August
1999 QUESTION 2 Total Marks: 20 Marks |
Click here to access other
questions
SUGGESTED SOLUTIONS |
(a) | Why are control measures required in an organization? | [3] |
Control measures
ensure the safety of computing assets, accuracy and reliability of data, and operational
adherence to computing standards.
|
||
(b) | Recommend a control to prevent each of the
following situations from happening, and explain how your recommendation can help the
situation. (i) The 'Hour' field for an hourly-paid employee is supposed to contain '01' for 1 hour, '02' for 2 hours, and so on. The number of hours worked for each employee is recorded on a daily basis. One employee's 'Hour' field contained the number '40' on a particular day, and a check of $6872.51 was accidentally prepared and mailed. (ii)A programmer obtained the master payroll file, and changed his monthly salary from $2000 to #4500 through the computer console. (iii) The accounts receivable file on disk was lost and could not be found. It was the only softcopy the company had. The hardcopy was incomplete, and it took weeks to sort out the details of accounts receivable. (iv) A member of staff was informed by the Human Resource Department that they had received his complaint email. However, the staff member had never sent such an email. Someone in the organization had made use of this person's email account in sending the complaint to Human Resources. (v) A salesperson, keying in a customer order from a remote computer, inadvertently omitted the delivery address from the order. |
[2]
[2]
|
(i) Limit check. The 'Hour' field should have a limit if the maximum hours an employee can work for the day. If the input is greater than this limit, it is rejected.
|
||
(ii) Access control on data set. Only authorized personnel should have access to the data file. (or:) Separation of EDP controls: The programmer should not have access to the live data.
|
||
(iii) Establish file backup and recovery. Important data files should be backed up regularly, with backups kept in separate locations.
|
||
(iv) Access control in logging on to the system. Staff members should keep their passwords secret, and change them periodically.
|
||
(v) Validity check. The system should have prompted the salesperson before accepting a blank delivery address.
|
||
(c) | (i) Briefly outline the two aims of computer
audit. (ii) Why is audit through the computer preferable to audit around the computer? (iii) Discuss two disadvantages of audit through the computer, as compared with audit around the computer. |
[2] [3]
[2] |
(i)
|
||
(ii) Audit around the computer examines only the input and output for an application system, whereas audit through the computer also examines the logic and controls within the system, and the records produced by the system. Thus auditing through the computer is more thorough.
|
||
(iii)
|