Question

Ergonomics Furniture Pty Ltd (Ergonomics Furniture) is an Ergonomics Furniture manufacturer located in Sydney and has just installed the company’s first computer system.

In preparing for your current audit, you have identified the following information:

• The system is a local area network (LAN).
• The file server and two PCs are located at Head Office in Sydney, with two other PCs located in Melbourne.
• Selma Taylor, the CEO, who is located at Head Office and three clerical staff, Scot Davis, who is located at Head Office and Andy Johnson and Yang Chan, who are located in Sydney, are the only ones having logical access privileges to the computer. Their access privileges are as follows:
• Selma: access to all software and all files
• Scot: access to inventory
• Andy: access to receipts, sales and debtors.
• Yang: access to payroll, payments and payables
• All software was purchased off-the-shelf with the exception of the inventory program. Due to the specialised nature of Ergonomics Furniture’s inventory, an independent IT contractor was engaged to design, develop, test and install their program.

• The IT contractor fully documented the workings of the inventory system, however, neither Scot nor Selma understand the documentation.
• The computer hardware at both locations is kept in locked offices.
• Selma backs up all data kept on the file server on a daily basis and places a copy in a local secure storage facility.
• Scot, Andy and Yang print summary reports of inventory; sales, cash receipts and debtors; and cash payments, payables and payroll, respectively, and reconcile these on a weekly basis. Any apparent errors or problems are referred to Selma for resolution.

REQUIRED

1. Identify five (5) strengths in Ergonomics Furniture’s general controls that will impact on the reliability of the IT information that is generated.   

2. Outline how each of these strengths affect the audit overall.                 

Answer 1

IT general controls (ITGC) are the basic controls that can be applied to IT systems such as applications, operating systems, databases, and supporting IT infrastructure.

The objectives of ITGCs are to ensure the integrity of the data and processes that the systems support. The most common ITGCs are as follow:

• Logical access controls over applications, data and supporting infrastructure(each staff member has seperate access to various functions).
• Backup and recovery controls(Selma does back up on daily basis on yhe file server and local secure storage facility).
• Computer operation controls(each staff member performs his/her responsibilty as per controls assignes).
• Data center physical security controls(computer hardwares are kept at locked offices at both locations).
• System development life cycle controls(IT contractor engaged in design,develop,test and install the program).

Each of these strenghts will help in effective audit as follows:

• Access control will ensure that no outsider can alter the data or leak the data stored in the software and will maintain the integrity of data.
• Backup and recovery controls will help in speedy and secure recovery if data in case of any data loss due to any catastrophe.
• Operations control will ensure that duties are perfectly segregated to each staff and no overlapping of same task is done.
• Keeping computer hardware in locked location will protect the computer from any physical damage.
• System development will help proper updation of software as per changing situations.