Professional Documents
Culture Documents
Introduction:
Data Flowcharts will help in the understanding of the logical order of tasks,
and which steps might not be completed.
BPD diagrams will ensure that the right employees are doing the right tasks
Document Flowcharts will help the employees to know which documents need
to be available at which step of the processes.
Benefits of Diagrams Continued:
Access controls, and knowledge of what information should and should not be
divulged.
Encryption and access controls prevent every employee for accessing
critically important documents.
Use of Data loss prevention software (DLP): to prevent the leakage of
sensitive information
Use of a spam filter to prevent high-levels of spam, and screening of e-mails
Lack of the use of a digital watermark or IRM software
Shredding of personal documents and minimized physical documents, only use
customer information when necessary.
Lack of an employee to monitor privacy policies.
Processing integrity and availability
controls:
Use of data entry controls like filed check, sign check, limit check, size
check, reasonableness test, and validity test.
Reconciliation of the general ledger against the other account totals like
inventory control account being equal to the sum of the item balances in the
inventory database.
Data users are trained to make sure data is reasonable and complete before
submission.
Use of checksums
Lack of good backup plan, every 2-weeks full backup, incremental backups
daily.
Internal controls Overview/Summary:
IT Employee #2 Handles the firewalls and anti-malware to ensure that attacks are
blocked before they can do too much harm. Also handles the
encryption of data to ensure that potential attackers cannot easily
steal data. Also helps with the input and output controls to make
sure data is complete and reasonable.
IT Employee #3 Handles the corrective controls and application controls as they
deal with the AIS. Ensures that the software that handles errors is
up to date and able to be used by the accounting department as
well as other departments such as the production department. Also
handles the multimodal and multifactor log in to make sure there
are multiple layers to log in attempts.
Could employ the use of an IPS in the future to improve the strength of their
network
Better spam filters to decrease the amount of spam that makes it through
Better segregation as to who does what in the IT department
New and improved process in case of an attack (4-step process mentioned in
text)
More in-depth level of encryption to prevent data theft
Employee In charge of enforcing privacy policies
More frequent full-backups, and a detailed comparison of the different
backup methods.
The
End