Business Information System: Control Environment and Risks

Verified

Added on 2020/05/16

AI Summary

This Business Information System assignment explores the relationship between the control environment, organizational objectives, and internal control systems. The solution defines internal control and its components, highlighting how they achieve organizational goals. It distinguishes between general and application controls, providing examples like password protection and input validation. The assignment analyzes different scenarios, classifying them as either application or general controls. Furthermore, it identifies potential risks related to authentication, password management, and data input, suggesting corresponding controls. The solution includes references to academic research supporting the concepts discussed.

Running head: BUSINESS INFORMATION SYSTEM
Business Information System
Name of the Student
Name of the University
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1BUSINESS INFORMATION SYSTEM
Question No. 1:
What is the relationship between the control environment, organisational objectives and the
internal control system?
Internal control is a practice of business, procedure or a policy of a particular
organization is established to increase value or minimize the risk (Hanim Fadzil et al., 2015).
There are several key components of an internal control that are activities control, assessment of
risk, monitoring, information and communication and environment control. Mainly the internal
control is used to achieve the goal of the organization. Different organization has different
organisational objectives and to achieve the objectives different divisions of the organisations are
working(Du 2013). For accomplishing the business goals the business division is working.
Control environment is a way by which a system of the effective internal control is built. The
objectives are; achieving the strategic objectives, to provide the reliable financing reporting to
the internal and the external stake holders, effectively and efficiently operate its business.
General controls are the normal control that is applied to the information technology systems like
applications, operating systems, and supporting the infrastructure of the information technology.
General controls are those which can be applied to the all system components, processes. The
most common information technology general controls are logical control of access over the
data, application and the application (Sha et al., 2014). An application control is a practice of
security that prevents the applications that are unauthorized from executing in a ways that it can
put it at a risk (Groomer and Murthy 2018). This control consists of security checks, validity
checks, completeness, authorization, authentication, input control. The application control
provides the confidentiality, availability and the integrity associated with the data. Risks and the
treats can be reduced because by the application controls proper use. Application control

2BUSINESS INFORMATION SYSTEM
improves the overall network stability. It reduces the cost that is associated with the malware. It
can protect the machine against the exploits of un patched operating system and from the third
party applications vulnerabilities. It reduces the information technology complexity and the risk
of the application by eliminating unknown and unwanted application from the network. The
application control identifies and controls that which application suits the environment of the
information technology.

3BUSINESS INFORMATION SYSTEM
Question 2:
Option Classification Explanation
(a) Application The companies set certain passwords to protect their system to
protect their confidential data (Das and Bruhadeshwar 2013). Not
everyone can access the system without having the proper
authorization. The system gets more secure by this. Few
employees who really need system access were given the
passwords so that they can easily gain access to the system. This is
a application classification because application control includes
authorization for the data security.
(b) Application Sales are entered into the system and the system retrieves the
details of the customer by entering their mobile number. This is an
application because by applying the customer number the whole
details is retrieving. This follows the process and has to be applies
so we can say that this classification is an application. Because
input control is a part of application control.
(c) Application Before accounted the all cheques are undergoes from a check. It is
necessary to check all the cheque before accounted because if any
error is there in the cheque like signature error, typing mistake, and
wrong credentials then the cheque can bounce. So the
classification is termed as application as it is a normal procedure to
check all the cheque before accounting it is a part of input control

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4BUSINESS INFORMATION SYSTEM
method so that call as application control.
(d) General The CIO needs to sign of the system development before it can
take place. This classification is general classification. Because
general controls says proper development of the project. For the
proper development of the project CIO needs to see the project
then can signoff the project before the development can take place
(e) Application The definition of viruses updated daily and it is necessary to be
updated to secure the system. It is must for a system to update the
virus definition as daily new viruses are coming. To protect the
machine from any kind of unknown virus it is necessary to virus
update daily. This process is a part of maintenance where a product
is completed and corrected over a time. So the classification is
application.

5BUSINESS INFORMATION SYSTEM
Question 3:
Risk 1. Authentication can be a problem in user ID the used need to put initial that is
okay but not every user has surname with 6 or more alphabet so they cannot
enter id (Boyd and Mathuria 2013).
Control It can be controlled if the total length of the ID is 7 then the total alphabet can
divide like first 4 letters of name and last 3 letter of the surname so everyone can
put their ID.
Present No the control is not present in the case.
Gen/App The control can be classified as the application control. Because entering the ID
is an input control and the input control is under application control.
Man/Comp The control is computerised as the user needs to create the ID by entering the
credentials.
Risk 2. The password is assigned to the user and it is unchangeable. As the password
is unchangeable if the user forget the password then he cannot log in to the
computer system.
Control The only control is, in the system they must add the option of changing the
password if someone forget his password then he/ she can change his
password by putting required information.
Present No the control is not presented in the case study.
Gen/App The control is application control as the control deals with the authentication
without the password the user cannot log in to their ID.
Man/Comp The control is classified as computerised if the system provide the option of

6BUSINESS INFORMATION SYSTEM
changing the password then only the user can change the password.
Risk 3. A customer name is must for the other details and the total order details to be
entered.
Control The control for this is john needs to put first the customer name and then the
address and contact number. If the customer name box is empty the computer
will prompt to fill the box and then only he can proceed to the next page.
Present Yes the control is presented on the case study.
Gen/App This can be classified as application control as it control the data input. If the
data inputted correctly then only the system will work properly.
Man/Comp This is a manual classification as john needs no enter the data manually to the
system to input the order details.
Risk 4. Ignoring the order details can lead to further risk if john by mistake put any
wrong info then the order can get affected.
Control John must wait to see if the details are entered is valid or not if not then he
can take action immediately.
Present No the control is not presented in the case study.
Gen/App It is an application classification as because it requires authentication and
authentication is a part of application control.
Man/Comp The control is total manual as john just need to wait to see the order details is
correct or not if not then take action accordingly.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7BUSINESS INFORMATION SYSTEM
References:
Boyd, C. and Mathuria, A., 2013. Protocols for authentication and key establishment. Springer
Science & Business Media.
Das, A.K. and Bruhadeshwar, B., 2013. An improved and effective secure password-based
authentication and key agreement scheme using smart cards for the telecare medicine
information system. Journal of medical systems, 37(5), p.9969.
De Haes, S., Van Grembergen, W. and Debreceny, R.S., 2013. COBIT 5 and enterprise
governance of information technology: Building blocks and research opportunities. Journal of
Information Systems, 27(1), pp.307-324.
Groomer, S.M. and Murthy, U.S., 2018. Continuous auditing of database applications: An
embedded audit module approach. In Continuous Auditing: Theory and Application (pp. 105-
124). Emerald Publishing Limited.
Hanim Fadzil, F., Haron, H. and Jantan, M., 2015. Internal auditing practices and internal control
system. Managerial Auditing Journal, 20(8), pp.844-866.
Sha, D., Guo, Z., Luo, T. and Liao, X., 2014. A general control strategy for input-series–output-
series modular dc–dc converters. IEEE Transactions on Power Electronics, 29(7), pp.3766-3775.