Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

Hello I need help the attach assignments, Case 13.1(page 411) Research Project: Impact of Information Technology on Expenditure Cycle Activities, Threats, and Controls: In two

Hello I need help the attach assignments, Case 13.1(page 411) Research Project: Impact of Information Technology on Expenditure Cycle Activities, Threats, and Controls: In two to three pages, answer questions a and b at the end of the case.

thanks

image text in transcribed CASE 13-1 Research Project: Impact of Information Technology on Expenditure Cycle Activities, Threats, and Controls Search popular business and technology magazines (Business Week, Forbes, Fortune, CIO, etc.) to find an article about an innovative use of IT that can be used to improve one or more activities in the expenditure cycle. Write a report that: a. Explains how IT can be used to change expenditure cycle activities. b. Discusses the control implications. Refer to Table 132, and explain how the new procedure changes the threats and appropriate control procedures for mitigating those threats. Table 13-2 shows that one way (control 1.1) to mitigate the threat of inaccurate or invalid master data is to employ the data processing integrity controls described in Chapter 10. It is also important to restrict access to expenditure cycle master data and configure the system so that only authorized employees can make changes to master data (control 1.2). This requires changing the default configurations of employee roles in ERP systems to appropriately segregate incompatible duties. For example, consider the situation where an accounts payable clerk enters the name of a supplier who is not currently on the list of approved suppliers. The default configuration of many ERP systems would result in a prompt query as to whether the clerk wants to create a new supplier record. This violates proper segregation of duties by permitting the person responsible for recording payments to suppliers to also authorize the creation of new accounts. Similarly, the default configurations of many ERP systems permit accounts payable staff not only to read the prices of various products and the current balances owed to suppliers but also to change the values of those data items. These examples are just some of the many configuration settings that need to be reviewed to ensure proper segregation of duties. However, because such preventive controls can never be 100% effective, Table 13-2 also indicates that an important detective control is to regularly produce a report of all changes to master data and review them to verify that the database remains accurate (control 1.3). A second general threat in the expenditure cycle is unauthorized disclosure of sensitive information, such as banking information about suppliers and special pricing discounts offered by preferred suppliers. Table 13-2 shows that one way to mitigate the risk of this threat is to configure the system to employ strong access controls that limit who can view such information (control 2.1). It is also important to configure the system to limit employees' ability to use the system's built-in query capabilities to specific tables and fields. In addition, sensitive data should be encrypted (control 2.2) in storage to prevent IT employees who do not have access to the ERP system from using operating system utilities to view sensitive information. Information exchanged with suppliers over the Internet should also be encrypted during transmission. As Table 13-2 shows, a third general threat in the expenditure cycle concerns the loss or destruction of master data. The best way to mitigate the risk of this threat is to employ the backup and disaster recovery procedures (control 3.1) that were discussed in Chapter 10. A best practice is to implement the ERP system as three separate instances. One instance, referred to as production, is used to process daily activity. A second is used for testing and development. A third instance should be maintained as an online backup to the production system to provide near real-time recovery. CASE 13-1 Research Project: Impact of Information Technology on Expenditure Cycle Activities, Threats, and Controls Search popular business and technology magazines (Business Week, Forbes, Fortune, CIO, etc.) to find an article about an innovative use of IT that can be used to improve one or more activities in the expenditure cycle. Write a report that: a. Explains how IT can be used to change expenditure cycle activities. b. Discusses the control implications. Refer to Table 132, and explain how the new procedure changes the threats and appropriate control procedures for mitigating those threats. Table 13-2 shows that one way (control 1.1) to mitigate the threat of inaccurate or invalid master data is to employ the data processing integrity controls described in Chapter 10. It is also important to restrict access to expenditure cycle master data and configure the system so that only authorized employees can make changes to master data (control 1.2). This requires changing the default configurations of employee roles in ERP systems to appropriately segregate incompatible duties. For example, consider the situation where an accounts payable clerk enters the name of a supplier who is not currently on the list of approved suppliers. The default configuration of many ERP systems would result in a prompt query as to whether the clerk wants to create a new supplier record. This violates proper segregation of duties by permitting the person responsible for recording payments to suppliers to also authorize the creation of new accounts. Similarly, the default configurations of many ERP systems permit accounts payable staff not only to read the prices of various products and the current balances owed to suppliers but also to change the values of those data items. These examples are just some of the many configuration settings that need to be reviewed to ensure proper segregation of duties. However, because such preventive controls can never be 100% effective, Table 13-2 also indicates that an important detective control is to regularly produce a report of all changes to master data and review them to verify that the database remains accurate (control 1.3). A second general threat in the expenditure cycle is unauthorized disclosure of sensitive information, such as banking information about suppliers and special pricing discounts offered by preferred suppliers. Table 13-2 shows that one way to mitigate the risk of this threat is to configure the system to employ strong access controls that limit who can view such information (control 2.1). It is also important to configure the system to limit employees' ability to use the system's built-in query capabilities to specific tables and fields. In addition, sensitive data should be encrypted (control 2.2) in storage to prevent IT employees who do not have access to the ERP system from using operating system utilities to view sensitive information. Information exchanged with suppliers over the Internet should also be encrypted during transmission. As Table 13-2 shows, a third general threat in the expenditure cycle concerns the loss or destruction of master data. The best way to mitigate the risk of this threat is to employ the backup and disaster recovery procedures (control 3.1) that were discussed in Chapter 10. A best practice is to implement the ERP system as three separate instances. One instance, referred to as production, is used to process daily activity. A second is used for testing and development. A third instance should be maintained as an online backup to the production system to provide near real-time recovery

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image

Step: 3

blur-text-image

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

Financial Accounting

Authors: Jan Williams, Susan Haka, Mark S Bettner, Joseph V Carcello

16th edition

1259692396, 77862384, 978-0077862381

More Books

Students also viewed these Accounting questions

Question

Discuss brief psychodynamic psychotherapy approaches.

Answered: 1 week ago

Question

The background knowledge of the interpreter

Answered: 1 week ago