accounting report
DESCRIPTION
- Related to CokeTRANSCRIPT
Part (1) Case Study Questions
Case 1: Encosta Memories
1. (a) De Lago’s statement ‘Once the system is acquired then the business can get back to
normal and do what it does best – take photos – without having to spend money on IT’ is not
correct.
(b) A number of issues need to be resolved before Encosta Memories can continue their daily
operations. They might need to spend money on IT, such as in the training and/or
employment of staff in using the system and making sure they understand how it operates as
they might not be familiar with the new technology. They might even need to conduct
maintenance and monitor the system as a security check to prevent any problems and/or
errors in its operation.
2. It may not be necessary for Encosta Memories to employ a programmer to design a new
system if the company decides to use pre-developed programs or systems that can be applied
to the business easily. These are usually ready to be used and implemented in the business
which also waives the cost of programming and development since the program exists.
3. Encosta Memories should consider using the Application Service Provider (ASP) over SDLC
and Outsourcing. Under ASP, Encosta Memories would be able to lease up-to-date software
applications and remain competitive. The cost of maintaining the system would also be
reduced since many organisations and users can also use the same software, meaning the cost
can be shared amongst others. This would be cheaper than developing the system. The ASP
has the ability to update and fix bugs therefore reducing the cost of maintenance. This does
not mean maintenance does not occur. Encosta Memories still needs to have protections in
place to make the system and company more secure. It would also be quicker to put the ASP
system in place, giving Encosta Memories more time to focus on its core areas and manage
its daily operations in an effective and efficient way. Although customisation and quality
plays a major role in the business with a reputation for having high-quality photos and long
period arrangements with their customers, which may be a holdback, most tasks can be
performed by the ASP.
Encosta Memories should not use outsourcing since their business is of a relative small size,
meaning it should be able to handle its data and manage technology. Whilst the SDLC
method covers the quality aspect of the business, it would also be unsuitable for Encosta
Memories as it is a time-consuming process. The SDLC approach needs a lot of people to
manage the system and is also costly in terms of maintenance and implementing the system.
Thus, Encosta Memories should be encouraged to use the ASP method as it minimises cost of
maintenance due to its inbuilt function of updating and automatic fixing up of some and/or
most faults.
4. Five typical problems of systems development Encosta Memories may face when developing
the new system include conflict, escalation of commitment, project goal issues, technical
skills and interpersonal skills.
When there is no common ground or no clear agreement between the employees of the
business, management, the designers and the users, conflict can arise. This can result from
poor communication, leading to results different from what Encosta Memories actually
wanted.
There can also be an escalation of commitment where progress on a project is not going to
plan and should therefore be modified or discarded. Encosta Memories needs to make sure
they choose a project that can be delivered in a reasonable timeframe and follow procedures
without incurring extra costs and time.
Furthermore, Encosta Memories may also have project goal issues. It is important that the
business’ adopted project has clear goals and objectives at all stages of the development
process and also understand the significance of what the system would bring to the
organisation.
Encosta Memories need to make sure they have staff are knowledgeable and are skilled when
developing the system and making sure all tasks are accomplished on time. This can also be
linked to process and people skills relating to communication and solving conflicts and the
business’ operation in development of the system. Encosta Memories should identify any
errors regarding skills early in order to avoid future problems.
Finally, Encosta Memories should look at enhancing interpersonal skills. This can be linked
to communication, where the designers’ idea of what the solution should be may be different
to what the organisation wants. Therefore, working together as a team and understanding all
viewpoints before coming to a proposed solution is very important and would lead to
satisfaction among users.
5. Encosta Memories would buy the new system as it takes a long time to develop a process and
needs a lot of people and expertise to come up with a system that suits the business. Although
a customised system is favourable, this takes a lot of time to develop, so by the time the
system is tested and ready to be used, it may be out-dated again. This is because the system
may need to be modified or changed in the future due to the changing environment such as
technology and also users’ needs. There are a lot of technology and systems that are readily
available. This would reduce time and cost in the business to discuss, program and develop a
new system. Training employees to use the new system may be a cost and user acceptance
may take some time, but weighed against the other benefits, buying the new system instead of
making the system would be a better option.
6. Encosta Memories could select a vendor based on the request for proposal (RFP) approach.
They should give someone the responsibility of looking after the selection process and
prepare an RFP from. This is a form that is sent to potential vendors which contain valuable
information about the company’s current system, problems associated with systems
development, the company’s aims and future expectations. The chosen vendors should be
asked to come and give a brief demonstration about their product and how it would meet the
needs of Encosta Memories. They could even check customer satisfaction of the vendors’
previous clients before negotiating and selecting a vendor for the new system.
7. Encosta Memories should not rely on one vendor. If their single vendor fails to perform or
complete the tasks as scheduled or misses out important details, this would halt the whole
design system process and the operations of the business. For example, if there is an error
with the photo machine or photo camera, this would lead to the loss of customers and the
business can therefore not operate due to the systems and technology failure, which is the
main part of the business. Everything would be in chaos and contracts with the school about
photo dates would have to be delayed. This could even bring down the company’s reputation,
and all of Encosta’s hard work to get its image into the market would have been wasted.
Another point could be bargaining power. Since Encosta Memories is a small company, it
should have more than one vendor available. Having only one vendor for the system would
give them the opportunity to charge higher rates, as it knows the company does not have any
others and is therefore heavily reliant on that one vendor. This is not cost effective or logical.
Furthermore, having one vendor would lead to less suggestions and perspectives as the
business would only take into the account the expertise of one vendor for the system. Having
more than one could lead to having a more efficient and accurate system as the management
could negotiate with the vendor about other options and/or ways to make the system better,
be up-to-date technology and last in the long-run. Thus, it is not recommended for Encosta
Memories to rely only one vendor due to the wide-ranging consequences and its effects in the
long term.
