Internal Control

I am writing this due to a personal request from S. It was a request asking me to help out on the Internal Control assessment. Since I can help, I will try to help. No beans will be spilled out though.

Okayyy, here goes. I will only share with you the weaknesses. The recommendations that you should implement, you got to figure out yourself. Instead of just telling you what are the weaknesses, I will pose questions to you instead.

1. All computer personnel were trained in system design, operation and programming. Don't you think they will know too much if they were trained on everything?

2. Again, there is one specific employee who could run the program and make changes. Would you let someone do everything? Don't you think that will lead to something bad? He can easily make any changes he wants, don't you think so?

3. No records are kept? What do you think? I'm sure your mom would always tell you to keep all receipts on any daily transactions, even if you buy a bread.

4. Every staff has access? Would you give your house keys to everyone you know?

5. Backup files kept in an unlocked cupboard? Mom always said never leave the house without locking the door! In addition, what kind of cupboard? A plastic cupboard that anyone can break it apart easily? Would a bank store their money in a plastic cupboard?

6. No computer checks? What if there is no spelling check on Microsoft Word? That's a nightmare! Go read your textbook from page 238-243. There are so many types of control in an IT environment. With so many types of control, there will be so many weaknesses in this particular area. Go figure.

That's all folks. You should thank S.