Question 3. Body Physics internal controls on computerised systems (4%) Body Physics Limited is an ASX-listed Company that manufactures gym equipment under various well-known brand names. Over the years, as the company has grown, Body Physics has implemented different IT applications to cater to the demands of its business processes but with little involvement from the company's IT Division. As a result, there is no direct interface between any of the IT applications implemented. Instead, a range of manual processes transfers information between them, and another IT application, called LinkGL, enables users to see and use all of the information from the various applications. Where the information to be transferred from an application to LinkGL is significant (for example the inventory application), the information is downloaded from the source application by a business owner in the form of a text file that is stored in a specified location on the central file server. The file is then uploaded to LinkGL every morning with the IT Divison initiating the upload process. Any failures encountered during the upload of information are communicated to the respective business owner, who takes corrective action after investigating the cause of the error with the IT Division. For business processes where the information transfer is not voluminous, the information is manually transferred from the source system to LinkGL. For example, the payroll expenses from the human resources and the payroll system are recorded as one consolidated journal entry within LinkGL at the end of the month. The IT Division has implemented IT general control procedures (including user administration, application change management, and IT operations) for all the IT systems and infrastructure managed by them. However, some of the applications supporting the business processes such as inventory, payroll, and purchasing are administered by business users who may not adhere to the IT general control procedures outlined by the IT Division. The IT Division is also entrusted with the task of making the daily back-ups for all the business applications and associated infrastructure, and assisting with the recovery of lost or deleted files and information when needed. There is no formal process for periodically testing the backup process to assess how effectively information could be recovered.

Required

With reference to the information above:

Identify three potential IT control weaknesses.

Outline the reason(s) for undertaking a controls risk assessment on each of the potential weaknesses identified in 1.

Discuss the business risk(s) to Body Physics if the potential weaknesses identified in 1 are found to be weak.

Detail three IT general controls that you would expect to be in place in the Body Physics IT environment, including an outline of how each control should function.

Answer parts 1-3 of this question using the following headings: 1. Weakness 2. Justification 3. Business risk