Foods Fantastic Company Essay

Foods Fantastic Company Essay

Foods Fantastic Company’s IT processing is very complex and sophisticated, therefore according to the SAS 109’s risk evaluation procedures and SOX Section 404 Administration Assessment of Internal Regulates, an IT General Control review is needed. The purpose of a great ITGC review is to give the foundation to get reliance in any economical information Food Fantastic Firm produce. Although an ITGC review will not directly bring about misstated monetary statements or material control weaknesses, it could indirectly cause application control deficiencies, and impact the financial auditor in determining the risk of materials misstatement in FFC’s economical statements. Pertaining to the risk examination my team performed for Foods Great, first, we wrote straight down some inquiries and worries for each ITGC area. Then simply, we viewed the company’s organization graph and or chart and had a gathering with the brain of each section, and had taken notes through the meetings. We also discovered the taxation team. From then on we published down the pros and cons, and determine the level of risk assessment for each area. First of all, in the area of IT Management, the chance assessment is usually medium. There is a strategic prepare, which is a power, because a proper plan may help FFC in order to meet its business goals simply by outlining the objectives and strategies for the data system group. In addition , FFC has an THAT steering committee, which is also a strength, as the committee grows and revises IT and security procedures, and reviews the procedures of the IT department. Nevertheless , there are a handful of weaknesses in regards to IT Supervision. For instance, their very own Chief Data Office only reports with their Chief Economical Officer. According to the Sarbanes-Oxley Take action, the company’s chief executive officer and chief monetary officer are requires to incorporate an analysis of the functioning effectiveness of their internal control structure over financial confirming when giving the total annual report. In addition , the Vp of Applications, Vice President of Operations, Vice President of Information Secureness, and Vp of Data source Administration reports only to Key Information Official Second, there are quite a few strong points in their Systems Development place, they design, develop, and implement systems in a reasonable fashion, which in turn all the duties are segregated. In addition , the corporation consider internal controls because an integral part of devices design, as well as the IT employees adequately analyzed the new bio-coding payment system just before its rendering, so we determined the chance assessment in this field is low. However , FFC’s Internal Examine Department is involved being a voting part of the task teams. Inside audit executes post-implementation testimonials on most projects over $2 mil. Internal Review should be independent, and should not be involved in the project ream. Third, the risk assessment in regards to Data Reliability is substantial. Although they have high control on the physical access to all their data middle computer space, but they include low control on the reasonable access. In order to control the physical access, FFC’s computer place within its data centre is locked at all times. Almost all outsiders must first speak to the data centre manager in order to enter the computer room. Each must deliver an official picture ID, signal a visitors’ log, and become escorted at all times by info center personnel during the visit. They also have environmental control inside the computer room and are examined semi-annually. However , the Human Methods Department just forward the Transfers and Terminations survey each month, rather than immediately after automobile is transported or terminated. The security coverage is not really current and was modified in 2005. The system produces a logical gain access to violation record daily, but the company police only needs the Vice President of Information Program to review the unauthorized program access survey once a month. Finally, the risk analysis in Change Management place is low, but the risk management in the Business Continuity Planning area is substantial. Although they have zero incidents happened that necessary them to retrieve their devices, a company should have an enterprise continuity strategy. They did certainly not document virtually any business continuity or tragedy recovery strategy, nor they were doing test the backup coup during the past years, which they have no intention to try the tapes in the future. FFC backs up all the data daily, but simply store them once a week by a company-owned offsite site. They should retail store the data daily. Overall, I set FFC’s assessed amount of ITGC risk as large because of their data security and business continuity planning. Info is the most important elements of an organization. Without data, the corporation will not be capable of operate. The fact that FFC does not have a organization continuity program because consider that is cost prohibitive for a business of the size is incorrect. Every organization should have a small business continuity program in case there is a natural devastation. In addition , FFC should do a better job in control of rational access since hacker don’t necessary have to gain access to the organization’s data physically.

Related Essays