We are presently looking into the purchase of an automatic check signing machine and I am concerned about the security that needs to be in place.


Below are some general ideas of business practices and internal control procedures that you should consider with the implementation of an electronic signature machine. Consider a system that requires two people to enter a code in order to activate the machine. This is referred to as a dual internal control. Also, the machine should provide an electronic read out of the number of documents passed through for signature. The signature machine (if possible) should be in a secure location by a dedicated printer and not out with the general office printer used by most of the employees.

Use a log that documents the beginning and ending sequence numbers maintained by the check signature machine. The information in the log should be verified by someone independent of processing checks, and documented with their initials and a date. This is an independent control point procedure. The log noted above should also document the check sequence processed. The number of checks processed must match the numerical sequence count from the signature machine read out. Voided checks should be included as part of the population processed. If the sequence does not match, it should be investigated and resolved. This is considered a processing control procedure.

The log, accompanied with all of the electronically signed checks and any voided checks, should be sent to a person independent of check writing in order to verify checks signed, voided or checks requiring dual signatures over certain dollar limits. This is a separation-of-duties internal control procedure.

Some of the same procedures noted above should be a part of a signature cartridge system. However, the cartridge must be stored in a secured location with restricted access. Some companies require a group that is independent of check writing to maintain control over the cartridge, and a sign-out log must be initialed when removing it to sign checks.

These are a few procedures to consider as you implement an electronic check signing. The security of the machine with restricted access and dual password activation are important procedures to prevent inappropriate misuse.

Have more questions? Submit a request