Deliverable 5 – Threats, Risks, and Controls

Competency

Evaluate the threats and risks associated with accounting information systems.

Scenario Information

BeGood Baking Supply is a small bakery supply company formed as a closely held corporation. The company supplies raw baking materials, paper goods, and equipment to restaurants and bakeries in three states in the upper mid-west. Most of its business, however, is located in a large metropolitan area. BeGood wants to increase its presence in the region and serve five states. In fact, the owners of BeGood would like 75% of their business to come from throughout the region rather than the current metropolitan area. In order to do this, the owners understand they must diversify offerings and lines of business.

Currently, BeGood has a phone center where customer orders are taken; these orders are then sent to shipping where the order is filled in its large warehouse and shipped within four days. BeGood outsources its shipping to a local trucking company. Once the order ships, all paperwork goes to the accounting department where it is entered into the accounting system. BeGood still uses the same accounting system it has used since the inception of the company. All aging of receivables and other analysis is done using Excel spreadsheets. Purchasing and tracking of inventory are done solely by the warehouse manager. Invoices for inventory purchasing are sent to the accounting department when goods are received.

The owners at BeGood are wondering how they can utilize an online presence and further automate its systems in order to facilitate its growth and diversify its business. The owners may also like to expand into the retail business.

You have been hired as a full-time staff accountant at BeGood Baking Supply, and have been given the task of evaluating and recommending a viable accounting information system for the accounting and financial data of BeGood in order to facilitate expansion and diversification. As you begin your research, you realize that many departments are involved in the information system, and communication is key.

Instructions

As part of the BeGood AIS assessment, you must address risks, threats, and controls in compliance with the COSO framework. You know the external auditor will also want this information, so you decide to document it now. In preparation for the company external audit, you prepare the following documentation to assist the audit team in starting their work:

  1. Document a new AIS with a flowchart that will address the size and scope of BeGood in its current form.
  2. List at least three vulnerabilities and appropriate control measures to manage the vulnerabilities for each function (department) within the flowchart.
  3. Devise controls based on threats in a general ledger reporting system.
  4. Evaluate at least one security policy or procedure that would minimize threats and risks.