Free Essay on the Implementation of Information Technology Internal Controls

Explain the principal documentation, processes, and records

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Order now

The implementation of information technology internal controls is a very critical component of the process of enhancing a company's general internal controls to the best level. At the KK company, the key to the creation of effective internal controls is having sufficient controls to realistically aid prevention and detection of fraud at the distribution center in Manchester, ensure data integrity, and avert accidental loss whereas not putting an oppressive amount of limitations to the practice functions. Moreover, several practices do not just have the number of workers required to accomplish a complete division of labor. Therefore, the company should establish an appropriate internal control for the purposes of a careful balancing act.

Establishment of access controls is very important; these are the mechanisms together with policies that are integrated into the IT environment of the practice, which manage access to the functions of software and information (Rezaee, 2002). In addition, the management of practice should form theoretical restrictions on systems. These limitations are formed on the basis of the position of employee, and restrict access to the computer, function and application.

The foremost step in the employment of access controls is looking at every duty of a worker and deciding on what they should understand, and what they should do. However, an associate DVM will actually require a different access level to the information system as compared to the receptionist, just as the technician requires reaching different functions of computer and software in comparison to a practice manager (Rezaee, 2002).

After the careful review of the duties of all workers, it is now time to choose how to establish the access controls. The best choice is setting access controls on the basis of every computer. Not all computers will basically have similar software or even degree of network access, and a worker will be restricted to the kind of computer he or she may access. At the front desk, computers will only be fitted with the software needed by the receptionist, and nothing more than that. Some other machines will be fitted with the software that would be frequently utilized by the technicians. The practice manager would use computers, which have all the software programs of the practice and complete access to all the databases and network. Several factors like the layout and size of the practice may make this method too difficult. Another method for accessing controls is the assigning of rights on the basis of function and application. Every worker would be provided with his or her individual username to access, and every username is given particular programs that exist for utilization.

In addition, some applications will need a different login identity, which would restrict the operations a particular user has access or can reach within a program. For instance, for accounting purposes, QuickBooks would enable the user to grant a particular user rights to every username. The bookkeeper of the practice would require access to the QuickBooks in order to perform his or her functions, but his control should be limited. He or she can be denied access to particular reports or prevent them from making some amendments. The objective here is enabling the bookkeeper sufficient access to properly carry out his or her functions in the practice, though limiting his or her ability to both do and conceal fraud. When this is properly done, it would be easy to manage the sales and procurement practices at KK. Documentation procedures normally stipulate that a worker manual should have all required policy and procedure documentation.

The small audits internal control questionnaire

The small audits internal control questionnaire is specifically designed to help the management in the creation of an internal control system as well as to be utilized on small reviews to documentation of internal control as well as assessment of control risk. It also serves as a source of determining drawbacks in the control by auditors and management.

Descriptive charts of accounts and budgeting controls

An all-inclusive chart of accounts is the basis for the process of financial reporting (Proctor, 2011). Made to direct the authorization, categorization, initiation, recording together with summarizing of transactions or operations, it works best when it incorporates descriptions of the process that might be recorded in every account. More so, the chart of accounts mush integrate accounts in all departmental, functional and classifications of job. It also has to be designed in a manner such that is aides the preparation and monitoring o budgets as part of the internal control system of the company.

Code of conduct

The code of conduct should also be integrated into the system, which defines the conduct expectations for the management as well as the other workers. Whereas these codes not directly and completely prevent improper conduct from the employees, they offer them with ethical and legal standards that have great influence on their performance and dedication to the internal control system of the company.

Control Deficiencies Worksheet

A control deficiencies worksheet is important to the companys information system as it helps in the documentation of the examination of available internal controls. Moreover, it can be used in the identification of present limitations and the design of more controls to avert the occurrence of risks and them going without being noticed. A control deficiencies worksheet needs to have the following contents:

Internal control deficiency

Operation and design deficiency, and Offsetting major controls

Part B: The principal risks associated with the new sales and sales returns system, and the features of an effective internal control system to address those risks.

