Reference no: EM133179329

Question - ISC is an international manufacturing company with over 100 subsidiaries worldwide. ISC prepares consolidated monthly financial statement based on data provided by the subsidiaries. Currently the subsidiaries send their monthly reports to the ISC Corporate offices in Phoenix as pdf or spreadsheet attachments to e-mail files. The financial data are then transcribed by data processing clerks and entered into the corporate database from which consolidated statements are prepared. Because the data need to be re-entered manually into the corporate system the process takes three to four days to enter all the data into the database. Also, the process is prone to transcription errors and other forms of clerical errors. After the data are loaded into the system, verification programs check footings, cross-statement consistency, and dollar range limits. Any errors in the data are traced and corrected. The reporting subsidiaries are notified of all errors via e-mail.

The company has decided to upgrade its computer communications network with a new system that will support more timely receipt of data at corporate headquarters. The systems department at corporate headquarters is responsible for the overall design and implementation of the new system. The system will consist of a central server at the corporate offices connected to distributed terminals at each of the subsidiary sites.

The new system will allow clerks at the subsidiary sites to send financial data to the corporate office via the Internet. The system will automatically load the financial data into the corporate database thus eliminating the error-prone data entry operation.

The company's controller is pleased with the prospects of the new system, which should shorten the reporting period by three days. He is, however, concerned about security and data integrity during the transmission. He has scheduled a meeting with key personnel from the systems department to discuss these concerns.

Source: James A. Hall. Information Technology Auditing and Assurance, 4th edition. Hall, J.A., Cincinnati, Ohio: South-Western College Publishing, 2016.

Required -

a. Describe the data security and integrity problems that could occur when transmitting data between the subsidiaries and the corporate office.

b. For each problem identified, describe a control procedure that could be employed to minimize or eliminate the problem.

c. For each control procedure, describe an audit procedure relevant to the control.