the
                                                                   individual is who he or she claims to be, but
                                                                   says nothing about the access rights of the
                                                                   individual.

                                                                   The process of confirming an asserted identity
                                                                   with a specified, or understood, level of
                                                                   confidence. The mechanism can be based on
                                                                   something the user knows, such as a password,
                                                                   something the user possesses, such as a ‘smart
                                                                   card,‘ something intrinsic to the person, such
                                                                   as a fingerprint, or a combination of two or
                                                                   more of these.
                                                                   A substitute or alternative. The term backup
Backup . . .                                                       usually refers to a disk or tape that contains a
                                                                   copy of data.
                                                                   "Symbols, or representations, of facts or ideas
Data . . .                                                         that can be communicated, interpreted, or
                                                                   processed by manual or automated means."
                                                                   The actions taken with regard to records which
Disposition . . .                                                  have concluded their approved retention
                                                                   periods as determined by their appraisal
                                                                   pursuant to legislation, regulation, or
                                                                   administrative procedure. Actions include
                                                                   transfer to the Archives or destruction.
                                                                   The control number assigned to a records
Disposition Authority                                              series on a records retention schedule
Number (DAN) . . .                                                 approved by the State Records Committee
                                                                   authorizing disposition.
                                                                   1. Recorded information regardless of
Document . . .                                                     medium or characteristics. 2. A single item.
                                                                   The act or process of creating a physical object
Documentation . . .                                                or substantiating by recording actions and/or
                                                                   decisions.

Audit and Electronic Records (E-Forms) Practices -- Release V1.7
                                         Printed as of: 04/25/10 -- Page 11 of 17
             Auditing & Electronic Records Test Considerations
                                         (Revised on 5/9/01)

Glossary
                                                                   Storage device such as disk drives and tape
Durable Medium . . .                                               drives which provides longevity and durable
                                                                   storing and retrieval means (non-proprietary)
                                                                   A duplication of a document prepared
Duplicate Record . . .                                             simultaneously or separately, usually
                                                                   identified by function or by method of
                                                                   creation. (1) those produced for informational
                                                                   purposes can be destroyed when no longer
                                                                   needed; or (2) those having an administrative,
                                                                   legal, fiscal, or historical value indicating the
                                                                   need to schedule.
                                                                   1. An electronic form is any form generated or
Electronic Form (e-form)                                           stored on a computer through use of an e-form
...                                                                template. An electronic form may be a
                                                                   contract, a purchase order, a letter or some
                                                                   other type of document. An electronic form
                                                                   can also be an image such as a blueprint,
                                                                   survey plat, drawing or photograph.
                                                                   2. Recorded information that is recorded in a
                                                                   form that requires a computer or other
                                                                   machine to process it. Includes . . . Internet
                                                                   and intranet postings; numerical and textual
                                                                   spreadsheets and databases; electronic files;
                                                                   optical images; software; and information
                                                                   systems.
                                                                   A document, printed or otherwise produced,
Form . . .                                                         with pre-designated recording of specified
                                                                   information.
                                                                   A record created, generated, sent,
Electronic Record (e-                                              communicated, received, or stored by
record) . . .                                                      electronic means.




Audit and Electronic Records (E-Forms) Practices -- Release V1.7
                                         Printed as of: 04/25/10 -- Page 12 of 17
             Auditing & Electronic Records Test Considerations
                                         (Revised on 5/9/01)

Glossary
                                                                   An e-object can be any type of electronic
Electronic Object or                                               record including digitally signed financial
E-Object . . .                                                     transactions or documents. These objects in
                                                                   most cases must be retained to meet various
                                                                   requirements. Some examples of these
                                                                   requirements are:

                                                                    Public disclosure
                                                                     For additional information on public
                                                                     disclosure requirements, contact your
                                                                     agency communication officer.

                                                                    Audits
                                                                     For additional information on audit
                                                                     requirements, contact the Office of the
                                                                     State Auditor.

                                                                    Records retention
                                                                        For additional information on records
                                                                        retention requirements, contact your
                                                                        agency records management officer or the
                                                                        Office of the Secretary of State Archives
                                                                        and Records Management Division.
                                                                   Records which have been designated by a
Essential Record . . .                                             public agency officer as being essential to the
                                                                   office and needed in an emergency and for the
                                                                   reestablishment of normal operations after an
                                                                   emergency. The records are required for the
                                                                   continuity and preservation of civil
                                                                   government (RCW 40.10.010). A record
                                                                   containing information essential to re-establish
                                                                   or continue an organization in the event of a
                                                                   disaster. Essential Records comprise the
                                                                   records necessary to re-create the
                                                                   organization’s legal and financial status, and to
                                                                   determine the rights and obligations of
                                                                   employees, customers, stockholders, and
                                                                   citizens.
                                                                   An organized unit (folder, volume, etc.) of
File . . .                                                         documents grouped together either for current
                                                                   use or in the process of archival arrangement.