One feature of risk that KK might face is the stability of the environment whereby it operates. The significantly rising power of computers and fast development of the Internet have brought about a very vibrant environment of IT.

This environmental dynamism in the IT environment has significant implications for the internal control environment. Technological developments in computing have brought about novel and significant ways that computer systems aid and implement business operations. Nevertheless, new computer technologies can have unexpected risks related to then, which may affect the integrity or reliability of the new sales and returns system (Proctor, 2011).

A technology development with immense implications for the internal control over the IT systems that are involved in the financial reporting has actually been the steady development from the legacy infrastructure setting to the new distributed client-server network setting that use servers and PCs.

In order to control this, it is important to firmly control and manage access to programs and files. Logs together with audit trails are freely spread all through the operating system. Elaborate programming software makes sure that the execution of programs is done when rightly authorized and in the appropriate pattern, and that the proper input files are applied. Furthermore, change control software safeguards the reliability of the production application libraries by the limitation of adjustments to the production applications to those that have all the needed approvals acquired and testing done. As drawbacks are discovered in the internal control, standard design practices together with programming techniques should be integrated to handle them.

There have not been adequate time for the discovery of control drawbacks in the more recent technologies like the complex, networked databases. It is in fact true that the life cycle of such technologies can take months to determine (Proctor, 2011). The dangers that are linked to the programs made through technologies as such are not as well understood and practices of programming and design have not integrated internal control for long. As a result, at the KK company, it is important that the IT experts understand the possible risks when using the new systems. In the client-server setting rather than easily managed terminals, users have potent PCs that can connect to the Internet, send or receive information, and save or create files. The several computers that are encompassed in the client-server environment are not easy to configure properly and control or manage.

The risk of such new systems are usually not fully comprehended. However, majority of cost-benefit analysis associated with the initiation of new technology does not always take into consideration the control risks. For instance, the Windows operating system utilized together with the Internet accounts for remarkable rise in individual efficiency and productivity. Nonetheless, such developments have a cost of considerable new risks associated with the security and reliability of data.

Everybody knows the constant threats provided by worms, viruses and Trojans. Anybody with a corrupt mind like the large group of staff in the Manchester distribution center, including all the centers managerial staff, who had worked together to defraud the company of large amounts of stock, which they then sold to discount stores, can do anything to conceal their evil. One of the things they can devise is attacking the companys information systems using viruses to damage files. Therefore, disaster recovery planning can be important here as it is a fundamental part of IT internal controls. There are several steps that should be put in place to both avert and recover from possible disasters. Such preventive measures involve making sure that the latest firewall and antivirus is well installed and updated regularly.

Firewall software controls the outgoing and incoming networking connections (Proctor, 2011). Here, the intention is preventing unauthorized users from accessing the system, and preventing possibly dangerous software that is already available in the system from external interactions. The use of antivirus software is also to prevent potentially dangerous programs from operating within the system. It is very essential to ensure that this program is kept up-to-date, since there is usually a constant emergence of new threats that have the capability of exploiting the weaknesses of the current system.

Threats can also be avoided by adding surge protection as well as an uninterrupted power supply. Such surge protections assists in the protection of the system from electrical faults that can harm the sensitive electronics, whereas a UPS will protect the computer system from being shut down in an instant manner when power cuts occur. In other words, the UPS will offer the user adequate time to sort and save files before shutting down the PC properly.

The designing and management of programs that are related to anti-fraud is the duty of the management and can lead to decrease in the chances for workers to commit fraud or scam. Policies of human resource like background checks and credit checks for potential workers assist in eliminating applicants with higher propensity to commit fraud. The key control activities carefully conducted by the managers or any other authorized personnel are also principal ways of averting and decreasing the occurrence of misappropriation of stock.

Part C: The work that KK's external auditors will undertake in respect of:

The internal controls of the new sales system and the new sales returns system

After the new sales system and the new sales returns system is in place, it would be the responsibility of the external auditors to e...