The following situations have occurred during the year at your audit client, Ele
ID: 2330988 • Letter: T
Question
The following situations have occurred during the year at your audit client, Electric Blue Ltd, a large chemical company:
(a) A clerk entered the wrong account number for a customer while entering the sales transactions for the day on the computer. As a result, that customer's purchases were entered on the account of another customer, who was very annoyed when he received a bill for goods he had not ordered or received.
(b) A keypunch operator incorrectly entered a customer payment as $575.00 instead of $5 750.00
(c) During a demonstration against Electric Blue Ltd's environmental record, several people forced their way into the company's computer centre, which was on the main level of the office building. The protestors smashed the computer equipment and damaged other office equipment. As a result the company's computer system was inoperable for several days.
(d) A computer operator on the night shift knew more about the company's computer system than anyone else. During a period of several months, she accessed the master payroll program, which was stored online, and increased her tax withholding so that she would get a large refund when she filed her tax return.
Required
Identify a control policy or procedure that would have prevented or detected each of the situations above.
Explanation / Answer
A.Customer related details should be stored in a master file and the transactions should be linked with the master file so that whenever the clerk enters the name, the other fields get auto-populated.
B. In this case there should be maker- checker concept.There should be two persons involved to verify the others work. Moreover, there should be validation checks while entering the numbers.
C.The computer center should be physically secured by lock and key and additionally be safeguarded by a security guard plus there should be a different location from where the company can manage its day to day activities during the time of failure.
D. There should be rotation of jobs in this type of cases and moreover a computer operator shouldn't be given access to master files and if required should be given READ ONLY access.