Essay on Sofitech Individual Case Analysis

1953 Words Jan 6th, 2015 8 Pages
Q1. I classified the following controls based on what I read in appendix 1. For IT General Control, it talks to controls that are set in place so that a client's IT system operates correctly. These controls primarily focus on ensuring that changes to applications are properly authorized, tested, and approved before they are implemented and that only authorized persons and applications have access to data, and then only to perform specifically defined functions. Because of this, the physical access to the server room has been classified as an IT General Control. For Application Control, it talks more to automated controls that apply to the processing of individual transactions. They include such controls as edit checks, validations, …show more content…
Also by having IT Dependent Manual controls in place every sales order will be reviewed for accuracy to make sure everything is copasetic in the IT system.
The fifth suspicious transaction is for a customer number that should not exist. This could be avoided by having the proper application controls in place. The same as verifying/validating a sales order number, this should raise a red flag if the customer number in which it is billed to does not exist. This should automatically be caught by the IT system but if for some reason it is able to be submitted, then the IT Dependent Manual Control should catch this as the manager will be looking over the transactions to make sure everything is proper. This really should be the last step for all transactions as you can’t solely rely on the computer system especially if it does not have the proper safe guards in place, as this one seems to be lacking.
Q3. The top five control risks found while conducting an audit are all program changes needing to be tested and approved prior to implementation, being able to restrict the ability to implement changes to authorized personnel, maintaining system and application access, removing all logical access based on employee termination communication and access to the operation functions of the system by unauthorized personnel.
For the first risk, needing to

Related Documents