threat and control
Post on 14-Apr-2018
241 Views
Preview:
TRANSCRIPT
7/28/2019 Threat and Control
http://slidepdf.com/reader/full/threat-and-control 1/3
EXPENDITURE CYCLE GENERAL
Threat : Inaccurate or invalid master dataControls: Data processing integrity controls
Restriction of access to master data
Review of all changes to master data
Ancaman : Data induk yang tidak tepat atau tidak sah
Kawalan : Data kawalan integriti pemprosesanSekatan akses kepada data induk
Kajian semua perubahan kepada data induk
Threat : Unauthorized disclosure of sensitive informationControls: Access controls
Encryption
Ancaman : pendedahan tanpa kebenaran maklumat sensitif Kawalan : kawalan akses
penyulitan
Threat : Loss or destruction of data
Controls: Backup and disaster recovery procedures
Ancaman : Kerugian atau kemusnahan data
Kawalan : prosedur pemulihan Sandaran dan bencana
Threat : Poor performance
Controls: Managerial reports
Ancaman : Prestasi Lemah
Kawalan : laporan Pengurusan
ORDERING
Threat : Inaccurate inventory records
Controls: Perpetual inventory systemBar coding or RFID tags
Periodic physical counts of inventory
Ancaman : rekod inventori yang tidak tepat
Kawalan : sistem inventori berkekalan
Bar kod atau tag RFIDTuduhan fizikal berkala inventori
Threat : Purchasing items not needed
Controls: Perpetual inventory system
7/28/2019 Threat and Control
http://slidepdf.com/reader/full/threat-and-control 2/3
Review and approval of purchase requisitions
Centralized purchasing function
Ancaman : Pembelian barangan tidak diperlukan
Kawalan : sistem inventori berkekalan
Kajian semula dan kelulusan tuntutan pembelian Fungsi pembelian berpusat
Threat : Purchasing at inflated pricesControls: Price lists
Competitive bidding
Review of purchase orders
Budgets
Ancaman : Pembelian pada harga tinggi
Kawalan : Senarai Harga
pembidaan kompetitif Kajian pesanan pembelian
belanjawan
Threat : Purchasing goods of inferior quality
Controls: Purchasing only from approved suppliers
Review and approval of purchases from new suppliersHolding purchasing managers responsible for rework and scrap costs
Tracking and monitoring product quality by supplier
Ancaman : Pembelian barangan berkualiti rendah
Kawalan : Pembelian hanya dari pembekal yang diluluskan
Kajian semula dan kelulusan pembelian daripada pembekal-pembekal baru
Holding pengurus pembelian bertanggungjawab untuk kerja semula
dan sekerap kos Mengesan dan memantau kualiti produk oleh pembekal
Threat : Unreliable suppliers
Controls: Requiring suppliers to possess quality certification (e.g. ISO 9000)Collecting and monitoring supplier delivery performance data
Threat : Purchasing from unauthorized suppliersControls: Maintaining a list of approved suppliers and configuring the system to
permit purchase orders only to approved suppliers
Review and approval of purchases from new suppliersEDI-specific controls (access, revies of orders, encryption, policy)
Threat : Kickbacks
Controls: Requiring purchasing agents to disclose financial and personal interests in
7/28/2019 Threat and Control
http://slidepdf.com/reader/full/threat-and-control 3/3
suppliers
Training employees in how to respond to offers of gifts from suppliers
Job rotation and mandatory vacationsSupplier audits
RECEIVING
Threat : Accepting unordered items
Controls: Requiring existence of approved purchase order prior to accepting anydelivery
Threat : Mistakes in counting
Controls: Do not inform receiving employees about quantity orderedRequire receiving employees to sign receiving reports
Incentives
Document transfer of goods to inventory
Use of bar-codes and RFID tagsConfiguration of the ERP system to flag discrepancies between received and
ordered quantities that exceed tolerance threshold for investigation
Threat : Verifying receipt of services
Controls: Budgetary controls
Audits
Threat : Theft of inventory
Controls: Segregation of duties: custody of inventory versus receivingRestriction of physical access to inventory
Documentation of all transfers of inventory between receiving and inventory
employeesPeriodic physical counts of inventory and reconciliation to recorded
quantities
top related