Question

For each scenario described, (1) identify the potential control issues/threats/vulnerabilities and (2) recommend applicable preventive, detective, and/or corrective control procedures. Please write your answers in well-developed, complete sentences.

The VP of Sales, Brenda, has sent you an email relating to a recent IT incident and would like your response:

I hate to tell you this, but one of my employees was traveling to meet a customer yesterday and left their computer in the back seat of the rental car. The computer is now missing and I’ve been told there was a lot of sensitive information on the computer that, if in the wrong hands, could be very damaging to us in achieving our sales goals. What do you recommend that we initiate to minimize our exposure the next time this happens?

Answer 1

Potential threats and vulnerabilities are those things which can prove to be disastrous for the company's performance and should be considered in case of decision making within the company.

Possible Threats/Control/Vulnerabilities

The possible threats referred in the above mentioned case is theft of data of the company which will result in financial losses to the company and can make the business of the company reach to a halt, will have an adverse impact on the company in long term.

Customer's faith on employees will get reduced due to such sheer negligence by employees. as it is said that " we produce what the customer demands". .This will have a huge impact on the profits of the company as number of customers will be reduced , thereby impacting sales and profits in the long run.

there are chances of employees using the resources of company relentlessly which will increase the cash flows and Thereby operating income of the company will be affected adversely.

As a result, there should be clear sense of authority and responsibility among the employees.As mentioned in the case, adequate compensation should be charged from the concerned employee to prevent any such further acts. and clear provisions should be made regarding the powers and duties of the employees. Appropriate training and appraisal programs should be recognized for employees.

Control procedures:

1. Adequate appraisal and training costs should be incorporated in the budget.
2. Prevention costs, i.e. the costs incurred to prevent the poor quality of goods and services.These are incurred before actual operation and is concerned with design, implementation and maintenance of quality management system.
3. Proper guidance should be given to employees and work friendly atmosphere is kept.
4. Clear division of authority and responsibility should be made.and proper provision regarding delegation of authority should be incorporated.
5. Adequate penalty should be made in case of non compliance of laws made by the management team although appropriate measures should be made for improving the employee morale so that they work efficiently and effectively for the fulfillment of company's objectives.
6. Adequate management control procedures and cost management techniques should be approved and implemented.
7. Resources of the company should be utilized in the most efficient and effective manner possible. If tyhere is any provision of key labour, it should be prepared according to statement of ranking and p[roduct giving maximum contribution should be utilized.

Conclusion: Exposure of the employees towards company's resources should de effectively controlled.. Proper care cshould be taken regarding this issue.We should contact the renting authorities andd try to recover our data as if it will go into wrong hands, it can prove to be disastrous to the company.