Case 2: Dealing with Computer Systems
Risk Control Present Gen/App
Confidentiality of results and details
of customers regarding their address,
Could be prevented through
segregation of duties and
Control is indirectly hinted
where only John, one of the
General
contact number and order details responsibilities as well as having
security measures in place. This is
where only some employees have
the authority to access certain
sections. Also need to make sure
only that selected people such as
John can log onto the computer
with customer details and orders.
This can eliminate fraud.
staff members is allowed to
perform data entries. There
could also be extra
precautions such as having
separate computers or
passwords in place, so that
general users have limited
access to important files and
other programs such as data
entry details.
Control
User access regarding secure
passwords. Passwords that are fixed
and generated for each employee and
user may cause them to write it
down. This can cause security issues,
especially when another employee or
any user comes across the written
password. This problem is amplified
when the usernames are very simple,
using the letters of their names. This
makes it easier for someone to know
the password and username. The
passwords can also not be changed,
meaning the employee may not know
if someone has logged on the
computer system using their details.
Could have stronger password
settings and more unique
usernames and ID. Instead of
having a fixed password for each
user, the option of changing
passwords on a periodic basis
should be made available. This
would address the security issue
of confidential passwords made
public. User names should also be
made more complex, so it would
be harder for someone to guess.
This control is currently not
available in the organisation
and should be applied.
General
Control
Since there is only one staff member,
John, in charge of data entry, there is
a risk of manipulation of results. He
may have omitted some transactions
whilst performing this key task and
may not be honest with the results.
Having an independent review of
the orders and balances before
submitting the orders to suppliers
or other parts of the organisation.
The organisation could also run a
reconciliation check to make sure
there are no errors in the system
regarding the number of orders.
The computer automatically
checks for errors in the
business and indicates the
number of orders, but it will
not pick up any missed
information in quantity and
amounts not typed and/or
transferred correctly. John
Application
Control
should also not ignore the
results generated by the
system and check through
the orders.
Data entry routines focusing on the
manual entering of customer orders
and details into the system. John, in
charge of data entry may accidently
record something wrong in the
system, such as the number and types
of orders.
John could use run-to-run totals
and batch totals as a control
measure to make sure he hasn’t
missed any vital records and that
price figures entered match up to
the orders. Could also have a log
analysis and review the stores past
events and past data so it is
possible to trace back and fix the
mistake if an error has been
detected.
This control is missing, but
they do have a computer
system that gives a signal
and have error messages
when not all details are
filled in. However, this does
not cover the accuracy of
the results and figures being
entered.
Application
Control
Risk of the data entering system in
breaking down from threats such as
viruses or natural disasters such as a
fire, which may lead to loss of
information/data of the orders and
the system itself.
There should be a back-up system
in place, stored in another
location. The back-up procedure
could be conducted on a regular
basis to achieve current accurate
results if there is system failure.
The idea of having a
recovery plan is absent from
the case.
General
Control
Part (2) Short answer questions
1. (a) Corporate Governance has several departments, where IT Governance falls into one of its
categories. IT Governance deals with the control and management of IT systems in an
organisation. This forms a clear structure and determines the goals and visions of the
organisation and how they can be accomplished. IT governance also links IT processes and
its resources to achieve its short and long-term objectives and be successful in the future.
Some objectives of IT governance is making sure those strategies adds value and are aligned
with to the goals of the organisation – those objectives also have to be achievable. It is also
important that the strategies, goals and IT being implemented would aid in the business’
operation lead to opportunities in the future. The organisation should also have the correct
measures and techniques in place to manage risks in case there is an IT problem and have a
back-up plan in place. Furthermore, it is essential that efficient and accurate information and
data are provided from IT and its resources and that those resources are responsibly used in
an ethically and morally manner.
(b) The COSO models have five components, two of which are risk assessment and control
activities. Risk assessment is basically the organisation in knowing possible risks that can
affect and/or delay the achievement of their objectives. This has a relationship between
control activities where a response is devised to prevent the risk from occurring from in the
first place. The control activities act as a barrier to prevent errors that may occur in the
organisation and reduce the risks. An example could be introducing systems or processes to
check for missing transactions or data which would prevent the risk of having incomplete
transactions and therefore incorrect reports which management use to make decisions.
2.
Positions/Duties Recording, or authorisation, or custody
Cashier Custody
Payroll Processor Recording
Credit Clerk Authorisation
Mailroom Clerk Custody
Data Entry Clerk Recording
Deliver Paychecks Custody
Deliver the Bank Deposit Authorisation
Prepare the Bank Reconciliation Recording
Check Signer Authorisation
Inventory Warehouse Supervisor Recording
3. Not all of the information systems development methodologies are mutually exclusive. For
example, a large company may be able to have more than one going on at the same time, such
as prototyping and the systems development life cycle if they have can afford for the lost time
and cost because they are concerned about issues such as quality and customisation, where
the benefits outweigh the negatives.
Prototyping, a scale down model, is an alternate methodology from the commonly used
Systems Development Life Cycle (SDLC). Prototyping speeds the development process and
can improve products or add features much quicker than the SDLC method. There is also
more customisation as an agreement is made together with the users who provide feedback
and changes are made to correspond to their needs. Using the SDLC approach is not only
more time consuming but also more costly. By the time the SDLC method has come to a
conclusion there may be other issues that have arisen in the organisations’ environment. This
means they have to go back and do more research before beginning and adapting its system
again. Prototyping is a more efficient methodology looked from those two perspectives -
development process and customisation occurs much quicker and is also less costly.