File - Erica Neidhardt, MACC

advertisement
Erica Neidhardt
Week 5 Homework
Chapter 12 & Chapter 13
August 1, 2012
Chapter 12 (12-8 & 12-11)
12-8:
The Espy Company recently had an outside consulting firm perform an audit of its
information systems department. One of the consultants identified some business
risks and their probability of occurrence. Estimates of the potential losses and
estimated control costs are given in Figure 12-11.
a.) Using the Figure 12-11 information, develop a risk assessment for the Espy
Company.
Risk Assessment for Espy Company
The following risk assessment for Espy company was completed July 2012
and the following issues were found. We have put these are put in the order of the
greatest probability that the loss will occur. We have also made suggestions on
ways to help prevent any loss.
1.) Vandalism comes in first with the probability that the loss will occur at .65%.
There are a few things that you can do to try your best to protect against
vandalism. The first suggestion is to make sure that you have everything
password protected. It is important to make sure the employees you a
password that no one else knows that that they don’t share their passwords
with anyone. You will also want to make sure that the only the people that
need the information are allowed in the system. The estimated loss in this
situation could be anywhere from $1,000 to $15,000 and has an estimated
cost of $8,000 to put the controls in place for prevention.
2.) Power surge comes in second with the probability that the loss will occur at
.40%. In order to prevent this you will want to make sure that the system
has the proper power cords and is kept in a proper location. The estimated
los in this situation could be anywhere from $850 to $2,000 and has an
estimated cost of $300 to put a control into place.
3.) Brownout comes in third with the probability that the loss will occur at .40%.
A brownout is an intentional drop in voltage used for load reduction in an
emergency. You will want to make sure that you once again have the proper
equipment needed to support the system. You will also want to make sure
that you have a back up place or some kind of procedure in place if this were
to happen. The estimated loss in this situation could be between $850 and
$2000 with and estimated $250 for a control to be put into place.
4.) Flood comes in fourth with the probability that the loss will occur at .15%.
You can’t really prevent a flood but there at things you can have in place in
case one should happen. You will want to make sure all of your equipment is
up off the floor and have a level that water would not be able to reach if
something should go wrong. This one has the larges loss potential with it
coming in at $250,000 to $500,000 and an estimated control cost of $2,500.
5.) Fire comes in fifth with the probability that the loss will occur at .10%. Once
again this is a thing that you can’t prevent but you can have steps in place to
make sure you do everything you can incase it does happen. You will want to
make sure you have the proper equipment installed if there is a fire that does
occur. The less damage the better. The potential loss is anywhere from
$150,000 to $300,000 and the cost for the control would be around $4,000.
6.) Software failure comes in sixth with the probability of the loss at .10%. If this
occurs you want to make sure you have all the documents on file that you
need in order to get the issue resolved with the software developers. The
estimated loss could come in anywhere from $4,000 to $18,000 and has an
estimated control cost of $1,400.
7.) Equipment failure comes in seventh with a probability of .08% that the loss
will occur. Once again if equipment is going to fail it is going to fail there is
not a lot you can do to prevent it. But you will want to make sure that you
have the proper documentation on had so that if something does happen you
can get the equipment replaced quickly. The estimated loss cost is anywhere
between $50,000 to $150,000 and the estimated control cost is $2,000.
b.) If you were the manager responsible for the Espy Company’s information
processing system, which controls would you implement and why?
I would have to say that I would implement the vandalism, flood, and fire.
The reason I would put these into place is because they would have the
greatest consequences if there were to happen. When you are dealing with
other people’s information you want to make sure you do everything you can
to protect that information. There may be a little bit of cost involved to get
the proper procedures and equipment put into place but it would be very
worth it.
12-11:
Continuous auditing has the potential to reduce labor costs associated with auditing.
It also can provide audit assurance closer to the occurrence of a transaction, which
improves the reliability of frequent or real-time financial reports. Using an Internet
search engine, find an example of an organization’s usage of continuous auditing.
I found my information at the following website:
http://normanmarks.wordpress.com/2011/07/22/pwc-continuous-auditing/
There were a couple of good points in this article about the company PwC’s usage of
the continuous auditing. The first is that with continuous auditing you have get the
issues right then and there and don’t get the risks from when the assessment was
complete. If you have someone continuously doing this they will be able to bring
these up to your attention as soon as they arise.
Chapter 13 (13-9)
13-9:
Three methods for implementing a new system in an organization are directed
conversion, parallel conversion, and modular conversion. Discuss the advantages
and disadvantages of using each of these three systems implementation methods.
Directional conversion is when the old system is dropped immediately dropped and
the new system takes over the complete processing of the companies transactions.
One of the good things about this would be that the employees would not have a
choice because if you give them a choice to work in both systems then they are likely
to not take the change well. On the down side if you just kick the old system to the
side and something goes wrong then you are stuck because you don’t have anything
with the old system anymore.
Parallel Conversion is when both systems the old and new operate at the same time
for a while. An advantage of this would be that you would be able to work all the
kinks out of the new system while you are still able to get stuff done in the old
system. A disadvantage to this would be the employees not wanting to convert to
the new system. I have had this happen to me at a place of employment. When they
were putting in the new system we were still able to use the old system and we had
one individual that did not want to change at all because they gave her the choice to
use the old system longer and she never went into the new system to give it a try.
Modular conversion is when the company divides the group into smaller modules
and implements the system module by module. An advantage to this would be that
the individuals would be able to ask others for help because they would have
already been transferred over. Sometimes it is better to be able to ask a coworker
for help then to have to go through the IT department. The disadvantage to this
would be it could take a large amount of time to get the system or company totally
transferred over.
Download