To continue with my last post about cost effective solutions I want to address a tool that’s used by many of my clients, Microsoft Access. Rather than the purchase of an additional application the supped up version of Excel can be a cost effective, flexible solution to prepare accruals, manage inventory, or to store sensitive employee information. Nobody ever thinks about internal controls when the application is small or can easily be recreated, but the potential for something to go wrong is significant and only increases with the importance of it’s use. By the time you need controls it’s usually too late. The saying, “an ounce of prevention is worth a pound of cure” has never been truer. Consider these points when using Access.

1. Backup. Are backup and recovery controls in place and if so, are they preformed often enough? One common backup method is to store the application on a shared drive that is currently being backed up by IT departments.
2. Database Controls. There are two types: user access controls and development tools controls. User access controls prevent unauthorized access to data tables and queries and are established by simply using passwords to access the data. Development tools controls restrict or removes access from any unauthorized user to change the design view of the application.
3. Input controls. These protect the integrity of data and ensure accuracy. There are two basic types of input controls: preventive and detective. For preventive controls, one can create data validation at the input level. Detective controls may include the creation of batches or automated checks against validation criteria.
4. Processing controls. To avoid any errors and ensure the accuracy, completeness and consistency of the data processed, users need to manually implement processing controls. Unfortunately, Access doesn’t have any such tool to help.
5. Output controls. These controls restrict access to the completed product. By assigning user-level permissions individually, only authorized users have access to view and use the information.

Most of the ideas outlined above are straightforward. If implemented the controls can in increase the likelihood that something bad won’t happen to a key process.