The successful management of a company or any other business entity requires that the management and other decision making organs must undertake all the preventive measures necessary for the reduction of all possible risks. This process requires an integrated approach to risk assessment which involves risk identification and detailed analysis of relevant risks that may prevent an organization from achieving its overall objectives and those of the individual constituent units. Kurdler Fine Foods like any other enterprise or business is liable to face a number of risks in their systems. In any business environment, risks exposures could either result the internal sources such as the company employees or external sources like computer network hackers, or virus attacks on business network. The common sources of the system risks include the following:
- Managers and system accountants with the executive authorities to confidential information such as records and financial reports. Since these groups of people have the authority to approve business transactions on their own, they are likely to contribute to the system risks in the eventual management.
- Clerical officers and data entry officers who process various transactional data with uncontrolled access to assets feed information into the system upon which managers base their decisions. Any false information will eventually find its way into the analysis if there is no data entry check or scrutiny.
- Customers and suppliers provide the bulk of information into the system for analysis. Constant change of customers’ characteristics can lead to modification of user interface at all times. This can lead to entry errors particularly when the new necessary fields have not been created.
- Competitors who may be interested in accessing confidential information may collaborate with unscrupulous employees and hack the computer network to access confidential information.
- Disgruntled or former company employees could be another source of system risks. Information leaks from former employees provide feasible avenues that can be explored by the competitors to bring the business/company down.
- Computer programmers and hackers with the profound knowledge about various operations of the system.
Having known the possible sources of risks at the Kurdler Fine Foods, the business is therefore exposed to the following risks in their accounting information system:
- Breakdown of system communication protocols and power failure: Kurdler Fine Foods may not operate when the software system or the computer system crashes. In the event of power failure within the external support quarters such as system network provider, an organization suffers a total failure in its operations. This may cause significant delays in the business processes which can negatively affect the business depending on its severity.
- Loss of data due to system virus, crash or wrong entry: Finding audit trail can be very difficult due to the anomalies of the system. Accidental or deliberate errors entered into the system result into faulty analysis. The structure of accounting information in Kudler Fine Foods should be designed to allow centralized control of information from established databases.
- Data quality remains a problem because edit checks is done by system consistency rules based on database operational build. Any data without the correct information about source causes difficulty in trailing documentary sources. This occurs when data has been wrongly entered and the original document discarded due to digital company filing.
- Integrity of transactions within an organization: data errors may lead to incorrect results of the processed information within the system database.
- Effects of errors from one source can easily cascades into other files within the database.
- Unauthorized theft of assets and data manipulation can cause massive damage long before the effect is detected.
- Anomalies buried in impressive looking reports are easily accepted and employees can easily adopt such false information without any questioning or critical examination since they wholly trust system and its constituent data.
- Constant updates and routine checkup renders the system information temporary. Kudler Fine Foods does have any permanent records, because data stored on magnetic medium is subject to constant manipulation.
Control activities are mainly related to financial reporting. From the Kurdler Fine Foods system, the relationship between controls and risks within the company can be summarized by Figure 1. From Figure 1, it can be realized that accounting information systems contain both audit considerations and cost benefit considerations benefits.
Establish a code of conduct to which all employees must ascribe to knowing that the frequency of transaction exposes the business to more risks. Given that Kudler Fine Foods has some transactions that require constant update of information within the system, the involved employees should adhere to the specified code of conduct to ensure accuracy of information and responsibility towards their actions.
Enforced access control procedures and responsibility tagging that requires certain transactions to be carried out by particular specialists. Collusion can be a greater challenge to address especially when more fraudulent staff members are involved. Even with stringent procedures, it still remains difficult to counteract due to the involvement of both internal and external parties. Although tracking computer use anomalies and unusual errors that go unnoticed can be difficult, Kudler Fine Foods can enforce computer crime monitoring control that ensures certain files are strictly accessed by authorized staff.
Introduction of feasibility controls into Kudler Fine Foods will improve cost benefit considerations. This process involves determination of computer systems that are subject to control and further establishment of all the potential threats that the company is likely to experience. The control will analyze all the risks to which the company is exposed to and in turn establish their (risks) severity. The top management support is required so that awareness of computer abuse spread throughout the company. The system can also be configured to capture the common details of computer abusers.