File Maintenance

Most credit union data processing systems can generate a File Maintenance Report. This report captures non-financial changes performed manually on the computer system.

This report may also be referred to as Data Change Report, Non-Financial Transaction Report, or Audit Trail. Manual changes might include member name, address, loan due date, and interest rate changes

Examiners can review file maintenance reports to determine if any unusual changes or other anomalies exist that could be indicators of misstatements or suspicious activity, and that any changes are legitimate and properly supported. When obtaining these reports, examiners validate the chain of custody by reviewing directly on the data processing system or ensuring the report is printed from the system without the opportunity for manipulation.

To review file maintenance controls, examiners:

• Obtain the file maintenance report (depending on the data processor of the credit union, this could be more than one report) and scan the report for unusual changes, such as:

  • Due date

  • Interest rate

  • Loan payment changes

  • Changing an address to a P.O. Box

• Select a sample of entries from the report for testing based on the frequency of changes—the higher the volume of changes, the larger the sample

  • Obtain supporting documentation for the change listed—for example, address change forms, subsequent action forms, or skip-a-pay notices

  • Determine who made the change and confirm the employee had the proper authority

• Obtain a listing of employees with file maintenance permissions

• Determine if a documented internal review of the File Maintenance Report has been performed and

  • Verify the reviewer of the report does not have file maintenance permissions

  • Evaluate the independence of the reviewer of the report

• Identify and follow-up on red flags

Last Updated on October 14, 2021