FFC is a publicly traded, regional grocery store located in the mid-Atlantic region which relies on many state-of-the-art IT systems and software and which are all managed in-house. Considering that the FFC IT environment has a direct impact on the account balances and financial statements, it is imperative that we provide assurance over IT controls prior to the financial statement audit and assess the risk of material misstatement in the different areas of the IT environment. A steering committee comprised of personnel from internal audit, information systems, and the finance department are involved in developing the policies of and reviewing the operations of the IT department. This cross-departmental committee helps align the goals of the IT department and the firm as a whole, and helps establish segregation of duties at the manager level so as to establish a culture of openness.
FFC is a publicly traded, regional grocery store chain, headquartered in Mason, Maryland, and includes 50 stores located in the mid-Atlantic area. The centralized data center is in Mason.
FFC relies on an integrated suite of application programs that include state-of-the art software to manage merchandise replenishment, store-level sales forecasting, and point-of-sale data. To maintain its competitive edge in its market area, FFC recently implemented a fingerprint bio-coding payment system in all of its stores.
This new systems implementation required that FFC change several of its general-ledger application programs, in particular, those related to its cash receipts processing. FFC does not use any outside service organizations to provide its IT services. Your evaluation will affect the financial auditor in assessing the risk of material misstatement in FFCs financials, and consequently, the audit plan.
At your first team meeting, Sophie announced that your firms network security specialists would review the technical issues related to FFCs internal controls. They will evaluate FFCs operating systems, its telecommunications software, and its network configuration and firewalls.
IT management, systems development, data security, change management, and business continuity planning BCP. IT Management IT managements key concepts include ITs position within the organization, whether IT goals are aligned with the organizations strategic goals, the use of an IT steering committee, and whether the IT departments structure promotes proper segregation of duties to protect the organizations assets.
Your primary concerns are: What key responsibility areas report to the CIO? Is so, who are the members? Systems Development The key concepts within systems development include the existence of a new systems implementation methodology, project management, pre-and post-implementation reviews, quality control, adequate testing, and demonstrated compliance with the selected implementation methodology.
Based on this understanding, your teams primary concerns are: Does FFC design, develop, and implement systems in a logical fashion?
Does the organization consider internal controls as an integral part of systems design or does it retrofit them after implementation? Is it part of the project review team? Is it a voting member of the team? In particular, how well did FFC manage the development and implementation of its new fingerprint bio-coding payment system?
Data Security The critical concepts within data security include adherence to an established information security policy, access approval on a need-to-know basis, periodic rotation or change of access controls, monitoring, exception reporting, and incident response.
Data security has both physical and logical aspects. On the physical side, data security includes physical access and environmental controls over the data center computer room. On the logical side, data security includes policies related to password configuration, change, and history restrictions.
Logical security also includes prompt review, modification, or removal of access due to personnel transfers, promotions, and terminations.Foods Fantastic Company’s IT processing is very complex and sophisticated, therefore according to the SAS ’s risk assessment procedures and SOX Section Management Assessment of Internal Controls, an IT General Control review is required.
Foods Fantastic Company’s IT processing is very complex and sophisticated, therefore according to the SAS ’s risk assessment procedures and SOX Section Management Assessment of Internal Controls, an IT General Control review is required.
The purpose of an ITGC review is to provide the foundation for reliance on any . Foods Fantastic Company is a public company which mainly operating regional grocery store in Maryland.
This Company relies on application programs, such as .
IT General Controls Risk Assessment Report Essay Background: In accordance with our IT audit plan, the Foods Fantastic Company (FFC) Audit Team has performed an ITGC review of the 5 critical ITGC areas and in-scope applications so as to enable the audit team to follow a controls-based audit approach and be able to rely on the IT controls in .
Foods Fantastic Company Siqi Li Oct 29TH Foods Fantastic Company is a public company which mainly operating regional grocery store in Maryland.
This Company relies on application programs, such as bar-code scanner, to entre sales to the system. The FFC majority depends on the computer system to run their business. Food Fantastic Company has recently implemented a finger print bio-coding payment system, which induces several changes to its programs.
ITGC review becomes an indispensable step for the company to ensure the reliability of information produced by a more sophisticated system.