Chapter 8
Problem 10.7
Which controls would best mitigate the following threats?
a) The hours- worked field in a payroll transaction record contained the value 400 instead of 40. As a result, the employee received a paycheck for $6,257.24 instead of $654.32.
Answer: Data entry controls should be implemented of this threat. It can conduct a field check by separating the salaried and hours and minutes of fields. Limit check to ensure that each of the employees should not excess the limit of work hours. As an example, normal staffs have predetermined value of 50 and hours don’t exceed a predetermined value. The regular hours- worked field in weekly payroll must be less than 40 hours and if they exceed the time, company need to pay for overtime payment. Therefore limit check can detect this threat and those overtime hours also calculate as limit check too. However, it should have a sign to alert the entire user that 40 hours have been exceeded.
Reasonableness test also is one of the controls that can use to implement the threat. Payroll officer have to aware that there are none of one employee can have 400 work hours per month. From mine research, a normal working hour of a company are 8hour per day, 280 hour per month, this amount is not exclude the public holiday and weekend, so it is not logical for an employee can work 400hours per month.
b) The account receivable file was destroyed because it was accidentally used to update account payable.
Answer: The best way to mitigate the threat is all files should have header labels to identify their contents. They can conduct validity check to compare the file labels and content. Moreover, they can conduct a file labels control. This can ensure that the correct and most current files are being updated. All files should have external labels and operators should be instructed to read them prior to running the programs. In addition, all files should have internal header labels to identify their contents and all
Which controls would best mitigate the following threats?
a) The hours- worked field in a payroll transaction record contained the value 400 instead of 40. As a result, the employee received a paycheck for $6,257.24 instead of $654.32.
Answer: Data entry controls should be implemented of this threat. It can conduct a field check by separating the salaried and hours and minutes of fields. Limit check to ensure that each of the employees should not excess the limit of work hours. As an example, normal staffs have predetermined value of 50 and hours don’t exceed a predetermined value. The regular hours- worked field in weekly payroll must be less than 40 hours and if they exceed the time, company need to pay for overtime payment. Therefore limit check can detect this threat and those overtime hours also calculate as limit check too. However, it should have a sign to alert the entire user that 40 hours have been exceeded.
Reasonableness test also is one of the controls that can use to implement the threat. Payroll officer have to aware that there are none of one employee can have 400 work hours per month. From mine research, a normal working hour of a company are 8hour per day, 280 hour per month, this amount is not exclude the public holiday and weekend, so it is not logical for an employee can work 400hours per month.
b) The account receivable file was destroyed because it was accidentally used to update account payable.
Answer: The best way to mitigate the threat is all files should have header labels to identify their contents. They can conduct validity check to compare the file labels and content. Moreover, they can conduct a file labels control. This can ensure that the correct and most current files are being updated. All files should have external labels and operators should be instructed to read them prior to running the programs. In addition, all files should have internal header labels to identify their contents and all