SantasAttic.com SantasAttic.com is an online retailer/manufacturer of childrens toys. Its main competitors are larger electronic commerce toy

Question:

Santa’sAttic.com Santa’sAttic.com is an online retailer/manufacturer of children’s toys. Its main competitors are larger electronic commerce toy companies including Amazon.com; Yahoo Shopping, which includes ToysRUs.com and KBKids

.com; and all of the other retail stores with online shopping. It has a low market share compared to the industry leaders and is possibly a victim of Internet fraud. The CEO of Santa’sAttic.com has noticed that the level of accounts receivable has been quite high in comparison to prior years. He is wondering if this is a sign of weak internal controls. He has also heard through the grapevine that some of his customers were noticing unauthorized charges on their credit cards and is wondering if there may be online security issues to deal with as well. For this reason, you have been contacted to help Santa’sAttic.com restructure its company to prevent possible company failure.

Santa’sAttic.com employs 100 individuals, 75 of whom work directly on the manufacturing line and 25 of whom hold administrative positions. Its customer base consists mainly of individuals, but also smaller toy stores, day care centers, and schools. Santa’sAttic.com works on a cash basis with its customers and accepts all major credit cards. It has running credit balances with all of its suppliers. Its credit terms are 2/10, n30.

Being the technical genius that he is, the vice president of marketing took it upon himself to design the company website. The website has pages where customers can view all of the products and prices. There is a virtual shopping cart available for each customer once he or she has set up a demographical information account. If the customer chooses to make a purchase, he or she simply clicks on the direct link to the shopping cart from the product that he or she wishes to purchase and proceeds to the checkout. Here the customer is prompted to choose a payment method and enter the shipping address. Once this information has been entered, the customer chooses a shipping method. All shipping is done through U.S. Mail, UPS, Federal Express, Airborne Express, or certified mail. The customer is then informed of the total price and the date to expect shipment.

Within the purchasing system, Santa’sAttic.com purchases raw materials for production, such as plastics, wood, metal, and certain fabrics. There is no formal purchasing department at Santa’sAttic.com. Judy, the inventory clerk in the warehouse department, is responsible for all purchasing activity.

Santa’sAttic.com currently has only one warehouse, which is located in Cooperstown, New York. Within the warehouse department, Judy has access to the inventory records and knows when certain materials have to be repurchased. If materials are needed, she prepares a single purchase requisition and also five copies of the purchase order form. Judy includes all of the necessary information on all copies of the form, including the material to be purchased, the price of the material, the quantity needed, and the requested delivery date. Once completed, two copies of the form are sent to the vendor along with the order.

One is placed in the open purchase order file in the warehouse, and one is used to update the inventory records that are also kept within the warehouse department. The final copy is forwarded to the receiving department.

Harry, the receiving clerk, receives the materials and creates four copies of a receiving report based on the packing slip and purchase order information. Two of these receiving reports are forwarded to the warehouse, where one is used to update inventory records and the other is filed. One copy of the receiving report is also maintained within the receiving department and is filed along with the packing slip and the purchase order. The final copy is sent to the accounts payable department, where it is reconciled with the vendor invoice.

Once the receiving report and the vendor invoice are reconciled in the accounts payable department, the liability is posted to the purchases journal and the total amount due is paid to the vendor. Finally, both the receiving report and the invoice are filed within the accounts payable department and Joanna, the accounts payable clerk, posts the liability to the general ledger.

Santa’sAttic.com’s production workers each have timecards that they punch at a punch-in station when they arrive and when they leave. The punch-in station is located at the entrance to the plant and is not monitored.

At the end of the week, the supervisor reviews, authorizes, and signs the timecards. He then sends the timecards to cash disbursements.

Supervisors do not keep their own attendance records. Rose, in cash disbursements, receives the timecards and reconciles them with personnel records on the company database to verify the timecards for accuracy.

All personnel records are maintained in a database. Access to the database is restricted.

Personnel can update the records only once a year. Rose’s only view displays employee demographic information and does not allow access to salary information. Rose prepares the paychecks and signs them. She then prepares the payroll register using only information gained from the timecards.

Sally in accounts payable receives a copy of the payroll register and uses it to update the general ledger. Accounts payable receives no information besides the payroll register.

Rose, in cash disbursements, hands the prepared paychecks to the supervisors of each department for distribution. All checks are written directly from the company’s only cash account. Supervisors distribute the checks directly to the employees and themselves.

Engaging in electronic commerce has exposed Santa’sAttic.com to a whole new nature of risks within its real-time revenue cycle. A customer has the option of paying with a credit card or personal check.

Upon entering the credit card information, it becomes attached to the customer’s e-mail file.

This information includes the type of card, the customer’s name as it appears on the card, the credit card number, and the expiration date. Once an order is placed, an employee reviews the order in question, verifies credit, and enters the transaction into Santa’sAttic

.com’s main database.

The main problem with this system is that orders have been placed with the company where the customer in question honestly denies ever submitting orders. It turns out that their children have placed many of these orders without the customer’s knowledge.

The children were able to gain access to their parent’s account after the system recognized cookies in the hard drive. When the children went to the website, the page recognized them as the users of the account and gave them authorized access to make purchases.

Another problem with the information in the revenue cycle has been that hackers have been able to enter the database and obtain information concerning customers. This unauthorized access has sent top management into a frenzy knowing that their customer information is insecure.

Required:

a. Discuss the control and security weaknesses in this system.

b. Make specific recommendations for improving controls.

Fantastic news! We've Found the answer you've been seeking!

Step by Step Answer:

Related Book For  book-img-for-question
Question Posted: