Segregation of duties in the personal computing environment

Assignment Help HR Management
Reference no: EM131895

Problem 1

Segregation of duties in the personal computing environment:

What role should the HR organization play in this space? Also, what about the culture of the organization and its role in ensuring compliance?

Problem 2

Provide examples (include citations) of how control activities (access control, segregation of duties, transaction authority, supervision, accounting records, for example) have been implemented along with how they have helped or failed to mitigate risks within an organization.

Problem 3

Look at the specifics in the changes made between SAS 70 and SSAE 16. Select a specific change and share your thoughts on whether the change makes an improvement or not. Support your assertion.

Problem 4

Reply to the reading below:

• What is the purpose behind segregation of duties in the personal computing environment?

Special considerations should be taken when auditing the personal computer environment. The challenge arises from the mobility or fluidity attributed to personal computing and the lack of internal control features usually found in larger, enterprise-wide systems. In this context, the general purpose behind segregation of duties (SoD) is to prevent unauthorized access or modification to the operating system(s), applications, or data found in a multi-user computer system by a single individual or party. For example, management can employ different techniques to prevent unauthorized access to a specific resource including the use of hidden files or secret file names, and employing passwords and cryptography (Gupta, 2005). In particular, these controls can be specifically divided into preventive, detective, and corrective. As aforementioned, preventive controls include aspects such as usernames (IDs) and passwords used by all modern operating systems prior to granting access to a particular user. Additional preventive controls may inhibit the same individual from being in charge of developing, maintaining, and running a specific financial software. Detective controls can be achieved by restricting access via physical security measures as well as logical approaches such as detecting inaccurate data being uploaded to a financial application. Corrective controls can be achieved via audit trails and exception reports. If any control weaknesses are found in the SoD process, direct supervision and work reviews should be enforced to counteract the deficiencies.

• Why is inadequate segregation of duties a problem in the personal computing environment?

Without proper SoD, unauthorized access to data and applications can occur in a variety of ways. For example, there is an inherent risk in having a single individual in charge of data processing also possess the ability to change program files. This increases the chances of errors going undetected or, in the worst cases, the potential for concealment and fraud. An employee may also have access to multiple applications that process incompatible transactions. For example, a single individual may be responsible for entering all transaction data, including sales orders, cash receipts, invoices, and disbursements. This degree of authority would be similar, in a manual system, to assigning accounts receivable, accounts payable, cash receipts, cash disbursement, and general ledger responsibility to the same person (Hall, 2011).

Problems 5

Reply to the reading below:

What is the purpose behind segregation of duties in the personal computing environment?

The personal computer (PC) is intended to be used by a single user. The user has individual applications, files, and access to the computer. However, a company could have general PCs available to all employees with applications that store and manipulate customer data, keep inventory, handle accounting functions, access on-line applications, and surf the internet. Separation of duties is a key internal control concept. (Hall, 2011) The purpose of segregation of duties is to minimize incompatible functions. No single person should have control over an entire transaction. For example, the secretary should not have access to accounting information. The accountant shouldn't have access to inventory and customer information. The duties of authorization, custody of assets and record-keeping should be the responsibility of three different people - each trained in that particular duty. Duties are considered to be incompatible if one person can get into the system and hide irregularities while performing day-to-day activities without detection.

Why is inadequate segregation of duties a problem in the personal computing environment?

Many small companies may have access to multiple applications that perform incompatible tasks. For example, one person may be in charge of entering employee and customer information, invoices, payments, and other such transactions. If all of these transactions are performed on a general company PC, the other employees could access the applications and manipulate the data. Also, other employees that are not trained in the applications could inadvertently change information and data on the PC. Without individualized password protection on the PC itself and each application, there is no way to tell who is responsible for any errors that occur.

Reference no: EM131895

Questions Cloud

Prepare an income statement : Prepare an income statement for the year
Cooling and heating load estimate using camel program : Cooling and Heating Load Estimate using CAMEL program library and the data from DA-9
Write an essay on marketing design innovation : Write an essay on Marketing Design innovation
Write essay on assessment on a health service policy : Over the past years government health strategies have paid special attention to the welfare of UAE citizens who are considered to be the country's major resource and the prime target of all national development.
Segregation of duties in the personal computing environment : Why is inadequate segregation of duties a problem in the personal computing environment?
Describe the sampling distribution of the sample proportion : Describe the sampling distribution of the sample proportion
The security policy document outline : Using the GDI Case Study below, complete the Security Policy Document Outline
Research assignment : Consideration does not have to be adequate or commercially realistic, nor does it have to be expressed in monetary terms, it merely needs to be "sufficient".
Factoring a problem of computing on input a positive intger : Factoring is the problem of computing, on input a positive integer n, a factorization of n in terms of prime powers

Reviews

Write a Review

HR Management Questions & Answers

  Improve problem solving capabilities within organization

Types of teams as to their effectiveness that will improve problem solving capabilities within organizations.

  Influence tactics help in reducing organizations politics

Explain the different types of influence tactics that will be of a help “if adopted” in reducing the organizational politics.

  Report on citigroup''s hr service level agreement

Human Resources or Human Resource Management deals with HR Service Level Agreement. HR Service Level Agreement is an agreement made between the employer and the employee, which states that the employee would work under any client and sometimes any ti..

  A project report on hrm

Human Resource Management as the name suggests, it is a management discipline which deals with the human i.e. the workforce aspect of organizations. Need and practices of HRM are inevitable in present scenario of extreme competition where "Talent War..

  Hrp: recruitment and selection

Recruitment and Selection is the initial ladder of any Human Resource Planning process and contains an immense significance for any organisation.

  A project report on study of statutory complainces

Statutory compliance and its immense knowledge are crucial to be understood in an organization. It contains all the forms, procedures and acts applicable in a company.

  Operant conditioning and Reinforcement

Operant conditioning is a learning process where behaviour is controlled by its consequences. In this process an individual's behaviour can be modified through the use of positive or negative reinforcement.

  Effectiveness of training programs in achieving customers an

The main motive for conducting this research is to provide broad range of research of the literature and their reviews related to training and development and assisting the employees in providing customers satisfaction.

  A critical analysis of hr processes and practices in fedex c

FedEx is illustrious for its novel HR processes and practices that have greatly accounted for its success.

  Integrating culture and diversity in decision making

People in the organization are known as Google where they share common goals and have common vision.

  Impact of employee attrition on people management in organis

Talent management implies recognizing a person's inherent skills, traits, personality and offering him a matching job.

  Labour dissonance at maruti suzuki india limited: a case stu

This Case Study focuses on various issues related to Labour Unrest at Maruti Suzuki India Limited.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd