The computer system requires all users to log on with a user identification (the

Question

The computer system requires all users to log on with a user identification (their first initial and the first six letters of their surname), and a password that is assigned to users when they join the firm (that is unable to be changed). The users have access to the internet and several have installed Windows Live Messenger and other chat programs on their machines.

The main task of John, one of the staff members, is to perform data entry. Each day he receives a bundle of orders from the customer assistant, with John’s job being to enter the details into the system. John first enters the customer name, address and contact number then clicks on the ‘Next’ button to enter the items and quantities ordered by the customer. If the customer name is not provided the computer will prompt John to go back and fill in the details before proceeding to the next screen. In addition, the computer will only accept numeric values for the quantities ordered. Once all orders are entered John clicks the ‘Done’ button and the computer displays the number of orders entered on the screen. John usually ignores this, because by the time orders have been entered it is usually lunch time.

Questions:
1- Identify five risks in the process.
2- Suggest an internal control for each risk (the control may be mentioned in the case
or missing and you think it should be applied).
4- Indicate whether the control is present or missing in the case.
5- Classify the control as general or application.

Use the following table to answer the above questions.
Solution:
Risk Control Present Gen/App
1
2
3
4
5

Explanation / Answer

1) Risk - Security breach of computers Control - Rotating passwords, such as cahnging them aver 60 days Present - Passowrds assigned, but do not change This is a general control to have better security on the computer system 2) Risk - Viruses and malware on computers Control - Disable access of employees to download or install programs or applications Present - Not present in the case, as employees are allowed to download programs which are not needed for their work. This is a general control to reduce computer system malfunctions. 3) Risk - Time wasted by employees on non-work-related programs Control - Disable access of employees to download or install programs or applications. Internet should be monitored to limit time spent to work-related sites, if needed. Present - Not present in the case currently, as employees are allowed to download or install programs or applications which are not needed for their work and internet access is not controled. This is a general control to reduce time spent on non-work-related activities. 4) Risk - Missing customer information Control - A prompt to complete needed information about the customer, if trying to move forward and it is not complete. Present - This control is partially there, as there is a prompt for the customer name. However, a prompt for other vital information should be added. This is an application control, due to being specific to the program it is run in. 5) Risk - Incorrect entry of quantities for orders. Control - Double entry of quantities. Present - This control is not in the case, only ensuring that the quantity is numeric, but there should be a check of what information is added, in case of typos. This is an applicatioin control, due to being specific to the program it is run in.

Related Questions

Navigate

• Browse (All)
• Browse T
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.