Welcome » IT Booklets » Operations » Risk Mitigation and Control Implementation » Imaging
An imaging system is a computer system that converts paper documents to electronic files. Through imaging, financial institutions can electronically store and manage records. Imaging systems provide the means to quickly find, retrieve, and share documents in a networked environment.
Item processing imaging systems (IPIS) are generally high speed systems (up to 1,850 documents per minute, or dpm) designed to capture checks and other items in the data processing environment. Common uses for IPIS in financial institutions include proof of deposit, sales draft processing (credit card or point of sale [POS]), remittance processing, cash letter settlement, account reconciliation, and statement rendering. The Check Clearing for the 21st Century Act ("Check 21 Act") is an example of an IPIS, in which the processing bank captures negotiable items in an image format. Instead of forwarding physical items to the Federal Reserve or other clearing house, the processing bank electronically sends image replacement documents. This system saves the financial institution significant costs by streamlining the proof and capture processes and reducing the cost of shipping physical items.
Document management imaging systems (DMIS) are generally low-speed systems (approximately 10-200 dpm) designed to capture a range of documents, such as loan and mortgage file information, IRA and Keogh files, trust documents, and signature cards. DMIS are often used in a network environment to facilitate processes, such as a teller electronically viewing a signature card for verification purposes or a loan officer reviewing a credit file from a remote branch location.
Computer output to laser disk (COLD) is the computer process that outputs electronic records and printed reports to laser disk instead of a printer. This system is used to archive data to one or more optical disks in a compressed but easily retrievable format. COLD systems are often used with an imaging system for storage of archived reports, loan documents, and other customer records.
Quality control is important for all types of imaging and imaging processes including storage, the scanning and indexing process, and equipment-scanning rates. Management should ensure there are adequate controls to protect imaging processes, as many of the traditional audit and controls for paper-based systems may be reduced. Failure to maintain adequate controls can result in unusable or irretrievable images, alteration or counterfeiting of images, and loss or compromise of confidential customer information. Management should also consider issues such as converting existing paper storage files, integration of the imaging system into the organization workflow, and business continuity planning needs to achieve and maintain business objectives.
The following items are important imaging system control points. As a part of management's efforts to develop controls, audit should be involved to ensure the establishment of appropriate audit controls and audit trails.
Capture - Management should ensure adequate controls are in place at the point where image capturing occurs. Capturing can be accomplished through scanning documents, converting word processing documents and spreadsheets into unalterable images, or importing existing images into the institution's system. Poor controls over capturing can result in poor quality images, high rejection and exception rates, improper indexing, and capturing incomplete or forged documents. Procedures should be in place to prevent destruction of original documents before verifying image quality, especially when the imaged information is used to process transactions.
Indexing - Management should maintain indexing-system integrity to ensure users can retrieve accurate files in a timely manner based upon business needs (e.g., customer service, business continuity planning). For document imaging, naming processes should be in place in order to easily identify what particular documents are being captured and how they should be sorted and presented upon retrieval.
Security - The institution-wide security risk assessment should include imaging systems. Management should ensure there are adequate security controls to protect the imaging system and confidential customer information. Such security should provide for separation of duties, input/output controls, and prevent unauthorized modifications of imaged data or insertion of fraudulent images.
Training - Appropriate training is key for proper system use. Inadequate instruction for imaging procedures could lead to quality control issues and misplaced or unavailable data.
Audit - Like any other system, imaging needs to be scrutinized to ensure adequate controls have been enabled.
Back-Up and Recovery - Imaging system back-up and recovery planning should ensure restoration and retrieval of information within recovery time objectives as defined within the business continuity plan. The complexity of back-up and recovery solutions will vary based upon the use of imaged data (e.g., as a reference copy, to support transaction processing,). Since imaging allows the storage of large volumes of documents, the loss of imaged files can significantly affect business operations if back-up electronic or paper files are not readily available. Further, the loss or malfunction of indexing software could leave the institution without a mechanism to pull related imaged documents together into a single coherent view such as an electronic credit file.
Legal Issues - Institutions installing imaging systems should carefully evaluate the legal implications of converting the original documents to image. The institution may be required to demonstrate through audit trails, access records, and electronic storage practices that the images presented are unaltered. Management should consult with attorneys to discuss issues such as record retention and destruction of original documents.