Accounting Systems and Assurance - Essay Example

Part A Table of Contents Introduction 2 Purpose of the Report 2 The internal control weakness that resulted in data loss 2 Components required in the data recovery plan to ensure faster recovery 3 Factors to be considered while formulating a disaster recovery plan 4 Components of COSO ERM that will improve risk analysis 5 Conclusion 6 References 7 Introduction ABC is a data storage firm working in Australia and provides financial services to its clients. The clients mostly include charity organization. The firm apart from providing services ensures that the data of each client is stored and preserved both in the hardware and backup tape so that in case of loss of data one of the above can be used to restore the data. Recently, the floods in Australia damaged the data storage facility and the resulted in the loss of data both from the computer and the backup tape. This has put the company in a dicey situation and need to devise a strategy so that such a thing doesn’t happen in future. Purpose of the Report To identify the internal control weakness that was present in the organization and resulted in data loss To identify the components that will help ABC to ensure faster recovery of data To identify the factors that needs to be looked into while formulating a disaster recovery plan To identify the components of COSO ERM that will help ABC to improve the risk analysis associated with data storage The internal control weakness that resulted in data loss ABC has lost vital information regarding its clients due to the floods which took place in the country. Apart from the natural catastrophe there are various other internal control weaknesses that are present in the organization that resulted in data loss. The internal control weaknesses are as follows ABC had all the information stored at the same premise i.e. both the actual information which was stored in the computer and the backup tape is stored at the same premise. This has resulted in the loss of data together and storing it at different locations could have helped ABC. ABC could have stored the tapes at different places and also have ensured that strategies were drafted to save its from catastrophe. ABC allows all its employees to have access to information which increases the risk of loss of data as allowing all unauthorized person to use the data increases the risk of data loss (Jenne, 1998). This increases the likelihood of the data to be misused by people and increases the chances of passing on the vital information to the competitors. ABC has also not looked into separating the duties of the different department which stores the data and which provides information to the client has also resulted in the data to be leaked into wrong hands (Jenne, 1998). This aspect of management has been ignored and not differentiating the role makes it difficult to fix responsibilities and makes it difficult for the organization to find the cuplrits. ABC has looked to develop their new structure which was similar to the old one instead the company should have looked into developing the infrastructure in such a way that looks into the environment and reduces the chances of catastrophe. This could have helped ABC as developing those would have helped the company to focus on different areas and look towards preserving the information in a better way. Components required in the data recovery plan to ensure faster recovery ABC to ensure that the data is recovered within 72 hours need to ensure that the data recovery plan has all the components that will help to ensure speedy recovery. The components that should be considered in the data recovery plan are as follows Control Environment: is creating an environment which allows the employees looking towards speedy recovery to create an atmosphere where people find it free to conduct their business and carry out their responsibilities (Internal Control, 2011). This will facilitate the process of data recovery and help to recover the data quickly. This will make the employees work towards a common goal and will help them to ensure that the work is completed within the stated time. Risk Assessment: ABC needs to weigh the risk and devise a strategy that will help to check those risks and still be able to achieve the objectives. This will help ABC to ensure that they are able to recover the data quickly. This will help ABC to prepare for the activities before hand and will guide them to recover the data within the stated time. Control Activities: ABC needs to ensure that a strategy is drafted which will help to ensure that the company is on track to accomplish the data recovery process and is able to develop a procedure which will help to reduce the inefficiency in the working environment. While ensuring that the process is correctlyformulated ABC needs to have back up plans which can be executed to achieve the results. Monitoring: This is one of the most important aspect of disaster recovery plan and the organization need to ensure that they monitor the process continuously so that any discrepancies or areas that needs to be worked on is identified and the data recovery process is faster. This will minimize the errors and help ABC to recover its data within the stated time. Factors to be considered while formulating a disaster recovery plan There are various factors that need to be looked into while ABC looks to formulate a disaster recovery plan. The factors that needs to be looked into are as follows A statement which provides the scope and capability of the plan which will ensure that the company doesn’t loose data in the future and have a process that will help to achieve it (Bradbury, 2007). This will provide the different directions that the company will be looking to work on to ensure that the chances of data loss are minimized. Presenting the rules and responsibilities that every employee needs to look into so that there is clear cut accountability and the employees know the area they need to work on. Defining the rules will ensure that the organization is able to ensure better coordinaton. This will help to fix responsibilities and will help ABC to ensure that they are able to garner maximum advantage through it. A list which prescribes the critical activities and prioritize the work that needs to looked into so that the data recovery process and data recovery plan is sound. This will ensure that the entire process of data recovery is as per plan and execution is better. Third party details like contact number, addresses, important person and people who will facilitate the data recovery process and ensure faster recovery of data. This will help the user to communicate with the concerned person easily and get solutions and help that makes it easy to carry out the duties. Components of COSO ERM that will improve risk analysis There are various components present in COSO which will help ABC to improve the risk analysis and ensure that the organization is better prepared to face the contingencies. Some of the components are as follows Strategic: This component will ensure