Welcome » IT Booklets » Operations » Risk Mitigation and Control Implementation » Imaging
An imaging system is a computer system that converts paper
documents to electronic files. Through imaging, financial
institutions can electronically store and manage records. Imaging
systems provide the means to quickly find, retrieve, and share
documents in a networked environment.
Item processing imaging systems (IPIS) are generally high speed
systems (up to 1,850 documents per minute, or dpm) designed to
capture checks and other items in the data processing environment.
Common uses for IPIS in financial institutions include proof of
deposit, sales draft processing (credit card or point of sale
[POS]), remittance processing, cash letter settlement, account
reconciliation, and statement rendering. The Check Clearing for the
21st Century Act ("Check 21 Act") is an example of an IPIS, in
which the processing bank captures negotiable items in an image
format. Instead of forwarding physical items to the Federal Reserve
or other clearing house, the processing bank electronically sends
image replacement documents. This system saves the financial
institution significant costs by streamlining the proof and capture
processes and reducing the cost of shipping physical items.
Document management imaging systems (DMIS) are generally
low-speed systems (approximately 10-200 dpm) designed to capture a
range of documents, such as loan and mortgage file information, IRA
and Keogh files, trust documents, and signature cards. DMIS are
often used in a network environment to facilitate processes, such
as a teller electronically viewing a signature card for
verification purposes or a loan officer reviewing a credit file
from a remote branch location.
Computer output to laser disk (COLD) is the computer process
that outputs electronic records and printed reports to laser disk
instead of a printer. This system is used to archive data to one or
more optical disks in a compressed but easily retrievable format.
COLD systems are often used with an imaging system for storage of
archived reports, loan documents, and other customer records.
Quality control is important for all types of imaging and
imaging processes including storage, the scanning and indexing
process, and equipment-scanning rates. Management should ensure
there are adequate controls to protect imaging processes, as many
of the traditional audit and controls for paper-based systems may
be reduced. Failure to maintain adequate controls can result in
unusable or irretrievable images, alteration or counterfeiting of
images, and loss or compromise of confidential customer
information. Management should also consider issues such as
converting existing paper storage files, integration of the imaging
system into the organization workflow, and business continuity
planning needs to achieve and maintain business objectives.
The following items are important imaging system control points.
As a part of management's efforts to develop controls, audit should
be involved to ensure the establishment of appropriate audit
controls and audit trails.
Capture - Management should ensure adequate controls
are in place at the point where image capturing occurs. Capturing
can be accomplished through scanning documents, converting word
processing documents and spreadsheets into unalterable images, or
importing existing images into the institution's system. Poor
controls over capturing can result in poor quality images, high
rejection and exception rates, improper indexing, and capturing
incomplete or forged documents. Procedures should be in place to
prevent destruction of original documents before verifying image
quality, especially when the imaged information is used to process
Indexing - Management should maintain indexing-system
integrity to ensure users can retrieve accurate files in a timely
manner based upon business needs (e.g., customer service, business
continuity planning). For document imaging, naming processes should
be in place in order to easily identify what particular documents
are being captured and how they should be sorted and presented upon
Security - The institution-wide security risk
assessment should include imaging systems. Management should ensure
there are adequate security controls to protect the imaging system
and confidential customer information. Such security should provide
for separation of duties, input/output controls, and prevent
unauthorized modifications of imaged data or insertion of
Training - Appropriate training is key for proper
system use. Inadequate instruction for imaging procedures could
lead to quality control issues and misplaced or unavailable
Audit - Like any other system, imaging needs to be
scrutinized to ensure adequate controls have been enabled.
Back-Up and Recovery - Imaging system back-up and
recovery planning should ensure restoration and retrieval of
information within recovery time objectives as defined within the
business continuity plan. The complexity of back-up and recovery
solutions will vary based upon the use of imaged data (e.g., as a
reference copy, to support transaction processing,). Since imaging
allows the storage of large volumes of documents, the loss of
imaged files can significantly affect business operations if
back-up electronic or paper files are not readily available.
Further, the loss or malfunction of indexing software could leave
the institution without a mechanism to pull related imaged
documents together into a single coherent view such as an
electronic credit file.
Legal Issues - Institutions installing imaging systems
should carefully evaluate the legal implications of converting the
original documents to image. The institution may be required to
demonstrate through audit trails, access records, and electronic
storage practices that the images presented are unaltered.
Management should consult with attorneys to discuss issues such as
record retention and destruction of original documents.