Share
Explore BrainMass

IT Controls: Suggest a control weakness and test method

Controls for IT and Reporting & Evaluation

? Imagine you are a controller for a company.
? Identify the internal control reporting options.
? Create criteria against which the options can be evaluated.
? Include internal controls for IT.

Come up with a 5 things wrong with the IT function of a company which would be defined as a control weakness. Come up with a proposed control and then how and when it will be tested.

Here's an example:

Control weakness. Employees have the ability to enter prices that are different from those on the company price list

Proposed control. Employees are restricted by policy from affecting transactions or making changes to the prices when they are entered into the register. However, the system does not prevent the employees from doing this. We must remove these abilities from all of the employees and provide an override whereby managers can approve an amount different from the list price

Proposed test method. On at least a quarterly basis, internal audit will go to each register and attempt to enter prices different from the list price for a selection of items using different employee names. A list of management over-rides will be produced once a month and signed off on by the store manager and the district supervisor. Deviations of greater than 20 percent will be flagged for detailed explanation

Solution Preview

This is an original work and has not been previously published or shared with any other source. This work is to be treated as a guideline to assist you with this assignment. At no time is it intended to be a final submission work and I discourage you from using it as such. Points made and topics discussed in this work should be researched further and validated by the student prior to utilizing it in their own work which will be complied for final submission to their schools.
__________________________________________________________________________________________________
1a. Control Weakness: The time and attendance system is activated by employees logging into the system with their username and password. Employees frequently log into the system as each other and create fraudulent clock-in times for each other.

1b. Proposed Control: Company policy states that employees can only clock-in as themselves. They may not represent another employee in performing this activity. Controls need to be in place that utilize a unique identifier for each individual employee such as a thermal fingerprint scanner. Management must have administrative rights over all accounts for the purpose of set-up, edits and deletions of personnel time records.

1c. Proposed Test Method: These systems will be audited on a monthly basis to ensure that the unique identifier is accurate across all employees base files and that proper machine quality control measures are performed at the manufacturer recommended intervals. ...

Solution Summary

Controls for IT and Reporting & Evaluation

? Imagine you are a controller for a company.
? Identify the internal control reporting options.
? Create criteria against which the options can be evaluated.
? Include internal controls for IT.

$2.19