threat and control
TRANSCRIPT
7/28/2019 Threat and Control
http://slidepdf.com/reader/full/threat-and-control 1/3
EXPENDITURE CYCLE GENERAL
Threat : Inaccurate or invalid master dataControls: Data processing integrity controls
Restriction of access to master data
Review of all changes to master data
Ancaman : Data induk yang tidak tepat atau tidak sah
Kawalan : Data kawalan integriti pemprosesanSekatan akses kepada data induk
Kajian semua perubahan kepada data induk
Threat : Unauthorized disclosure of sensitive informationControls: Access controls
Encryption
Ancaman : pendedahan tanpa kebenaran maklumat sensitif Kawalan : kawalan akses
penyulitan
Threat : Loss or destruction of data
Controls: Backup and disaster recovery procedures
Ancaman : Kerugian atau kemusnahan data
Kawalan : prosedur pemulihan Sandaran dan bencana
Threat : Poor performance
Controls: Managerial reports
Ancaman : Prestasi Lemah
Kawalan : laporan Pengurusan
ORDERING
Threat : Inaccurate inventory records
Controls: Perpetual inventory systemBar coding or RFID tags
Periodic physical counts of inventory
Ancaman : rekod inventori yang tidak tepat
Kawalan : sistem inventori berkekalan
Bar kod atau tag RFIDTuduhan fizikal berkala inventori
Threat : Purchasing items not needed
Controls: Perpetual inventory system
7/28/2019 Threat and Control
http://slidepdf.com/reader/full/threat-and-control 2/3
Review and approval of purchase requisitions
Centralized purchasing function
Ancaman : Pembelian barangan tidak diperlukan
Kawalan : sistem inventori berkekalan
Kajian semula dan kelulusan tuntutan pembelian Fungsi pembelian berpusat
Threat : Purchasing at inflated pricesControls: Price lists
Competitive bidding
Review of purchase orders
Budgets
Ancaman : Pembelian pada harga tinggi
Kawalan : Senarai Harga
pembidaan kompetitif Kajian pesanan pembelian
belanjawan
Threat : Purchasing goods of inferior quality
Controls: Purchasing only from approved suppliers
Review and approval of purchases from new suppliersHolding purchasing managers responsible for rework and scrap costs
Tracking and monitoring product quality by supplier
Ancaman : Pembelian barangan berkualiti rendah
Kawalan : Pembelian hanya dari pembekal yang diluluskan
Kajian semula dan kelulusan pembelian daripada pembekal-pembekal baru
Holding pengurus pembelian bertanggungjawab untuk kerja semula
dan sekerap kos Mengesan dan memantau kualiti produk oleh pembekal
Threat : Unreliable suppliers
Controls: Requiring suppliers to possess quality certification (e.g. ISO 9000)Collecting and monitoring supplier delivery performance data
Threat : Purchasing from unauthorized suppliersControls: Maintaining a list of approved suppliers and configuring the system to
permit purchase orders only to approved suppliers
Review and approval of purchases from new suppliersEDI-specific controls (access, revies of orders, encryption, policy)
Threat : Kickbacks
Controls: Requiring purchasing agents to disclose financial and personal interests in
7/28/2019 Threat and Control
http://slidepdf.com/reader/full/threat-and-control 3/3
suppliers
Training employees in how to respond to offers of gifts from suppliers
Job rotation and mandatory vacationsSupplier audits
RECEIVING
Threat : Accepting unordered items
Controls: Requiring existence of approved purchase order prior to accepting anydelivery
Threat : Mistakes in counting
Controls: Do not inform receiving employees about quantity orderedRequire receiving employees to sign receiving reports
Incentives
Document transfer of goods to inventory
Use of bar-codes and RFID tagsConfiguration of the ERP system to flag discrepancies between received and
ordered quantities that exceed tolerance threshold for investigation
Threat : Verifying receipt of services
Controls: Budgetary controls
Audits
Threat : Theft of inventory
Controls: Segregation of duties: custody of inventory versus receivingRestriction of physical access to inventory
Documentation of all transfers of inventory between receiving and inventory
employeesPeriodic physical counts of inventory and reconciliation to recorded
quantities