• 15 Marks

AAA – Nov 2017 – L3 – Q7 – Audit of IT Systems and Data Analytics

Assess key controls for an online trading business, evaluate associated risks with electronic data interchange, and suggest effective risk mitigation controls.

Young Entrepreneur Trading (YET) is an online trading business established by Yemisi Tumfere. YET sources household goods from various local and international manufacturers, placing orders online with suppliers. Customers also place online orders, and invoices are processed and sent to stores for dispatch through a network of delivery centers across the country.

YET, dissatisfied with its previous auditors, has approached your firm for the audit engagement, with professional clearance obtained. As the audit manager, you are responsible for the engagement, with several new trainees under your supervision who are unfamiliar with controls for online businesses.

Requirements:
a. Discuss FIVE controls an auditor should focus on to assess the effectiveness of controls in an online system like YET. (5 Marks)
b. Evaluate FOUR risks associated with YET’s use of electronic data interchange in an online business and recommend FOUR effective controls to minimize these risks. (10 Marks)

a. Controls an Auditor Should Focus on in an Online System like YET:
In an online system, the auditor needs to focus on both general and application controls to assess system effectiveness:

  • Access Control: Controls over system access are crucial, as transactions in online systems are processed immediately upon input. Access restrictions help prevent unauthorized access to sensitive files and systems.
  • Software Control: System software should include controls that prevent unauthorized changes to programs, ensuring that only authorized personnel can alter critical software.
  • Transaction Log Control: A transaction log, or audit trail, should be maintained. This log should allow the tracking of all transactions and enable the auditor to review any transaction on request.
  • Internet Access Control: Firewalls should be implemented to safeguard systems that interact with the internet, reducing exposure to external threats.
  • Data Validation Control: Controls to check data accuracy and completeness, such as ensuring product codes are entered correctly, help maintain data integrity.

b. Risks Associated with EDI in an Online Business and Effective Controls:
Electronic Data Interchange (EDI) systems can enhance operational efficiency but also pose risks:

  • Risk of Lack of Audit Trail: EDI systems may lack a conventional audit trail, making it challenging for auditors to track and verify transactions.
    • Control: Use of a transaction log or audit trail to record all data exchanges, ensuring traceability.
  • Increased Dependency on Computer Systems: High reliance on internal and external systems means that a failure in one system can impact YET’s operations.
    • Control: Implement contingency plans, including system backups and failover protocols, to mitigate the impact of system dependencies.
  • Risk of Data Loss or Corruption during Transmission: Data can be lost or corrupted when transmitted between systems.
    • Control: Employ encryption for data in transit and establish acknowledgment protocols to confirm data receipt.
  • Security Risks in Data Transmission: Unsecured transmissions can lead to unauthorized access or data breaches.
    • Control: Use authentication codes for data senders and virus protection systems to secure transmission lines and protect data integrity.
Back to all questions
online
Knowsia AI Assistant

Conversations

Knowsia AI Assistant

Pick a Form

Professional Tutor Application Form
Academic Tutor Application Form
Student Tutor Application Form