Audit and Electronic Records (E-Forms) Practices -- Release V1.7
                                         Printed as of: 04/25/10 -- Page 13 of 17
              Auditing & Electronic Records Test Considerations
                                         (Revised on 5/9/01)

Glossary
                                                                   A GIF (the original and preferred
GIF . . .                                                          pronunciation is JIF) is one of the two most
                                                                   common file format for graphic images on the
                                                                   World Wide Web. The other is the JPEG.
                                                                   On the Web and elsewhere on the Internet, the
                                                                   GIF has become a de facto standard form of
                                                                   image. The LZW compression algorithm used
                                                                   in the GIF format is owned by Unisys and
                                                                   companies that make products that exploit the
                                                                   algorithm (including the GIF format) need to
                                                                   license its use from Unisys. In practice, Unisys
                                                                   has not required users of GIF images to obtain
                                                                   a license, although their licensing statement
                                                                   indicates that it is a requirement. Unisys says
                                                                   that getting a license from them does not
                                                                   necessarily involve a fee.
                                                                   A patent-free replacement for the GIF, the
                                                                   Portable Network Graphics format, has been
                                                                   developed by an Internet committee and major
                                                                   browsers support it or soon will. Meanwhile,
                                                                   many GIF downloaders and Web site builders
                                                                   on the Web continue to be unaware of or
                                                                   indifferent to the requirement to get a license
                                                                   from Unisys for the use of their algorithm.
                                                                   A printout of data stored in a computer. It is
Hard Copy . . .                                                    considered hard because it exists physically on
                                                                   paper, whereas a soft copy exists only
                                                                   electronically
                                                                   In database design, a list of keys (or
Index . . .                                                        keywords), each of which identifies a unique
                                                                   record. Indices make it faster to find specific
                                                                   records and to sort records by the index field --
                                                                   that is, the field used to identify each record.
                                                                   (v) To create an index for a database, or to find
                                                                   records using an index.
Metadata . . .                                                     1. Data about data. 2. The description of the
                                                                   data resources, its characteristics, location,
                                                                   usage, and so on. Metadata is used to identify,
                                                                   describe and define user data.)
                                                                   The process of moving computer files from
Migration . . .                                                    one information system or medium to another.


Audit and Electronic Records (E-Forms) Practices -- Release V1.7
                                         Printed as of: 04/25/10 -- Page 14 of 17
             Auditing & Electronic Records Test Considerations
                                         (Revised on 5/9/01)

Glossary
                                                                   The file copy so designated to be kept to fulfill
Most Important Copy . . .                                          the retention and disposition instructions on a
                                                                   records retention schedule approved by the
                                                                   State Records Committee
                                                                   Documentary materials excluded from the
Non-record Material . . .                                          legal definition of records.
                                                                   Defined as:
Office Files and                                                    Public records not falling within the
Memoranda . . .                                                        Official Public Records definition and
                                                                       duplicate copies of Official Public Records
                                                                    General office files (correspondence,
                                                                       subject files, tracking and control records,
                                                                       and transitory records not of the executive
                                                                       level)
                                                                    Documents and reports made for the
                                                                       internal administration of the office, but
                                                                       not required by law to be filed or kept
                                                                       (non-administrative level policies and
                                                                       procedures, minutes, etc.)
                                                                    Other records so designated by the State
                                                                       Records Committee
                                                                   The original records regardless of media that
Official Public Record . . .                                       serve as primary documentation of:
                                                                    Financial transactions relating to the
                                                                       receipt, use and disposition of public
                                                                       property and funds (purchasing records,
                                                                       invoice vouchers, cash receipts, etc.)
                                                                    All agreements, contracts, and bonds
                                                                       (personal service contracts, escrow
                                                                       agreements, real property management,
                                                                       fidelity, surety, & performance type bonds,
                                                                       etc.)
                                                                    All claims filed by or against the State
                                                                       (case, litigation, grievance files, etc.)
                                                                    All records required to be filed as a result
                                                                       of a specific law (minutes of boards,
                                                                       commissions, or committees established by
                                                                       statute, executive level minutes, directives,
                                                                       policies and procedures, etc.)
                                                                   The initially created document as
Original Document . . .                                            distinguished from any copy thereof.



