Call us 24/7: + 1(925)399 0085

Get your paper done by an expert

No matter what kind of academic paper you need, it is simple and secure to hire an essay writer for a price you can afford at StudyAcer. Save more time for yourself.

WhatsApp + 1(925)399 0085
$ 10
free
  • bibliography
  • title page
  • revisions
per page
19 k happy customers
4.7 out of 5 satisfaction rate
27 writers active

Foods Fantastic Company sample essay

Foods Fantastic Company’s IT processing is very complex and sophisticated, therefore according to the SAS 109’s risk assessment procedures and SOX Section 404 Management Assessment of Internal Controls, an IT General Control review is required. The purpose of an ITGC review is to provide the foundation for reliance on any financial information Foods Fantastic Company produce. Although an ITGC review does not directly result in misstated financial statements or material control weaknesses, it can indirectly cause application control deficiencies, and affect the financial auditor in assessing the risk of material misstatement in FFC’s financial statements. For the risk assessment my team performed at Foods Fantastic, first, we wrote down some questions and concerns for each ITGC area. Then, we looked at the company’s organization chart and had a meeting with the head of each department, and took notes from the meetings. We also observed the audit team. After that we wrote down the strengths and weaknesses, and decide the level of risk assessment for each area. First of all, in the area of IT Management, the risk assessment is medium. They have a strategic plan, which is a strength, because a strategic plan will help FFC to meet its business goals by outlining the objectives and strategies for the information system group.

In addition, FFC has an IT steering committee, which is also a strength, because the committee develops and revises IT and security policies, and reviews the operations of the IT department. However, there are a couple of weaknesses in the area of IT Management. For instance, their Chief Information Office only reports to their Chief Financial Officer. According to the Sarbanes-Oxley Act, the company’s chief executive officer and chief financial officer are requires to include an assessment of the operating effectiveness of their internal control structure over financial reporting when issuing the annual report. In addition, the Vice President of Applications, Vice President of Operations, Vice President of Information Security, and Vice President of Database Administration reports only to Chief Information Officer Second, there are quite a few strengths in their Systems Development area, they design, develop, and implement systems in a logical fashion, which all the duties are segregated. In addition, the organization consider internal controls as an integral part of systems design, and the IT personnel adequately tested the new bio-coding payment system prior to its implementation, so we determined the risk assessment in this area is low.

However, FFC’s Internal Audit Department is involved as a voting member of the project teams. Internal audit performs post-implementation reviews on all projects over $2 million. Internal Audit should be independent, and should not be involved in the project ream. Third, the risk assessment in the area of Data Security is high. Although they have high control on the physical access to their data center computer room, but they have low control on the logical access. In order to control the physical access, FFC’s computer room within its data center is locked at all times. All outsiders must first contact the data center manager in order to enter the computer room. Each must bring an official picture ID, sign a visitors’ log, and be escorted at all times by data center personnel during the visit. They also have environmental control in the computer room and are tested semi-annually.

However, the Human Resources Department only forward the Transfers and Terminations report each month, and not immediately after the employee is transferred or terminated. The security policy is not current and was revised in 2005. The system generates a logical access violation report daily, but the company police only requires the Vice President of Information System to review the unauthorized system access report once a month.

Finally, the risk assessment in Change Management area is low, but the risk management in the Business Continuity Planning area is high. Although they have no incidents occurred that required them to recover their systems, a company should always have a business continuity plan. They did not document any business continuity or disaster recovery plan, nor they did test the backup tapes during the past years, which they have no intention to test the tapes in the future. FFC backs up all of the data daily, but only store them once a week at a company-owned offsite location. They should store the data daily.

Overall, I set FFC’s assessed level of ITGC risk as high because of their data security and business continuity planning. Data is the most important elements of an organization. Without data, the organization will not be able to operate. The fact that FFC does not have a business continuity plan because they believe that is cost prohibitive for an organization of its size is wrong. Every organization should have a business continuity plan in case there is a natural disaster. In addition, FFC should do a better job in control of logical access because hacker don’t necessary have to gain access to the organization’s data physically.

Our guarantees

Study Acers provides students with tutoring and help them save time, and excel in their courses. Students LOVE us!No matter what kind of essay paper you need, it is simple and secure to hire an essay writer for a price you can afford at StudyAcers. Save more time for yourself. Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.

Money-back guarantee

You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.

Read more

Zero-plagiarism guarantee

Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.

Read more

Free-revision policy

Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.

Read more

Privacy policy

Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.

Read more

Fair-cooperation guarantee

By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.

Read more

Our Homework Writing Disciplines

With a highly diverse team in almost all academic fields including: