Fonterra Ltd - Diary Company in New Zealand - Assignment Example

? Accounting Information Systems Fonterra Ltd. Introduction Fonterra Ltd is a diary company in New Zealand which is known to bring quality milk products to its customers around the globe. The Fonterra Cooperative group was formed in 2001 and has become the world’s largest exported with around 11,000 shareholders at present. The bulk exports of Fonterra are exported from New Zealand to 140 countries in the world. Total collection of milk in the milk tankers of Fonterra Ltd. is around 14 billion liters. The company’s total assets employed is NZ$15.5 billion while the annual turnover of the company as of 31st July 2011 is NZ$19.9 billion. The number of employees working for Fonterra is around 16800. The strategies adopted by the company are to make business in the emerging economies like China, Latin America and ASEAN; thus creating a strong presence. Optimizing the business of milk in New Zealand, protect the exports of milk exports in New Zealand by building integrated offshore milk pools, so that the higher value returns gets back to the country; focusing on creating quality product for its customers with special concern for mother and babies (Fonterra Ltd., 2011, pp.2-20). Computer fraud and abuse Accounting information system is a process by which the accounting of the company is done based on the Generally Accepted Accounting Principles (GAAP) by the use of the modern information technology. The Accounting Information System (AIS) of a company is composed of six main elements of the company, namely, people who will operate the system, procedure and instructions based on which the data is retrieved from different sources of the company, the related data which is very essential for the organization’s business practices, the required infrastructure for the information technology of the company so as to smoothly operate the system comprising of both the software and the hardware and lastly the internal controls so as to adopt security measures which will prevent the leakage of the sensitive data. Thus Fonterra can be exposed to the risk of fraud and abuse related to the theft of equipment, inventory or cash of the company. Even the fraud and abuse in the accounting information system of the company may result in false invoicing; payroll fraud arising out of the accounts made for directing the salary to a non-existing employee of the company; e-commerce frauds which have become very common now a days; for high level of outsourcing forgeries takes place on the ground of assets of the company being used for personal uses. If the employee of the company is not loyal then the risk of fraud and abuse of the company on the ground of accounting information system may lead to the disclosure of information and the intellectual property of Fonterra. Generally the fraud of a company usually occurs on the ground of poor internal control of the company. Thus Fonterra must take precautionary measures to tighten the internal control system of the company. If the items of the company is highly desirable the chances of forgery increases leading to fraud and abuse. Other reasons behind the occurrence of fraud and abuse of the company may arise from insufficient preventive measures and detection strategies having loop holes. The company should also know how to deal with the detection of the fraud; for example if a person is convicted of committing forgery in the company, just looking at the reputation of the company the concerned person is asked to resign. But in a situation like this civil or criminal action should be taken against the fraudster. Thus the fraud and abuse of the company generally arises from lack of strong internal control of the company. Since the AIS department is the heart and soul of the company, on the basis of which the company is able to carry out its operations. So, the personnel being appointed in the department of AIS should go through extensive interview process in order to appoint the most appropriate person for the concerned department. Fraud and abuse are ought to happen with the increase cases of hacking taking place, thus a separate department should be established by the company to protect itself from the occurrence of forgery (Rae, 2012). Protection against fraud and abuse with reference to control model theory The protection that is adopted against the fraud and abuse of the company’s accounting information system based on the control model theory is proper authorization of the transactions and activities of the company. The design and use of the records documents of the company should be adequate and in tandem with the protection rules and regulations of the company. Initiative must be taken in safeguarding the internal records of the company with respect to its assets. Independent checks on the performance of the individual personnel especially in the AIS department should be made as a protective measure against the forgery that may take place in the concerned department of the company. The practice of digital signatory should be started in the company for signing of any document which in turn will reduce the chances of reducing the chances of abuses in the company. Specific authorization should be delegated to the personnel so as to carry out only certain transactions and activities of the company. Implementation of the internal control system should be applied so that no particular employee is given too much of responsibility to carry out. The employment contract should be made such that the employee of the organization should not be able to perpetrate and conceal frauds or errors caused unintentionally to the company. Segregation of duties is very important in this case. The segregation of the duties prevents employees from presenting false records concealing the theft of the assets entrusted to them. Designing and use of the adequate records help safeguard the assets of the company. Preventive measures such as maintaining adequate records for the assets of the company with respective information about the same, restricting physical access to paper assets and the cash of the company, having restrictive storage areas which will only be operated by few selected head of the company. Being alert to the early warning signs of the company and responding to them as quickly as possible in order to stop the fraud from occurring. Appropriate blend of the information system of the company with respect to its manual control is also essential for the company. The company should also make certain that all the employees of the company are complying with the internal controls of the company. But before the application of the protective measures of control against fraud of the company the risks associated with it should be identified. The company should also look forward towards an enhanced organizational culture. The employees of the company should be trained in the process of fraud awareness of the company. This in turn will help the company in the detection of the risks associated with the company related to the fraud and abuse of the AIS department. The top priority for Fonterra is that any practices of fraud and abuses are not tolerated in the company. Thus the main key to the prevention of the fraudulent practices taking place in the company is to strengthen the internal control system of the company (Gelinas, et al., 2011, p.7) Security considerations in relation to the company’s information system The security considerations for Fonterra’s information system are made for the protection of the company against any type of fraud. Fonterra has adapted the exchange of data and information between a few selected users both within and outside the company. Fonterra promotes electronic commerce transactions on a B2B (business-to-business) and amongst the externals users of the company. Measures adopted in order to increase the efficiency of the company. Fonterra even provides clarity in the understanding of the security standards of the company so that it can be easily followed by the partners in business as well as the customers of the company. Proper description regarding the accessible information is provided by the company which needs to be reviewed from time to time by the company’s attorney. The authorized signature is required to be made by the corporate attorney. It should be ensured that any kind of intrusion shall be investigated and reported to the concerned person and that corrective action should be taken against the same. The use of the firewall system is a must for all AIS department for which other secured technologies and networking strategies shall be adapted. Auditing of the AIS department will occur on a regular basis depending on the urgency of detection of the records. The personnel who have a direct access to the accounting information system of the company or are involved in maintaining the records has to participate in the security awareness program of the company from time to time so as to ensure the understanding of the company related security responsibility by the use of the information technology of the company. Security considerations related to the information system of the company involves the additional use of the security software along with that of the hardware which will enable the company in detecting the intrusion that is taking place. This will also help in the scanning of the virus, authentication, identification and encryption of the entire network of the company. Installation of the fraud detection system will enable the company to detect the forgeries that occur in the accounting information system of the company. Virus scanning helps in protecting the data and other related information of the company from transmitting from one system to another. The I&A (identification and authentication) mechanism of the company helps ensure only the authorized personnel of the company has access to the sensitive data and information of the company. The process of encryption during the transmission of the data of the company as well as its storage of the related data protects its integrity and the confidentiality. The auditing mechanism related to the information technology of the company should be adopted to control the risks associated with the IT department of the company. The auditing of the company should be carried out on a regular basis to protect the company against any kind of fabrication in the data of the company. Confidentiality and Privacy demonstrate understanding of the importance of matters to the chosen company Confidential information of a company related to the customers of the Fonterra’s information system is the private information of the customers of the company. This information are contracted not to be disclosed to any person outside the company. The information furnished by the customers of the company is made to keep a track of the customer base of the company. Based on the present customer base of the company the income of the company can be assessed. Thus the company uses the clause of confidentiality to prevent the disclosure of the information to any unauthorized systems or individuals. Thus to comply with the confidentiality and privacy of the customers of Fonterra certain security requirements are followed by the company. An effective control system is set up for the identification of the users of the company’s portals. The system through which the customers of the company register as the users of the company portal has to undergo a secured system of selecting a password. This system of assigning the password passes through a special identifier technology to track the customer whenever he/she logs to the company site. The system of data security is also adopted by Fonterra so as to ensure the passwords of the customers are kept in a location/format that maintains stringent protection control system of the entire biometric technology. Restricting access on accounts of concerned customers of the company, so that the possibility of information leakage is nullified. The access of the user is blocked after multiple attempts which has turned out to be unsuccessful or limitation place on access for a particular period of time. Strict rule is made prohibiting the sharing of the information of the customers by any personnel of the company, breaching which the employee may undergo strict penalization. In special cases when the information of the customer is required to be disclosed it has to be done under the legal process of the government. The authority of the company should be immediately informed regarding such information of the company being disclosed. But disclosing of the information should be only to the extent of its required by the company and not all the details of the concerned customer. If the information of the company is disclosed except under the above condition the company has to undergo legal penalization by the customer of the company. The consequences of the data privacy can turn out to be serious for the company. The company also needs to process the information thus content in the database of the company. This information of the company needs to be accumulated and segregated there after based on the urgency of the information thus obtained by the company. The company also ascertains that the information of the customers is used for the legitimate purpose of the company’s business. In case the sensitive data of the company related to the customers’ gets leaks major consequences has to be faced by the company in the long-run, this can tamper its reputation to a great extent. Discussion of the theory and justification of comments The company Fonterra Ltd. has taken a lot of preventive measures to protect the information of the company not only to the extent of the accounts of the company but also towards safeguarding the confidentiality regarding its customers. Being one of the biggest companies in New Zealand in the business of milk products it sticks to the rules and regulations of the company. Fonterra’s prime goal is the satisfaction of its clients. Thus it gives special attention in the area of guarding the information of its clients. The company is earning favorable returns since the past two years which has been possible because of the privacy policy maintained by the company. The company’s accounting information system is well guarded which can be analyzed from the recruitment policy adopted by the company. If anybody is convicted of the fraudulent practice in the accounting information system of the company, the concerned person undergoes severe legal punishment and is also sacked from the company at the same time. Very recently a Health care in New Zealand had passed a memo to its staff as the more than 50 patients’ record file documents were found on the streets of Christchurch Street of New Zealand. This kind of breach of privacy led to investigations made by the authority of the Health care on New Zealand as well as the police of the country (APNZ staff and Herald Online, 2012). Reference Fonterra Ltd., (2011). Annual Report. Retrieved from: Gelinas U. J., et al., (2011). Accounting Information Systems. United States: Cengage Learning. Rae S., (2012). Fonterra drops to fourth on world list. Retrieved from: APNZ staff and Herald Online, (2012). HealthCare NZ 'sorry' for privacy breach. Retrieved from: Read More