Desklib Logo

Strengthening Revenue Cycle Controls & Ransomware Protection

Verified

Added on  2020/03/23

|6
|1508
|118
AI Summary
This assignment analyzes internal control vulnerabilities within a company's revenue cycle, focusing on areas susceptible to manipulation or fraud. It then develops a comprehensive plan to mitigate these risks, emphasizing the implementation of robust security measures to prevent and respond to potential ransomware attacks. The document includes recommendations for enhancing data backups, implementing firewall protection, and leveraging on-access scanning technologies to safeguard against cyber threats.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
Systems Documentation and Internal Controls

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
Table of Contents
Summarized overview of the Revenue Cycle:.............................................................................................3
Internal control weaknesses.........................................................................................................................3
Impact these weaknesses.............................................................................................................................4
Specific internal controls to be implemented...............................................................................................4
A brief overview of the Ransomware attack:...............................................................................................4
Protect the organization from a potential Ransomware attack.....................................................................5
References...................................................................................................................................................7
Document Page
Motherboards and More Pty Ltd
Summarized overview of the Revenue Cycle:
Motherboards and More Pty Ltd is a medium-sized organization in the industry of manufacturing
computer parts like motherboards, graphics cards, microchips etc. The organization uses an ERP
system to maintain its function for supply, manufacture and receiving data from other
departments located in remote places. The orders of the company placed via email or phone call.
The supply chain and manufacturing of the orders received from customers are picked by
alphabetically and processed via various manufacturing and loading dock in an alphabetic order
by customer name. The invoices will be generated after the shipment of the order so all the sales
order is on credit for this organization. The company in the present case analysis is facing out
certain internal control weaknesses in regards to control and other network related security.
Internal control weaknesses
There is some of the weakness found in the current system in order to the analysis of the
organization revenue cycle.
The invoice generated after the shipment of the order of the customers which affect the
organization revenue because the invoice will be generated only for a number of orders that are
delivered to customers, not the back order (Romney & Steinbart, 2012).
The orders of the customer are received by telephone or email so it is hard to maintain the email
conversation for the specification provided by customers and amount of order given. There is a
chance of errors while getting the details of customer and the order from email and process it for
shipment if the volume of order in increased (Li, et. al., 2012).
If frequent orders from the same customer occurred than it is hard to segregate the orders from
the same customer.
In the case of frequent orders, the shipment of orders given by another customer will get delayed
due to the alphabetic sequence of the customer (Hammersley, et. al., 2008).
Document Page
Impact these weaknesses
Generation of invoice for the shipped order makes all sales on credit which may lead to the
money crises for the organization.
Email conversation for frequent orders may lead to the mismatch of orders and the shipments
because of the chance of errors that may occur while processing the order.
The alphabetic sequence may lead delay of shipment of other customers that have less amount of
order even ready to be shipped.
Not only the operations task of the business is affected but also there is a great hamper on the
reputation part associated with the group (Deumes & Knechel, 2008).
Specific internal controls to be implemented
In order to process the orders effectively and efficiently received by the organization from its
customer, there are some of the controls that may be implemented.
An ODF (Order Description Form) should be created by the organization which includes all the
details given by the customer for the order should be written briefly.
Once the ODF is confirmed a minimum amount of the complete order should be paid by the
customer by providing the customer an invoice of the complete order with an order number.
The ODF should be shared by the customer in order to get the communication clear and effective
so that customer will reconfirm before the order processed.
Once the ODF is confirmed it should be shared with every department of the Motherboards and
More Pty Ltd in order to get the proper direction for manufacturing till shipment. In addition to
this technical security controls physical checks and verification system should be implanted to
check the accuracy of system failure through virus attacks (Doyle, et. al., 2007).
A brief overview of the Ransomware attack:
A ransomware is a piece of code that executes in the older versions of Windows operating
system. The primary task of ransomware is to encrypt the files of the user computer in order to
process the demand of ransom against decrypting the same file without data loss. The ministry
stated on its website that around 1000 computer has been infected by a malware but it has been
localized (Luo & Liao, 2007).

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
The encryption of data into user computer is targeted mostly word files and excel sheets of the
user computer. Ransomware encrypts all type of files into the user computer in which word and
excel files are the most as the important data of the user has been stored in those files.
An encryption key has been used by the installed exe of the ransomware in order to encrypt the
files of the user computer. A researcher at Kaspersky lab explains the minimum demand of $300
after 2 Hours of the installation.
The payment has been processed online which lead to the decryption key. The decryption key
has been provided for the victim PC which results to decryption of files once the ransom has
been paid (Kharraz, et. al., 2015).
Protect the organization from a potential Ransomware attack
In order to provide security from potential ransomware attacks, there are some of the solutions
provided by existing researchers at various labs of antivirus industry.
Enable On-Access Scanning: On-Access scanning is a feature provided by the security domain
organization which leads to scan every file while accessing by the customer. On-Access feature
scan every file for the potential ransomware signature even user is downloading a file from
internet.
Backup of data: The online and offline backup of data is the alternate solution to ransomware.
Now, these days many security domain organizations are providing cloud space for ransomware
protection to user data (Pathak & Nanded, 2016).
Firewall Protection: A firewall protection for the LAN of the organization so that if a PC is under
attack it should not lead to infecting other computers. The firewall should be implemented with
the rules of phishing website protection so that an exe should not even get downloaded into user
PC (Sittig & Singh, 2016).
Document Page
References
Deumes, R., & Knechel, W. R. (2008). Economic incentives for voluntary reporting on internal
risk management and control systems. Auditing: A Journal of Practice & Theory, 27(1),
35-66.
Doyle, J., Ge, W., & McVay, S. (2007). Determinants of weaknesses in internal control over
financial reporting. Journal of accounting and Economics, 44(1), 193-223.
Hammersley, J. S., Myers, L. A., & Shakespeare, C. (2008). Market reactions to the disclosure of
internal control weaknesses and to the characteristics of those weaknesses under Section
302 of the Sarbanes Oxley Act of 2002. Review of Accounting Studies, 13(1), 141-165.
Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., & Kirda, E. (2015, July). Cutting the
gordian knot: A look under the hood of ransomware attacks. In International Conference
on Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 3-24).
Springer, Cham.
Li, C., Peters, G. F., Richardson, V. J., & Watson, M. W. (2012). The consequences of
information technology control weaknesses on management information systems: the
case of Sarbanes–Oxley internal control reports. Management Information Systems
Quarterly, 36(1), 179-203.
Luo, X., & Liao, Q. (2007). Awareness education as the key to ransomware
prevention. Information Systems Security, 16(4), 195-202.
Pathak, D. P., & Nanded, Y. M. (2016). A dangerous trend of cybercrime: ransomware growing
challenge. International Journal of Advanced Research in Computer Engineering &
Technology (IJARCET) Volume, 5.
Romney, M. B., & Steinbart, P. J. (2012). Accounting information systems. Boston: Pearson.
Sittig, D. F., & Singh, H. (2016). A socio-technical approach to preventing, mitigating, and
recovering from ransomware attacks. Applied clinical informatics, 7(2), 624.
1 out of 6
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

  +13062052269
info@desklib.com

Available 24*7 on WhatsApp / Email

[object Object]
Unlock your academic potential

© 2024   |   Zucol Services PVT LTD   |   All rights reserved.