Tuesday, December 10, 2019
Systems Documentation and Internal Controls â⬠MyAssignmenthelp.com
Question: Discuss about the Systems Documentation and Internal Controls. Answer: Introduction: Motherboards and More Pty Ltd is a medium-sized organization in the industry of manufacturing computer parts like motherboards, graphics cards, microchips etc. The organization uses an ERP system to maintain its function for supply, manufacture and receiving data from other departments located in remote places. The orders of the company placed via email or phone call. The supply chain and manufacturing of the orders received from customers are picked by alphabetically and processed via various manufacturing and loading dock in an alphabetic order by customer name. The invoices will be generated after the shipment of the order so all the sales order is on credit for this organization. The company in the present case analysis is facing out certain internal control weaknesses in regards to control and other network related security. Internal control weaknesses There is some of the weakness found in the current system in order to the analysis of the organization revenue cycle. The invoice generated after the shipment of the order of the customers which affect the organization revenue because the invoice will be generated only for a number of orders that are delivered to customers, not the back order (Romney Steinbart, 2012). The orders of the customer are received by telephone or email so it is hard to maintain the email conversation for the specification provided by customers and amount of order given. There is a chance of errors while getting the details of customer and the order from email and process it for shipment if the volume of order in increased (Li, et. al., 2012). If frequent orders from the same customer occurred than it is hard to segregate the orders from the same customer. In the case of frequent orders, the shipment of orders given by another customer will get delayed due to the alphabetic sequence of the customer (Hammersley, et. al., 2008). Impact these weaknesses Generation of invoice for the shipped order makes all sales on credit which may lead to the money crises for the organization. Email conversation for frequent orders may lead to the mismatch of orders and the shipments because of the chance of errors that may occur while processing the order. The alphabetic sequence may lead delay of shipment of other customers that have less amount of order even ready to be shipped. Not only the operations task of the business is affected but also there is a great hamper on the reputation part associated with the group (Deumes Knechel, 2008). In order to process the orders effectively and efficiently received by the organization from its customer, there are some of the controls that may be implemented. An ODF (Order Description Form) should be created by the organization which includes all the details given by the customer for the order should be written briefly. Once the ODF is confirmed a minimum amount of the complete order should be paid by the customer by providing the customer an invoice of the complete order with an order The ODF should be shared by the customer in order to get the communication clear and effective so that customer will reconfirm before the order processed. Once the ODF is confirmed it should be shared with every department of the Motherboards and More Pty Ltd in order to get the proper direction for manufacturing till shipment. In addition to this technical security controls physical checks and verification system should be implanted to check the accuracy of system failure through virus attacks (Doyle, et. al., 2007). A brief overview of the Ransomware attack: A ransomware is a piece of code that executes in the older versions of Windows operating system. The primary task of ransomware is to encrypt the files of the user computer in order to process the demand of ransom against decrypting the same file without data loss. The ministry stated on its website that around 1000 computer has been infected by a malware but it has been localized (Luo Liao, 2007). The encryption of data into user computer is targeted mostly word files and excel sheets of the user computer. Ransomware encrypts all type of files into the user computer in which word and excel files are the most as the important data of the user has been stored in those files. An encryption key has been used by the installed exe of the ransomware in order to encrypt the files of the user computer. A researcher at Kaspersky lab explains the minimum demand of $300 after 2 Hours of the installation. The payment has been processed online which lead to the decryption key. The decryption key has been provided for the victim PC which results to decryption of files once the ransom has been paid (Kharraz, et. al., 2015). Protect the organization from a potential Ransomware attack In order to provide security from potential ransomware attacks, there are some of the solutions provided by existing researchers at various labs of antivirus industry. Enable On-Access Scanning: On-Access scanning is a feature provided by the security domain organization which leads to scan every file while accessing by the customer. On-Access feature scan every file for the potential ransomware signature even user is downloading a file from internet. Backup of data: The online and offline backup of data is the alternate solution to ransomware. Now, these days many security domain organizations are providing cloud space for ransomware protection to user data (Pathak Nanded, 2016). Firewall Protection: A firewall protection for the LAN of the organization so that if a PC is under attack it should not lead to infecting other computers. The firewall should be implemented with the rules of phishing website protection so that an exe should not even get downloaded into user PC (Sittig Singh, 2016). References Deumes, R., Knechel, W. R. (2008). Economic incentives for voluntary reporting on internal risk management and control systems.Auditing: A Journal of Practice Theory,27(1), 35-66. Doyle, J., Ge, W., McVay, S. (2007). Determinants of weaknesses in internal control over financial reporting.Journal of accounting and Economics,44(1), 193-223. Hammersley, J. S., Myers, L. A., Shakespeare, C. (2008). Market reactions to the disclosure of internal control weaknesses and to the characteristics of those weaknesses under Section 302 of the Sarbanes Oxley Act of 2002.Review of Accounting Studies,13(1), 141-165. Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., Kirda, E. (2015, July). Cutting the gordian knot: A look under the hood of ransomware attacks. InInternational Conference on Detection of Intrusions and Malware, and Vulnerability Assessment(pp. 3-24). Springer, Cham. Li, C., Peters, G. F., Richardson, V. J., Watson, M. W. (2012). The consequences of information technology control weaknesses on management information systems: the case of SarbanesOxley internal control reports.Management Information Systems Quarterly,36(1), 179-203. Luo, X., Liao, Q. (2007). Awareness education as the key to ransomware prevention.Information Systems Security,16(4), 195-202. Pathak, D. P., Nanded, Y. M. (2016). A dangerous trend of cybercrime: ransomware growing challenge.International Journal of Advanced Research in Computer Engineering Technology (IJARCET) Volume,5. Romney, M. B., Steinbart, P. J. (2012).Accounting information systems. Boston: Pearson. Sittig, D. F., Singh, H. (2016). A socio-technical approach to preventing, mitigating, and recovering from ransomware attacks.Applied clinical informatics,7(2), 624.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment