It General Controls Risk Assessment Report

In: Business and Management

Submitted By twoody2266
Words 1551
Pages 7
IT General Controls Risk Assessment Report
Foods Fantastic Company
Thomas Woods

In accordance with our IT audit plan, the Foods Fantastic Company (FFC) Audit Team has performed an ITGC review of the 5 critical ITGC areas and in-scope applications so as to enable the audit team to follow a controls-based audit approach and be able to rely on the IT controls in place at FFC. FFC is a publicly traded, regional grocery store located in the mid-Atlantic region which relies on many state-of-the-art IT systems and software and which are all managed in-house.

We hope to gain comfort that FFC’s systems, IT practices, and risk management procedures are working properly and are operationally effective within a well-controlled IT environment and to meet the requirements that are outlined in SAS 109 and SOX Section 404 Management Assessment of Internal Controls. Considering that the FFC IT environment has a direct impact on the account balances and financial statements, it is imperative that we provide assurance over IT controls prior to the financial statement audit and assess the risk of material misstatement in the different areas of the IT environment.

Our team initially reviewed key provisions included in SAS 109, SOX Section 404, PCAOB Auditing Standard No.5, and FFC policies. To provide the financial auditors with a complete and accurate review of the critical ITGC areas, we reviewed FFC’s IT and security procedures, interviewed relevant FFC client personnel, and observed FFC operations and procedures related to its ITGCs. Upon review of all relevant evidence and data collected through our walkthrough of FFC, we developed our risk assessment of each ITGC area…...

Similar Documents

An Assessment of Bp's Objectives, Risks and Controls

...Yue Song University of Maryland 12/9/2012 An Assessment of BP’s Objectives, Risks and Controls General Introduction BP (formerly known as British Petroleum) is a British multinational oil and gas company headquartered in London, UK and operating in more than 80 countries. Vertically involved in almost all areas of the oil and gas industry (exploration, production, refining, petrochemical products, power generation etc.), it provides its customers with fuel for transportation, energy for heat and light, retail services and petrochemical products for everyday items. As one of the world’s leading energy enterprises, it earned total revenues of $308,928 million in 2011, ranking fourth of all companies in the world. Strategies and Objectives BP’s businesses cover three main segments: upstream, downstream and alternative energy, each of which has its own strategies and objectives that play to their strengths. The upstream segment includes such activities as oil and gas exploration, field development and production, midstream transportation, storage and processing, and the marketing and trading of natural gas. Of all these activities, BP is strategically increasing its investment in exploration, especially in deepwater and giant fields, expecting to maximize its technical resources and leadership in the energy industry. The downstream segment consists of three main businesses: fuels, lubricants and petrochemicals, which all together are responsible for refining,......

Words: 1527 - Pages: 7

Risk Assessment

...McBride Financial Risk Assessment Information Systems Security Risk Management McBride Financial Risk Assessment Overview The purpose of Risk Assessment is to identify potential risks that could impact the operation of the business of McBride Financial Services. This will analyze the approaches to be implemented for omission of avoidable risks and the minimization of the risks that are unavoidable. In this quest, team B has chosen Sioux Falls office of McBride Financial Services, which will involve a risk assessment overview of several different topics. The discussions will be the use of toxic chemicals in the vicinity of business, public transportation facilities that might handle the carriage of dangerous or hazardous substances, any potential targets of criminal activities and potential targets of terrorist activity. Toxic Chemicals Chemicals are a necessary part of any work location. They can be used in work processes, for cleaning, and other functions. Chemicals can be found in solid, dust, liquid, and gas or vapor forms. "Industrial chemicals can be described by the physical form of the chemical (that is, whether it is a dust, fume, vapor, gas, etc.)." (Chemicals in the Workplace) The company needs to identify all the chemicals used at the McBride facility. The individual chemical components should be listed for a safety review. Material Safety and Data Sheets (MSDS) will be obtained and stored onsite for all chemicals used. MSDS is available for all......