that the organization is able to identify the areas that will increase the risk and develop a strategy to ensure better management and reduction in risk analysis (Shaun, 2010). This will allow ABC to work on those areas and develop a framework which will ensure that the roles are better realized and risk minimized. Operative: This section will ensure that a strategy is created which when worked into will ensure that that the data recovery plan is faster and reduces the chances of error. This will help ABC in time of contingencies and will make the organization have a back up plan to be used in the future. Reporting: This system will ensure that there is continuous reporting which will help to check the validity and devise a procedure which will help to change the process from time to time and ensure better management. This reduces the chances of error and helps the management to be guided through the difficulties faced in drafting new plans. Compliance: This will also ensure that ABC looks to comply with the rules and regulations and provide services which will help to improve the satisfaction level of clients. This will help to increase the presence and at the same time ensure that there is a better framework which follows the regulations laid down by the government. Conclusion ABC needs to look into devising a process and procedure and take urgent steps to ensure that the data is recovered to the maximum possible extent.The organization needs to ensure that they develop a strategy which reduces the chances of data loss and also have a strategy in place which will help the organization to recover the data. ABC needs to look towards developing a data recovery plan which can be used in times of contingencies and reduce the chances of errors and data loss. References Bradbury, C. 2007. The IT Disaster Recovery Plan. Retrieved on August 27, 2011 from http://www.continuitycentral.com/feature0524.htm Internal Control. 2011. Understanding Internal Control. Retrieved on August 27, 2011 from http://www.ucop.edu/ctlacct/under-ic.pdf Jenne, S. E. 1998. Microcomputers present a new internal control challenge. Retrieved on August 27, 2011 from http://findarticles.com/p/articles/mi_m4325/is_n4_v43/ai_n25024967/ Shaun, 2010. Enterprise Risk Management, COSO & Banks. Retrieved on August 27, 2011 from http://knol.google.com/k/shaun/enterprise-risk-management-coso-and/111qxhjw7qdff/2# Part B Table of Contents Introduction 10 Purpose of the Report 10 Reason for the interest shown by client in Cobit Framework 10 Cost involved in implementing Cobit Framework 11 Conclusion 12 References 13 Introduction The growing framework of Control Objectives for Information and Related Technologies (Cobit) is due to increased dependence on technology has made organization look into it and bridge the gap that exist between business requirements, controls and technical needs (ISACA, 2011). This has made an organization that publishes research reports on accounting and auditing to weigh the benefits and costs so that a decision regarding the Cobit framework can be decided. Purpose of the Report To find out the reason which makes clients look towards organization using Cobit framework To find out the cost involved in implementing Cobit framework Reason for the interest shown by client in Cobit Framework Clients want CPA organizations to use the Cobit Framework because it provides the following benefits Cobit framework is one of the most developed and useful framework and follows the Statement of Accounting Standards correctly (SAS 70, 2011). This is one of the most important tools for clients as they need to ensure that the presentation of financial data adheres to the rules so that there is no discrepancy or misuse of rules. Cobit framework is widely accepted and people and public accounting firms find it easy to understand the financial statements prepared through it. The wide acceptance of the framework has made more clients look towards using it as it increases acceptability and reduces the cost associated with publishing different financial reports all the time. Cobit framework looks into four main categories like planning & organization; acquisition and implementation; delivery and support; and monitoring (Chapman, 2003) which ensure that all the different aspect of assessment tool is looked into. This helps the user to provide varied information using a single assessment tool and improves the validity of the result. This IT tool helps to bridge the gap business requirements, controls and technical needs thereby helping the organization to have clear policy for development and having a system of monitoring the IT practices through out the organization (Cobit, 2011). Cost involved in implementing Cobit Framework There are various cost involved while implementing the Cobit framework as the organization has to look into directions. The costs involved are The organization has to hire specialist who are well versed with the Cobit framework so that they are able to process the system in the correct and the most efficient way (Boni, 2009). While hiring the correct talent the auditing firm also has to look into the other hiring requirements to ensure better efficiency. The organization has to incur an additional cost of monitoring the entire system as entering into a wrong transaction through the assessment tool will provide incorrect result. This thereby increases the role of the monitoring process. Increased IT administration cost as the framework requires specialized planning to ensure most effective result Timely modification to the cost allocation to ensure the way the business is changing and requires changing increases the cost related to both money and efforts to ensure that the best result is achieved. Regular improvements and changes required in the IT Cobit assessment tool increases the total cost and has to be passed on to the clients thereby increasing the cost of audit trails for the organization. Conclusion Cobit framework is thus an enhance assessment tool which helps to improve the relevancy of the information processed and helps organization to get better results. There is cost associated in using the Cobit framework but the benefits that accrues to organization using Cobit outweighs the cost involved in it. References Boni, W. Cobit Students Book. IT Governance Institute. 2009. Retrieved on August 27, 2011 from http://www.isqa.unomaha.edu/dkhazanchi/Teaching/ISQA4590-8596/Readings/ISACA-COBIT%20FRAMEWORK/Cobit_Student_Book.pdf Cobit. Cobit 4.1. 2011. Retrieved on August 27, 2011 from http://www.africanedevelopment.org/index.php?option=com_content&view=article&id=138&Itemid=138 Chapman, B. Cobit is a useful IT Assessment Tool. 2005. Retrieved on August 27, 2011 from http://www.greatcircle.com/blog/2005/07/15/cobit_is_a_usef.html ISACA. Cobit Case Study: The Manta Group. 2011. Retrieved on August 27, 2011 from http://www.isaca.org/Knowledge-Center/cobit/Pages/The-Manta-Group.aspx SAS 70. 2011. Retrieved on August 27, 2011 from http://www.larsonallen.com/Information_Security/Frequently_Asked_Questions_About_SAS_70.aspx#COSO Read More