Sofitech Individual Case Analysis
Q1. I classified the following controls based on what I read in appendix 1. For IT General Control, it talks to controls that are set in place so that a client's IT system operates correctly. These controls primarily focus on ensuring that changes to applications are properly authorized, tested, and approved before they are implemented and that only authorized persons and applications have access to data, and then only to perform specifically defined functions. Because of this, the physical access to the server room has been classified as an IT General Control. For Application Control, it talks more to automated controls that apply to the processing of individual transactions. They include such controls as edit checks, validations, calculations, interfaces, and reporting. Because of it being more automated and IT verification, the system requiring a complete and valid order number and only allowing a purchasing manager to approve purchases up to a certain amount fall under here. These are rules that are set in place that will automatically verify what is going on in the IT system before a manual view is needed. The last IT control, IT Dependent Manual Control is more detective in nature, which relies on computer produced information but has a manual oversight on it. Both the overdue receivable account being reviewed by the Credit Manager and bank reconciliations reviewed by the controller fall here as they both rely on information produced by the computer system but still need a manual review before anything is processed. I have assigned these controls to their parent categories in the tables below.
IT General Control
Application Control
IT Dependent Manual Control
Physical access to the server room is restricted
The system requires all shipments to have a complete and valid sales order number
The system allows the purchasing manager to only approve component purchases up to $15,000
Overdue receivable accounts are reviewed by the Credit Manager
Bank
IT General Control
Application Control
IT Dependent Manual Control
Physical access to the server room is restricted
The system requires all shipments to have a complete and valid sales order number
The system allows the purchasing manager to only approve component purchases up to $15,000
Overdue receivable accounts are reviewed by the Credit Manager
Bank
References: Splunk Inc-Demystifying Compliance.pdf Six_IT_Decsions_Your_IT_People_Shouldn’t_Make.pdf Sofitech_Computers_-_Module_1.docx