Case Study: Internal Controls

Verified

Added on 2019/09/30

AI Summary

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Case #1: Solution
The computer system gets hot when sun shines through the window, therefore doors are kept
open. The tropical depression of 48 inches of rain impacted the whole computer hardware and
the data files stored in it. Air conditioning failed to work properly and even the back files were
destroyed. The reason behind such issue is with the internal control weaknesses related to the
computer security that existed at AAA Inc. prior to the flood occurrence. Mentioned below are
the three weaknesses:
- The system was placed on the ground floor which was not checked against all weather
conditions.
- The management of the files was not proper as there should have been a robust backup
mechanism. The backup mechanism was not in place and was near to the current
computer system that led to the destruction of the both – the original and the backup –
during the natural calamity (flood).
- The backup processes should have been conducted on regular basis which were not done.
No one is aware about what may happen and when, therefore a daily backup process
should be in place.
Mentioned below are the changes that could have been in place in AAA:
- The computer system should have been checked with all weather conditions.
- There should have been no glass ceilings which can protect the system against rain and
people from outside peeping into the secure data base.
- The backup must be on daily basis and the backup storage must be farther from the
original. May be in another city or country. Cloud computing can be utilized.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Case #2: Solution
The issue of fraud in the company took place because the employees got the opportunity to
exploit the free resources. The incident led the company to incur heavy monetary loss – almost
$150,000 – and the whole credit goes to the lack of proper accounting management. Mentioned
below are the steps that should have been taken by the company to prevent this fraudulent
activity from occurring:
- Instead of one, two or three person should have been appointed for the distribution of
compensation. This could have allowed not one person having control over all the action.
- Daily report should have been prepared with a person deputed to inspect the damage prior
to making the reimbursement.
- The expense bills of all the employees should have been assessed after the repair.
- The company could have contracted with any one or two repair agencies for the repair of
all the vehicles.
Mentioned below are the ways accounting system could have prevented the opportunity for
fraud:
- Accounting system allows regular assessment of all the checks and bills which could
have indicated the management of the inflated bills or excess cash outflow
- Accounting system calls for periodic audit which could have detected the fraud earlier

Case #3: Solution
Mentioned below are the recommendations for HHSA regarding internal controls of an online
authorization system:
- The Chief Information Officer should appoint a personnel who will regularly assess the
fraudulent trial of accessing the system
- Only limited number of people should be allowed access to the system
- The availability of the data should be level wise and not everyone should have the access
to all the data. For instance, a personnel concerned with a particular patient should be
allowed access to the information of that patient only and not the entire patient database
- The personnel should be regularly checked on the use of external storage device to
transfer the data
- The mailer of all the staffs should be monitored regularly and any discrepancy in terms of
transfer of large number of bulk data should be caught by the system and will be moved
further only by the approval of the system administrator. The system administrator should
not have any relation or benefits related to the data sets. This will prevent the system
administrator in going against the system.
- The information of the patient should be stored in multiple layers.
- The data can be stored in cloud for the prevention of the theft or authorization issues.