Question

1. What IT controls should prevent/detect the following threats? Explain

1. The data entry clerk mis-keys the customer number for a customer order, so the goods are sent to the wrong address and charged to the wrong customer.

2.An accounts payable clerk changes the bank details for a vendor to her own, enters a duplicate vendor invoice, and pays the amount to herself.

3.The sales system generates shipping documents as authority for shipment to customers, but some shipments are not invoiced to customers.

4.The computer program processing sales incorrectly calculates GST.

5.The data entry clerk entering vendor invoices for acquisitions keys a non-existing expense account number, and so no expense was debited for this invoice.

Answer 1

1. The mistake of entering wrong customer number can be corrected by providing space in the order form for entering the customer number twice and checking mistmatch between the two. Another method may be to programme the order form in such a way that it accepts manual entry of customer address and check it with the address details in the customer master data base corresponding to the costomer number entered. And ask for rentry if any mismatch found.

2. There needs to be proper authorisation for payments. The data entry clerks or accounts clerks should not be provided with access to alter the information. Access to the software should be provided only by means of passwords, and enable the routing of name of persons who make the entries . Establishing the above control measures will help to reduce such misappropriation of cash by accounting clerks.

3. The system should also have the function to check the customer order forms with shipping documents so that it can ensure and authorise that the shipment is made to the customer who have placed the order.

4.The computer programme should be corrected accordingly to calculate correct amount of GST.

5. The system should be reprogrammed so that it should automatically provide warning of entering non-exsting expense account number and prevent from continuing with the entry without entering the correct expense accounting number.

5.