1) One principle of error reduction is to reuse information already in the computer whenever possible. Describe an experience where you had to re-input information that should have been stored and reusable.
From my experiences as a software developer, reuse of information already existing in the computer can exist in situations such as logging into different applications using the same user id. For example, I had to sign in to my windows workstation and then again sign into different applications like sales force, security central, IBM web sphere administration server console etc.. This was time consuming and also annoying. I had to re-input my employee ID into all the above applications and had to sign in before using them. Currently,
…show more content…
The product of ad hoc analysis is typically a statistical model and a analytic report (Ad Hoc Analysis, n.d.). They are also used to create a report that drill deeper into the static report to get details about the accounts or records.
The main goal of ad hoc reporting is to empower end users to ask their own questions of the company data. Ad hoc reporting stands in contrast with managed reporting, in which the technical user and the report developer create and distribute the report (Ad Hoc Reporting, n.d.).
3) Discuss why both manual procedures and computer integrity controls are required to prevent fraud.
Computer Integrity controls include processing control on application programs, network access security on browser and internet transport, input and output controls on input and output devices, operating system security, data encryption over data and internet transport. Manual procedures include physically counting stuff, checking transactions manually, checking consistencies between two related things, random checks etc.
Following are the factors affecting fraud risks and tips to counter these factors (Procedure Manual, 2013):
Separation of duties- it is countered by creating separated forms, access controls for all tasks of requesting, approving and generating expenditures. This technique uses control on application programs.
Inadequate audit trails- for this, transaction logging is to be included and also ability of manipulating
1. The three aspects of fraud - Perceived pressure, Rationalization, and Opportunity were present in the CIT case as follows:
Professional auditing standards discuss the three key “conditions” that are typically present when a financial fraud occurs and identify a lengthy list of “fraud risk factors.”
There are various procedures that could be taken in to account that would, if properly implemented, would have detected the frauds that occurred within the companies. There are many control risks that should have been taking regarding inventory along with preliminary audit strategies for the inventory and substantive test to be done that would have raised many flags during the typical audits as well as in depth ones.
Using your own organisation information to identify a specific area of data. Analyse the data and present your findings in a way that will assist an aspect of decision making in the area of data selected. Your analysis should be presented in a report covering:
17.Which of the following is probably the primary reason accountants should be concerned about computer crime and abuse?
All organizations are at risk of fraud, each with its own way of preventing it such as implementing specific policies, procedures, programs and training. However, preventive measures cannot guarantee that fraud will not be committed.
The organizations audit controls and internal controls must be reviewed and changed so that the fraud and misappropriation of funds can be handled and bring back the integrity of the company.
Information security controls include disk encryption for Servers with NPI data, encrypted backups, password protected databases,
Access control. Technical policies need to be created that permit access only to those individuals who have right to do so. For this purpose unique user identification is required. In case of emergency situation define who is allowed to access to PHI, rather than the person assigned originally. Automatic log-off, encryption, decryption are essential for protection PHI.
Fraudulent, erroneous, and illegal acts committed by a public company, usually at a managerial or executive level, have been a very serious problem for many years and have prompted development of strict and updated regulations, such as the Sarbanes-Oxley Act, in an attempt to prevent these occurrences. Unfortunately, these new or updated regulations are not enough to prevent these acts from happening, thus not alleviating the auditors of their responsibility to detect fraud. Some methods that management and auditors can employ to prevent and detect fraud, errors, and illegal acts are: improving knowledge, improving skills,
Identification of controls already in place – including policies, firewalls, applications, intrusion and detection prevention systems, virtual private networks, data loss prevention and encryption.
Internal controls provide a system of checks and balances intended to identify irregularities, prevent waste, fraud and abuse from occurring, and assist in resolving discrepancies that are accidentally introduced in the operations of the business. When consistently applied throughout, these policies and procedures assure that information technology resources are protected from a range of threats in order to ensure business continuity and maximize the return on
Reducing these three key aspects of fraud will reduce the act of fraud in a business
•Provide an example of a data integrity error that could occur if each of these types of input control were not in place.
The implementation of privilege access control, role-based access control and logical access control which all leverage on tackling insider threats, closely monitoring and managing all administrative activities performed on information systems. Their functionality is based on provision and denying of access to commands and items on the basis of authentication, identification and appropriateness.