Scribd Logo
Upload

Welcome to Scribd!

  • 14 views

    Bài tập kiểm soát hệ thống thông tin kế toán

    Uploaded by

    huyennguyen.31221024921
    The document discusses various threats to information systems and appropriate controls to mitigate each threat. Examples include accidentally processing the wrong file, entering invalid data, lack of concurrent update controls, and power outages. The appropriate controls are things like validity and reasonableness checks, concurrent update controls, off-site backups, disaster recovery plans, and uninterruptible power systems.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd

    Bài tập kiểm soát hệ thống thông tin kế toán

    Uploaded by

    huyennguyen.31221024921
    14 views3 pages
    The document discusses various threats to information systems and appropriate controls to mitigate each threat. Examples include accidentally processing the wrong file, entering invalid data, lack of concurrent update controls, and power outages. The appropriate controls are things like validity and reasonableness checks, concurrent update controls, off-site backups, disaster recovery plans, and uninterruptible power systems.

    Original Description:

    qừebrtegtr32dascxvghtgewadsd

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document discusses various threats to information systems and appropriate controls to mitigate each threat. Examples include accidentally processing the wrong file, entering invalid data, lack of concurrent update controls, and power outages. The appropriate controls are things like validity and reasonableness checks, concurrent update controls, off-site backups, disaster recovery plans, and uninterruptible power systems.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    14 views3 pages

    Bài tập kiểm soát hệ thống thông tin kế toán

    Uploaded by

    huyennguyen.31221024921
    The document discusses various threats to information systems and appropriate controls to mitigate each threat. Examples include accidentally processing the wrong file, entering invalid data, lack of concurrent update controls, and power outages. The appropriate controls are things like validity and reasonableness checks, concurrent update controls, off-site backups, disaster recovery plans, and uninterruptible power systems.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    You are on page 1of 3

    10.7 Which control(s) would best mitigate the following threats?

    a. The hours worked field in a payroll transaction record contained the value 400
    instead of 40. As a result, the employee received a paycheck for $6,257.24 instead of
    $654.32.
    A limit check on hours worked. The limit would have to be higher than 40 (such as 55 –
    or whatever the company deemed appropriate) to allow for overtime, but would certainly
    catch the extra 0 added to the 40 hours worked.
    b. The accounts receivable file was destroyed because it was accidentally used to
    update accounts payable.
    All files should have header labels to identify their contents, and all programs should
    check these labels before processing transactions against the file.
    There should also be a clearly marked external label to reduce the risk of an operator
    loading the wrong file.
    c. During processing of customer payments, the digit 0 in a payment of $204 was
    mistakenly typed as the letter “O.” As a result, the transaction was not processed
    correctly and the customer erroneously received a letter that the account was delinquent.
    A field check should be performed to check whether all characters entered in this field are
    numeric.
    There should be a prompt correction and re-processing of erroneous transactions.
    d. A salesperson mistakenly entered an online order for 50 laser printers instead of 50
    laser printer toner cartridges.
    A reasonableness test of quantity ordered relative to the product if 50 is an unusually
    large number of monitors to be ordered at one time.
    Closed-loop verification to make sure that the stock number matches the item that is
    ordered.

    e. A 20-minute power brownout caused a mission-critical database server to crash,


    shutting down operations temporarily.
    An uninterruptible power system should be used to provide a reserve power supply in the
    event of power failure. The UPS should at a minimum allow enough time for the system
    to operated for a defined length of time and then, if necessary, power down in the event
    of an extended power outage.
    Longer power outages are best handled by backup generators and real-time mirroring
    systems
    f. A fire destroyed the data center, including all backup copies of the accounts
    receivable files. FILES: A backup copy of the files should be stored off-site.
    HARDWARE: A hot or cold site arrangement
    BOTH: Real-time mirroring, so that when one site is down the other site(s) can pick up
    the slack.
    A disaster recovery plan
    Liability and business interruption insurance
    a. After processing sales transactions, the inventory report showed a negative
    quantity on hand for several items.
    A sign test of quantity on hand.
    b. A customer order for an important part did not include the customer’s address.
    Consequently, the order was not shipped on time and the customer called to complain.
    A completeness check to determine whether all required fields were filled in.
    c. When entering a large credit sale, the clerk typed in the customer’s account
    number as 45982 instead of 45892. That account number did not exist. The mistake was
    not caught until later in the week when the weekly billing process was run. Consequently,
    the customer was not billed for another week, delaying receipt of payment.
    Check digit verification on each customer account number Or a validity check for actual
    customers.
    d. A visitor to the company’s Web site entered 400 characters into the five-digit Zip
    code field, causing the server to crash.
    A size check would prevent 400 characters from being entered into a field that allows for
    only 5 characters.
    e. Two traveling sales representatives accessed the parts database at the same time.
    Salesperson A noted that there were still 55 units of part 723 available and entered an
    order for 45 of them. While salesperson A was keying in the order, salesperson B, in
    another state, also noted the availability of 55 units for part 723 and entered an order for
    33 of them. Both sales reps promised their customer next-day delivery. Salesperson A’s
    customer, however, learned the next day that the part would have to be back-ordered. The
    customer canceled the sale and vowed to never again do business with the company.
    Concurrent update controls protect records from errors when more than one salesman
    tries to update the inventory database by locking one of the users out of the database until
    the first salesman’s update has been completed.
    f. The warranty department manager was upset because special discount coupons
    were mailed to every customer who had purchased the product within the past 3 years,
    instead of to only those customers who had purchased the product within the past 3
    months.
    A limit check based on the original sales date.
    g. The clerk entering details about a large credit sale mistakenly typed in a
    nonexistent account number. Consequently, the company never received payment for the
    items.
    Check digit verification on each customer account number Or a validity check for actual
    customers
    Or closed loop verification that returns the customer name associated with a customer
    number.
    h. A customer filled in the wrong account number on the portion of the invoice being
    returned with payment. Consequently, the payment was credited to another customer’s
    account.
    Turnaround documents should include account numbers on them.
    i. A batch of 73 time sheets was sent to the payroll department for weekly
    processing. Somehow, one of the time sheets did not get processed. The mistake was not
    caught until payday, when one employee complained about not receiving a paycheck.
    Batch totals would have caught this.
    A record count would have indicated that one record was not processed. Or a hash total
    (sum of the employee numbers).
    q. Sunspot activity resulted in the loss of some data being sent to the regional office.
    The problem was not discovered until several days later when managers attempted to
    query the database for that information.
    Parity checks and checksums will test for data transmission errors.

    You might also like