Answered step by step
Verified Expert Solution
Question
1 Approved Answer
Hello I need help the attach assignments, Case 13.1(page 411) Research Project: Impact of Information Technology on Expenditure Cycle Activities, Threats, and Controls: In two
Hello I need help the attach assignments, Case 13.1(page 411) Research Project: Impact of Information Technology on Expenditure Cycle Activities, Threats, and Controls: In two to three pages, answer questions a and b at the end of the case.
thanks
CASE 13-1 Research Project: Impact of Information Technology on Expenditure Cycle Activities, Threats, and Controls Search popular business and technology magazines (Business Week, Forbes, Fortune, CIO, etc.) to find an article about an innovative use of IT that can be used to improve one or more activities in the expenditure cycle. Write a report that: a. Explains how IT can be used to change expenditure cycle activities. b. Discusses the control implications. Refer to Table 132, and explain how the new procedure changes the threats and appropriate control procedures for mitigating those threats. Table 13-2 shows that one way (control 1.1) to mitigate the threat of inaccurate or invalid master data is to employ the data processing integrity controls described in Chapter 10. It is also important to restrict access to expenditure cycle master data and configure the system so that only authorized employees can make changes to master data (control 1.2). This requires changing the default configurations of employee roles in ERP systems to appropriately segregate incompatible duties. For example, consider the situation where an accounts payable clerk enters the name of a supplier who is not currently on the list of approved suppliers. The default configuration of many ERP systems would result in a prompt query as to whether the clerk wants to create a new supplier record. This violates proper segregation of duties by permitting the person responsible for recording payments to suppliers to also authorize the creation of new accounts. Similarly, the default configurations of many ERP systems permit accounts payable staff not only to read the prices of various products and the current balances owed to suppliers but also to change the values of those data items. These examples are just some of the many configuration settings that need to be reviewed to ensure proper segregation of duties. However, because such preventive controls can never be 100% effective, Table 13-2 also indicates that an important detective control is to regularly produce a report of all changes to master data and review them to verify that the database remains accurate (control 1.3). A second general threat in the expenditure cycle is unauthorized disclosure of sensitive information, such as banking information about suppliers and special pricing discounts offered by preferred suppliers. Table 13-2 shows that one way to mitigate the risk of this threat is to configure the system to employ strong access controls that limit who can view such information (control 2.1). It is also important to configure the system to limit employees' ability to use the system's built-in query capabilities to specific tables and fields. In addition, sensitive data should be encrypted (control 2.2) in storage to prevent IT employees who do not have access to the ERP system from using operating system utilities to view sensitive information. Information exchanged with suppliers over the Internet should also be encrypted during transmission. As Table 13-2 shows, a third general threat in the expenditure cycle concerns the loss or destruction of master data. The best way to mitigate the risk of this threat is to employ the backup and disaster recovery procedures (control 3.1) that were discussed in Chapter 10. A best practice is to implement the ERP system as three separate instances. One instance, referred to as production, is used to process daily activity. A second is used for testing and development. A third instance should be maintained as an online backup to the production system to provide near real-time recovery. CASE 13-1 Research Project: Impact of Information Technology on Expenditure Cycle Activities, Threats, and Controls Search popular business and technology magazines (Business Week, Forbes, Fortune, CIO, etc.) to find an article about an innovative use of IT that can be used to improve one or more activities in the expenditure cycle. Write a report that: a. Explains how IT can be used to change expenditure cycle activities. b. Discusses the control implications. Refer to Table 132, and explain how the new procedure changes the threats and appropriate control procedures for mitigating those threats. Table 13-2 shows that one way (control 1.1) to mitigate the threat of inaccurate or invalid master data is to employ the data processing integrity controls described in Chapter 10. It is also important to restrict access to expenditure cycle master data and configure the system so that only authorized employees can make changes to master data (control 1.2). This requires changing the default configurations of employee roles in ERP systems to appropriately segregate incompatible duties. For example, consider the situation where an accounts payable clerk enters the name of a supplier who is not currently on the list of approved suppliers. The default configuration of many ERP systems would result in a prompt query as to whether the clerk wants to create a new supplier record. This violates proper segregation of duties by permitting the person responsible for recording payments to suppliers to also authorize the creation of new accounts. Similarly, the default configurations of many ERP systems permit accounts payable staff not only to read the prices of various products and the current balances owed to suppliers but also to change the values of those data items. These examples are just some of the many configuration settings that need to be reviewed to ensure proper segregation of duties. However, because such preventive controls can never be 100% effective, Table 13-2 also indicates that an important detective control is to regularly produce a report of all changes to master data and review them to verify that the database remains accurate (control 1.3). A second general threat in the expenditure cycle is unauthorized disclosure of sensitive information, such as banking information about suppliers and special pricing discounts offered by preferred suppliers. Table 13-2 shows that one way to mitigate the risk of this threat is to configure the system to employ strong access controls that limit who can view such information (control 2.1). It is also important to configure the system to limit employees' ability to use the system's built-in query capabilities to specific tables and fields. In addition, sensitive data should be encrypted (control 2.2) in storage to prevent IT employees who do not have access to the ERP system from using operating system utilities to view sensitive information. Information exchanged with suppliers over the Internet should also be encrypted during transmission. As Table 13-2 shows, a third general threat in the expenditure cycle concerns the loss or destruction of master data. The best way to mitigate the risk of this threat is to employ the backup and disaster recovery procedures (control 3.1) that were discussed in Chapter 10. A best practice is to implement the ERP system as three separate instances. One instance, referred to as production, is used to process daily activity. A second is used for testing and development. A third instance should be maintained as an online backup to the production system to provide near real-time recoveryStep by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started