In: Accounting
For each scenario described, (1) identify the potential control issues/threats/vulnerabilities and (2) recommend applicable preventive, detective, and/or corrective control procedures. Please write your answers in well-developed, complete sentences.
The VP of Sales, Brenda, has sent you an email relating to a recent IT incident and would like your response:
I hate to tell you this, but one of my employees was traveling to meet a customer yesterday and left their computer in the back seat of the rental car. The computer is now missing and I’ve been told there was a lot of sensitive information on the computer that, if in the wrong hands, could be very damaging to us in achieving our sales goals. What do you recommend that we initiate to minimize our exposure the next time this happens?
Potential threats and vulnerabilities are those things which can prove to be disastrous for the company's performance and should be considered in case of decision making within the company.
Possible Threats/Control/Vulnerabilities
The possible threats referred in the above mentioned case is theft of data of the company which will result in financial losses to the company and can make the business of the company reach to a halt, will have an adverse impact on the company in long term.
Customer's faith on employees will get reduced due to such sheer negligence by employees. as it is said that " we produce what the customer demands". .This will have a huge impact on the profits of the company as number of customers will be reduced , thereby impacting sales and profits in the long run.
there are chances of employees using the resources of company relentlessly which will increase the cash flows and Thereby operating income of the company will be affected adversely.
As a result, there should be clear sense of authority and responsibility among the employees.As mentioned in the case, adequate compensation should be charged from the concerned employee to prevent any such further acts. and clear provisions should be made regarding the powers and duties of the employees. Appropriate training and appraisal programs should be recognized for employees.
Control procedures:
Conclusion: Exposure of the employees towards company's resources should de effectively controlled.. Proper care cshould be taken regarding this issue.We should contact the renting authorities andd try to recover our data as if it will go into wrong hands, it can prove to be disastrous to the company.