Essay on Foods Fantastic Company Case

1063 Words Nov 21st, 2015 5 Pages
IT General Controls Risk Assessment Report
Foods Fantastic Company
Siqi Li
Oct 29TH 2013

Foods Fantastic Company is a public company which mainly operating regional grocery store in Maryland. This Company relies on application programs, such as bar-code scanner, to entre sales to the system. The FFC majority depends on the computer system to run their business. Based on this situation, the Information General Controls review is necessary for this company as the reason that ITGC is the foundation of every categories of the internal control. To review the ITGC will help the audit committee to determine the risk assessment of the internal controls in the company’s information system. The ITGC mainly classified by five areas, such as
…show more content…
They need to verify identification information and to be permitted by the data center personnel to access the data center. Moreover, the computer room has the protection of environmental controls and monitors to monitor daily activities. In addition, the company have a clearly IT security policy. All of these are good procedures for data security internal controls. This will help the company set up a high level of data security. However, as we observed, the clerk does not follow the rule and get into the computer room or data center easily. Even though the company set up good control procedures for data security, the staff does not follow it consistently. All these procedures will be useless. For the Change Management area, I define a medium level of risk assessment. The Company has formal change management procedures, and follows these procedures when making necessary changes. Those changes need to get approved before implement it. They have to fill the change request form and got sign for users, VP-Applications and CIO. In addition, the programmers do testing the changes before implement it. However, the programmers do not made the code changes and do not testing production module in FFC. As the result of this, it may causes the changes do not good enough to suit for the productions. That will give opportunity to happen a risk. For the Business Continuity Planning area, the risk assessment level is high. The company does not have any written BCP and

Related Documents