Sofitech Individual Case Analysis Essay

Better Essays
Q1. I classified the following controls based on what I read in appendix 1. For IT General Control, it talks to controls that are set in place so that a client's IT system operates correctly. These controls primarily focus on ensuring that changes to applications are properly authorized, tested, and approved before they are implemented and that only authorized persons and applications have access to data, and then only to perform specifically defined functions. Because of this, the physical access to the server room has been classified as an IT General Control. For Application Control, it talks more to automated controls that apply to the processing of individual transactions. They include such controls as edit checks, validations,…show more content…
Someone could have piggybacked into the system and is using this access illegally. This is essential in maintaining proper security of a company’s IT system as it could allow breaches to take place or even disgruntled employees a chance to log back in to the system. The proper firewalls and security policies need to be in place to avoid potential scenarios like this. The second suspicious transaction is an exact duplicate of another. This is from a breakdown in IT Dependent Manual Control and not having the proper checks taking place to alleviate duplicates. The IT system can only do so much. If a valid sales order is entered, it will accept it. This is where the manual oversight comes in and realizes the error after looking over the computer generated data and then can be excluded if need be. I am surprised that this happened though as the sales order number is identical and it still allowed for the transaction to appear unless this was the case of a system refresh. This also ties into Application Control, as these transactions did have a valid sales order number but it needs to take it a step further and have safe guards in place to not allow for two of the same sales order numbers to be generated, whether it was by user error or system error, this could have been avoided. The third and fourth suspicious transactions are two transactions that correspond to a sales person ID that is not on the current sales team. While this could be from
Get Access