Audit and Electronic Records (E-Forms) Practices -- Release V1.7
                                         Printed as of: 04/25/10 -- Page 15 of 17
             Auditing & Electronic Records Test Considerations
                                         (Revised on 5/9/01)

Glossary
                                                                   PDF (Portable Document Format) is a file
PDF . . .                                                          format that has captured all the elements of a
                                                                   printed document as an electronic image that
                                                                   you can view, navigate, print, or forward to
                                                                   someone else. PDF files are created using
                                                                   Adobe Acrobat, Acrobat Capture, or similar
                                                                   products. To view and use PDF files, one
                                                                   needs the free Acrobat Reader, which needs to
                                                                   be downloaded and installed.
                                                                   A document created or received and
Record . . .                                                       maintained by an Agency, organization, or
                                                                   individual in pursuance of legal obligations or
                                                                   in the transaction of business.
                                                                   The individual appointed to manage and
Records Officer . . .                                              agency’s records management program as
                                                                   defined in RCW 40.14.040.
                                                                   A schedule which indicates the length of time
Records Retention                                                  each record series must be retained and
Schedule . . .                                                     authorizing its disposition as approved by the
                                                                   State Records Committee.
                                                                   Any group of related records which is filed
Records Series . . .                                               and used as a unit as outlined in the Records
                                                                   Retention Schedule.
                                                                   Reliability is the measure of a e-record’s / e-
Reliability . . .                                                  form's authority and is determined solely by
                                                                   the circumstances of its creation.
                                                                   The period of time that must elapse before a
Retention Period                                                   specific record is eligible for disposal or
                                                                   transfer in accord with approved retention
                                                                   schedules (WAC 434-610-070).
                                                                   Getting back or recovering an electronic
Retrieve / Retrieval . . .                                         record or object from on-line, near-line, or off-
                                                                   line storage.
                                                                   Composed of the archivist, an appointee of the
State Records Committee                                            state auditor, an appointee of the attorney
...                                                                general, and an appointee of the director of
                                                                   financial management. It shall be the duty of
                                                                   the records committee to approve, modify or
                                                                   disapprove the recommendations on retention
                                                                   schedules of all files of public records and to
                                                                   act upon requests to destroy any public records
                                                                   (RCW 40.14.050).


Audit and Electronic Records (E-Forms) Practices -- Release V1.7
                                         Printed as of: 04/25/10 -- Page 16 of 17
              Auditing & Electronic Records Test Considerations
                                         (Revised on 5/9/01)

Glossary
                                                                   To copy or move data from a central
Store . . .                                                        processing unit (CPU) to memory or from
                                                                   memory to a mass storage device. Storage can
                                                                   be on-line, near-line or off-line.
                                                                   An e-object may have up to three types of
(E-Object) Storage . . .                                           storage requirements:

                                                                      Operational Data - Accessible storage that
                                                                       meets the operational needs of the agency
                                                                       business unit.

                                                                      Operational Archive - This is the storage
                                                                       of the e-object when it is no longer needed
                                                                       to meet day-to-day business unit
                                                                       requirements.

                                                                       Deep Archive - This is the storage for e-
                                                                        objects that need to be retained for longer
                                                                        than six (6) years.
                                                                   A systematic and orderly approach to solving
System Development Life                                            business problems, and developing and
Cycle . . .                                                        supporting resulting e-record's / e-form's
                                                                   information systems. Typical phases of the
                                                                   system development life cycle include:
                                                                   Planning, Analysis, Design, Implementation /
                                                                   Deployment, and On-going Support.
                                                                   TIFF (Tag Image File Format) is a common
TIFF . . .                                                         format for exchanging raster graphics (bitmap)
                                                                   images between application programs,
                                                                   including those used for scanner images. A
                                                                   TIFF file can be identified as a file with a
                                                                   ".tiff" or ".tif" file name suffix.
                                                                   Abbreviation of Uniform Resource Locator,
URL . . .                                                          the global address of documents and other
                                                                   resources on the World Wide Web.




Audit and Electronic Records (E-Forms) Practices -- Release V1.7
                                         Printed as of: 04/25/10 -- Page 17 of 17