Competency
Evaluate the threats and risks associated with accountinginformation systems.
Scenario Information
BeGood Baking Supply is a small bakery supply company formed asa closely held corporation. The company supplies raw bakingmaterials, paper goods, and equipment to restaurants and bakeriesin three states in the upper mid-west. Most of its business,however, is located in a large metropolitan area. BeGood wants toincrease its presence in the region and serve five states. In fact,the owners of BeGood would like 75% of their business to come fromthroughout the region rather than the current metropolitan area. Inorder to do this, the owners understand they must diversifyofferings and lines of business.
Currently, BeGood has a phone center where customer orders aretaken; these orders are then sent to shipping where the order isfilled in its large warehouse and shipped within four days. BeGoodoutsources its shipping to a local trucking company. Once the orderships, all paperwork goes to the accounting department where it isentered into the accounting system. BeGood still uses the sameaccounting system it has used since the inception of the company.All aging of receivables and other analysis is done using Excelspreadsheets. Purchasing and tracking of inventory are done solelyby the warehouse manager. Invoices for inventory purchasing aresent to the accounting department when goods are received.
The owners at BeGood are wondering how they can utilize anonline presence and further automate its systems in order tofacilitate its growth and diversify its business. The owners mayalso like to expand into the retail business.
You have been hired as a full-time staff accountant at BeGoodBaking Supply, and have been given the task of evaluating andrecommending a viable accounting information system for theaccounting and financial data of BeGood in order to facilitateexpansion and diversification. As you begin your research, yourealize that many departments are involved in the informationsystem, and communication is key.
Instructions
As part of the BeGood AIS assessment, you must address risks,threats, and controls in compliance with the COSO framework. Youknow the external auditor will also want this information, so youdecide to document it now. In preparation for the company externalaudit, you prepare the following documentation to assist the auditteam in starting their work:
- Document a new AIS with a flowchart that will address the sizeand scope of BeGood in its current form.
- List at least three vulnerabilities and appropriate controlmeasures to manage the vulnerabilities for each function(department) within the flowchart.
- Devise controls based on threats in a general ledger reportingsystem.
- Evaluate at least one security policy or procedure that wouldminimize threats and risks.