Words: 2674 - Pages: 11

Risk Assessment

...ASSESSMENT QUESTIONNAIRE __________________________ (Client) __________________________ (Audit Date) ______________________________    ___________________________ (Prepared by / Date)                          (Reviewed by / Date)   Instructions This questionnaire should be completed before the start of fieldwork. Its purpose is to document and assess audit risk. The information required to complete this questionnaire comes from the following sources: * Client responses to our inquiries. * Our knowledge of general and industry economic conditions. * Our knowledge of the client.   This questionnaire is divided into two major sections: “external” and “internal” factors. It is designed so that every “Yes” answer adversely affects risk exposure. For every “Yes” answer, the item should be referenced to the appropriate audit documentation. The audit documentation should state our assessment of the effect of the condition on the risk of material errors or fraud.  EXTERNAL FACTORS General Economic and Financial Conditions [1]. Have the client’s domestic markets suffered from high inflation? [Y] [N] [Ref] [2]. Are interest rates high in relation to the client’s capital needs? [Y] [N] [Ref] [3]. Has the client’s business been adversely affected by changes in the following: * Interest rates? [Y] [N] [Ref] * Unemployment rates? [Y] [N] [Ref] * Money supply? [Y] [N] [Ref] * Foreign currency exchange rates? [Y] [N] [Ref] * Overall business...

Words: 1131 - Pages: 5

Risk Assessment

...Security Management RISK ASSESMENT Information systems have long been at some risk from malicious actions or inadvertent user errors and from natural and man-made disasters. In recent years, systems have become more susceptible to these threats because computers have become more interconnected and, thus, more interdependent and accessible to a larger number of individuals. In addition, the number of individuals with computer skills is increasing, and intrusion, or “hacking,” techniques are becoming more widely known via the Internet and other media. Arisk assessment is not about creating huge amounts of paperwork , but rather about identifying sensible measures to control the risks in your workplace. You are probably already taking steps to protect your employees, but your risk assessment will help you decide whether you  have covered all you need to. Think about how accidents and ill health could happen and concentrate on real risks – those that are most likely and which will cause the most harm. For some risks, other regulations require particular control measures. Your assessment can help you identify where you need to look at certain risks and these particular control measures in more detail. These control measures do not have to be assessed separately but can be considered as part of, or an extension of, your overall risk assessment. Although all elements of the risk management cycle are important, risk assessments provide the foundation for......

Words: 3691 - Pages: 15

Risk Assessment

...------------------------------------------------- Risk Assessment Risk assessment It is the process of analyzing threats to, and vulnerabilities of, an information system, and the potential impact that the loss of information or capabilities of a system would have on national security or your company's bottom line. Identifying threats To identify threats, look at the organization, the guardian organization and the business/nation. At each one level, focus the risk by inquiring as to whether an assailant can represent a danger. Does somebody have the inspiration to endeavor a helplessness? Is there a background marked by effective endeavor? Does somebody have a past filled with focusing on your industry? An alternate approach to distinguish dangers is to consider the properties the association may have: divulgence (trading off radiations, capture, dishonorable support techniques, programmers); interference (tremor, flame, surge, malignant code, power disappointment); adjustment (information passage blunders, programmers, noxious code); decimation (force spikes, fire, characteristic catastrophes); and evacuation (burglary of information or frameworks). To focus vulnerabilities, utilize the grid to meeting staff, audit past security occurrences, and analyze review and framework records and framework documentation. Contact merchants for reports of known framework vulnerabilities, check counseling Web locales and search for security issues by utilizing computerized......

Words: 1345 - Pages: 6

Control Self Assessment

...Control Self-assessment for Information and Related Technology To ensure smooth functioning of an enterprise striving to achieve predetermined objectives, business processes are identified and defined. To ensure the proper completion of process work, procedures are defined, documented and established. Business procedures need to be properly controlled to ensure smooth completion. Out-of-control procedures are expensive; therefore, controls need to be in place. These controls can be preventive, detective and/or corrective in nature. However, the adequacy of controls over procedures depends on various factors, including a balance between costs incurred for implementing controls and the resulting benefits derived. Many controls are essential overheads for the business, and therefore, their effectiveness must be reviewed periodically. Internal audit of controls, an essential overhead, helps avoid relaxation on controls. Ultimately, the control overheads constitute a major expenditure item. Assurance that the controls are in place and effective is essential. This assurance can be given through control self-assessment (CSA), also referred to as control self-assurance. Systems and procedures for many business organizations within various sectors have evolved over time. For example, banking is the oldest service sector and the controls over banking procedures are essential not only for the bank, but also for society in general. Controls in banking procedures have also evolved......

Words: 5755 - Pages: 24

Risk Assessment risk lack within its network. GFI relies on its application servers; the Oracle database and the email system that are the backbone of the GFI financial operations. The financial and cash flow system of the company solely depends on the network, any network breakdown, and system failure would be catastrophic for the business and its clients. The recent multiple cyber attacks on the GFIs network and the 2012 Oracle server attack that left the company integrity, confidentiality and availability venerable for several days. Although the servers were restored, the damage was extensive and lead GFI to pay for clients damages in their loss of data confidentiality. Another attack left the entire GIF network down that lead to losses in revenues and intangible customer confidence to the tunes of over a million US dollars. Risk Assessment Purpose The aim of this risk assessment is to evaluate the details of GFI network security. Further, the risk assessment is to come up with a structured qualitative assessment of GFIs network environment and provide possible solutions for mitigating the sensitivity, threats, vulnerabilities, risks and safeguards of the GFIs network. Besides, the assessment will recommend on a potential cost-effective assurance that will combat the threats and associated exploitable vulnerabilities. These safeguards will be security features, controls and tools that when GFI include or add in their information technology environment, they will mitigate the......

Words: 2661 - Pages: 11

Assessing Information Technology General Control Risk: an Instructional Case

...Assessing Information Technology General Control Risk: An Instructional Case Carolyn Strand Norman, Mark D. Payne, and Valaria P. Vendrzyk ABSTRACT: Information Technology General Controls (ITGCs), a fundamental category of internal controls, provide an overall foundation for reliance on any information produced by a system. Since the relation between ITGCs and the information produced by an organization’s various application programs is indirect, understanding how ITGCs interact and affect an auditor’s risk assessment is often challenging for students. This case helps students assess overall ITGC risk within an organization’s information systems. Students identify specific strengths and weaknesses within five ITGC areas, provide a risk assessment for each area, and then evaluate an organization’s overall level of ITGC risk within the context of an integrated audit. Keywords: internal controls; general control; ITGC; risk assessment. INTRODUCTION he Sarbanes-Oxley Act (SOX 2002) and the Public Company Accounting Oversight Board (PCAOB) Auditing Standard No. 5 (PCAOB 2007) require that the organization’s chief executive officer (CEO) and chief financial officer (CFO) include an assessment of the operating effectiveness of their internal control structure over financial reporting when issuing the annual report. External auditors must review management’s internal control assessment as part of an annual integrated audit of an organization’s internal controls over financial reporting.......

Words: 6299 - Pages: 26

Risk Assessment

...Risk assessment is a structured and methodical process, which is reliant on the correct identification of hazards and a suitable assessment of risks ascending from them, with a sight to making inter-risk comparisons for purposes of their control and prevention. Information technology, as a technology with the fastest rate of development and application in all branches of business, requires adequate protection to provide high security. The focus of the safety analysis applied on an information system is to recognize and evaluate threats, vulnerabilities and safety characteristics. IT assets are uncovered to risk of harm or losses. IT security includes protecting information stored electronically. That protection implies data integrity, availability and confidentiality. According to“Risk Assessment of Information Technology Systems” (2009) risk assessment is the most critical part of Information Security Management (ISM).  Risk Management and Risk Assessment involves analysis, planning, implementation, control and monitoring of implemented measurements, and Risk Assessment, as part of Risk Management. It involves several processes: · Risk identification, · Relevant risk analysis, · Risk evaluation The main purpose of Risk Assessment is to make a choice whether a system is acceptable, and which measures would provide its acceptability. For every organization using IT in its business process it is important to conduct the risk assessment. Numerous threats and......

Words: 742 - Pages: 3

Risk Assessment

...Manchester City Council Report for Information Report To: Overview and Scrutiny Governance Sub Group – 9 December 2010 Subject: Risk Assessment in Business Plans Report of: City Treasurer Summary The Subgroup requested a review of the risk management components of service business plans. This report provides a review of the current completeness and content of risk assessments, synthesizing emerging themes and providing a comparison with the quality of content in previous years. Recommendations Members are requested to comment on the report. Wards Affected: All Contact Officers: Richard Paver City Treasurer 0161 234 3564 E-mail Tom Powell Head of Audit and Risk Management 0161 234 5273 E-mail John Gill Risk Manager (Strategy) 0161 234 5272 E-mail Background documents (available for public inspection): None 1. Introduction 1.1. Thirty Heads of Service are required to produce and update service business plans on an annual basis. The deadline for the receipt of the latest draft plans was 14 October 2010. In order to provide effective support and challenge to Heads of Service in further developing their plans, a team of specialist officers was established to critique the main sections......

Words: 1977 - Pages: 8

Risk Assessment

...Risk Assessment SCI/275   Malathion is something that is being taken into consideration by the City Council of Genericville it is an insecticide spray that will help to control the West Nile Virus and the further spread of the virus. This is a risk assessment on the use of a spray called Malathion in the city of Genericville. There are several steps that are involved in this first is hazard identification and that is the effects that it will have on the health of the humans who are going to be exposed to the spraying of the Malathion. The second is what is called dose response; this is the amount on spray that would be needed to cause any health effects. The third deals with the exposure to all the humans and also based on the total amount of spray that was used and also how long the exposure to the insecticide will last. The final step is what I would call risk characterization which would be used to help determine that if any or certain humans that live in the city would be prone to any health risks that would associated with the use of Malathion. The result of this assessment is that the city of Genericville should really use the insecticide spray called Malathion to help in reducing the spread of the West Nile Virus. There are many sides to this and they include the social, economic, and the political sides of any arguments that have to be considered with the use of the insecticide spray. The West Nile Virus is a very huge concern in the area and that is......

Words: 1146 - Pages: 5

Risk Assessment

...Risk Assessment A risk assessment is something that is produced to help carry out a risk assessment of what might cause harm to the service users and what needs to be carried out in order to avoid the risks from taking place . It is something by law that is expected for all the workplace to carry out. This links in with the HSAWA as every workplace when opening up a business they need to follow the rules and regulation in order to keep the environment safe as well as the employees. When creating risk assessments it’s about producing a table of which identifies all the possible hazards that could take place in the workplace. Every workplace must produce a risk assessment and by creating this you are pointing out all the risk that could take place but also putting in place steps to prevent it from happening. The process of doing risk assessments is to identify hazards and state what they are but also analysing the hazard as to what risks are involved with that hazard and what harm it could bring. Finally, stating the steps that need to be taken in order to eliminate or to control the hazard from occurring. Doing a risk assessment is really important they form an essential part because doing a risk assessment is the key to a good occupation because they help they help to create awareness of the hazards and risks. The aim of having a risk assessment is the process of trying to remove hazards and remove the risk that it accompanies and adding precaution to stop the risks from......

Words: 2044 - Pages: 9

Risk Assessment

...World Health Organization Essential Drugs and Medicines Policy Geneva WHO/EDM/PAR/2001.2 DISTRIBUTION: GENERAL ORIGINAL: ENGLISH Teacher’s Guide to Good Prescribing World Health Organization Department of Essential Drugs and Medicines Policy Geneva, Switzerland Authors Hans V. Hogerzeil1 (Editor) Karen I. Barnes2 Rob H. Henning3 Yunus E. Kocabasoglu3 Helene Möller4 Anthony J. Smith5 Rob S. Summers6 Theo P.G.M. de Vries7 with contributions from Hannelie Meyer, Sule Oktay, Budiono Santoso and Sri Suryawati 1 2 3 4 5 6 7 WHO Department of Essential Drugs and Medicines Policy, Geneva, Switzerland WHO Collaborating Centre for Drug Policy, Information and Safety Monitoring, Department of Clinical Pharmacology, Medical School, University of Cape Town, Cape Town, South Africa WHO Collaborating Centre for Pharmacotherapy Teaching and Training, Department of Pharmacology and Clinical Pharmacology, Medical Faculty, Groningen University, Groningen, The Netherlands WHO, South African Drug Action Programme, Pretoria, South Africa WHO Collaborating Centre for Pharmacotherapy Teaching and Training, Discipline of Clinical Pharmacology, Medical School, Newcastle, Australia WHO Collaborating Centre for Pharmacy Curriculum Development and Rational Use of Drugs, School of Pharmacy, Medical University of Southern Africa, Pretoria, South Africa Department of Pharmacology, Medical Faculty, University of Amsterdam, Amsterdam, The Netherlands Acknowledgements The......

Words: 9416 - Pages: 38

Risk Assessment

...|Risk Assessment Paper | |CJA 374 Juvenile Justice Systems and Processes | |Debbie Johnson | There are a number of similarities and contrasts in the nature of the two case studies that we are about to study. There is a need of the understanding of the situation, evaluation of various factors that would have an effect on the outcome so a risk assessment is generally performed. Thus a basis is formed on the basis of which solution to a problem is to be found.             Colleen is a broken home about whom we will be studying in the first case study. There is a traversal of several hardships and negative effects for a child who is brought up in a broken home especially when they are entrant to the age of a juvenile. There are several physical and mental changes when a child goes through his stage of teens is the possible analyzed reason. There is a transformation from teens to adults and their mentors become there parents who diversify their efforts to the right path. Over the years a constant delinquency has been witnessed through Colleen. The classic delinquent action at this age is running away from home. Poverty, delinquency, passing away of the parents, abusive home, feeblemindedness, and poverty are several reasons why a child may run away from home (Brown, 1992). And when these children make their way out of home they land up mixing up with criminals or people who are shady. So......

Words: 1344 - Pages: 6

Risk Assessment

...large emphasis on financial risk assessments. The risk assessment process is needed to identify risks that need to be treated within an organization, as well as to provide strategies and methods that are most appropriate to treat these risks. Because many organizations are poorly aligned between their risk exposure and their risk appetite, it is important to engage in the risk assessment procedures. These procedures can help an organization prevent risk exposure and determine if their current operations will result in an increase or decrease of market value and owners’ wealth. As a result of the economic crisis, and the recent increase in corporate failures, organizations can now learn from the mistakes of others. This paper will discuss the mistakes that lead WorldCom, a telecom company that was once the fourth-ranked in Fortune 500, to bankruptcy in 2002, in an effort to demonstrate the importance of successful risk assessment and alignment implementation. Keywords: corporate failure, risk analysis, risk assessment, risk management, WorldCom Over the past years, and as a result of high profile firm failures, the economic crisis, and increased regulatory pressure, many organizations have placed a large emphasis on financial risk assessments. Risk assessment is the process where risk managers analyze the risks of an organization and identify risks that need to be treated (Tarantino & Cernauskas, 2011, p.47). In addition, a risk assessment provides strategies......

Words: 4331 - Pages: 18