threat and control

7/28/2019 Threat and Control

http://slidepdf.com/reader/full/threat-and-control 1/3

EXPENDITURE CYCLE GENERAL

Threat : Inaccurate or invalid master dataControls: Data processing integrity controls

Restriction of access to master data

Review of all changes to master data

 Ancaman : Data induk yang tidak tepat atau tidak sah

 Kawalan : Data kawalan integriti pemprosesanSekatan akses kepada data induk 

 Kajian semua perubahan kepada data induk 

Threat : Unauthorized disclosure of sensitive informationControls: Access controls

Encryption

 Ancaman : pendedahan tanpa kebenaran maklumat sensitif  Kawalan : kawalan akses

 penyulitan

Threat : Loss or destruction of data

Controls: Backup and disaster recovery procedures

 Ancaman : Kerugian atau kemusnahan data

 Kawalan : prosedur pemulihan Sandaran dan bencana

Threat : Poor performance

Controls: Managerial reports

 Ancaman : Prestasi Lemah

 Kawalan : laporan Pengurusan

ORDERING

Threat : Inaccurate inventory records

Controls: Perpetual inventory systemBar coding or RFID tags

Periodic physical counts of inventory

 Ancaman : rekod inventori yang tidak tepat 

 Kawalan : sistem inventori berkekalan

 Bar kod atau tag RFIDTuduhan fizikal berkala inventori

Threat : Purchasing items not needed

Controls: Perpetual inventory system

7/28/2019 Threat and Control

http://slidepdf.com/reader/full/threat-and-control 2/3

Review and approval of purchase requisitions

Centralized purchasing function

 Ancaman : Pembelian barangan tidak diperlukan

 Kawalan : sistem inventori berkekalan

 Kajian semula dan kelulusan tuntutan pembelian Fungsi pembelian berpusat 

Threat : Purchasing at inflated pricesControls: Price lists

Competitive bidding

Review of purchase orders

Budgets

 Ancaman : Pembelian pada harga tinggi

 Kawalan : Senarai Harga

 pembidaan kompetitif  Kajian pesanan pembelian

belanjawan

Threat : Purchasing goods of inferior quality

Controls: Purchasing only from approved suppliers

Review and approval of purchases from new suppliersHolding purchasing managers responsible for rework and scrap costs

Tracking and monitoring product quality by supplier 

 Ancaman : Pembelian barangan berkualiti rendah

 Kawalan : Pembelian hanya dari pembekal yang diluluskan

 Kajian semula dan kelulusan pembelian daripada pembekal-pembekal baru

 Holding pengurus pembelian bertanggungjawab untuk kerja semula

dan sekerap kos Mengesan dan memantau kualiti produk oleh pembekal 

Threat : Unreliable suppliers

Controls: Requiring suppliers to possess quality certification (e.g. ISO 9000)Collecting and monitoring supplier delivery performance data

Threat : Purchasing from unauthorized suppliersControls: Maintaining a list of approved suppliers and configuring the system to

 permit purchase orders only to approved suppliers

Review and approval of purchases from new suppliersEDI-specific controls (access, revies of orders, encryption, policy)

Threat : Kickbacks

Controls: Requiring purchasing agents to disclose financial and personal interests in

7/28/2019 Threat and Control

http://slidepdf.com/reader/full/threat-and-control 3/3

suppliers

Training employees in how to respond to offers of gifts from suppliers

Job rotation and mandatory vacationsSupplier audits

RECEIVING

Threat : Accepting unordered items

Controls: Requiring existence of approved purchase order prior to accepting anydelivery

Threat : Mistakes in counting

Controls: Do not inform receiving employees about quantity orderedRequire receiving employees to sign receiving reports

Incentives

Document transfer of goods to inventory

Use of bar-codes and RFID tagsConfiguration of the ERP system to flag discrepancies between received and

ordered quantities that exceed tolerance threshold for investigation

Threat : Verifying receipt of services

Controls: Budgetary controls

Audits

Threat : Theft of inventory

Controls: Segregation of duties: custody of inventory versus receivingRestriction of physical access to inventory

Documentation of all transfers of inventory between receiving and inventory

employeesPeriodic physical counts of inventory and reconciliation to recorded

quantities