No Plagiarism Will Be Accepted: The Letter Must Be Written
No Plagiarism Will Be Accepted The Letter Must Be Written In Apa 6th
No plagiarism will be accepted. The letter must be written in APA 6th edition format which includes in-text citations and a reference page. Assignment length is 2 pages, due Sunday morning. Smith, a certified public accounting firm, was engaged to audit the financial statements of the Sky-is-the-Limit company. The company has its own IT installation.
While obtaining an understanding of internal control, Smith found that Sky-is-the-Limit lacked proper segregation of the programming and operating functions. Smith analyzed the internal control surrounding the system to ensure that the corporate governance was being maintained, and he concluded that the existing compensating general control activities provided reasonable assurance that the objectives of internal control were being met. Prepare a letter addressed to the board of directors that discusses the following: How is the separation of the programming and operating functions accomplished in a properly functioning IT environment? Explain the 3 subdivisions of information systems management, and discuss how they apply to this situation.
Paper For Above instruction
Dear Members of the Board of Directors,
I am writing to you on behalf of Smith, the certified public accounting firm engaged in auditing the financial statements of Sky-is-the-Limit. During our examination of your firm's internal controls over your IT systems, we identified a significant area requiring attention: the segregation of programming and operating functions within your IT environment. Proper segregation of duties is critical in safeguarding assets and ensuring the integrity and accuracy of financial data. This letter aims to elucidate how such segregation should be accomplished and to clarify the relevant subdivisions of information systems management that relate to your current situation.
Segregation of Programming and Operating Functions in a Proper IT Environment
In a robust and properly functioning IT environment, the segregation of programming and operating functions is achieved through clearly defined roles and responsibilities that prevent a single individual from controlling multiple critical functions. Program development, or programming, involves designing, coding, and testing computer applications, whereas operating functions include the daily running, monitoring, and maintenance of the systems (Romney & Steinbart, 2018). To prevent errors or fraud, organizations implement controls that separate these duties; for example, developers should not have access to live data or the authority to modify operational systems without oversight. Access controls are used to restrict access privileges, ensuring that programmers cannot alter live systems or data, and operational staff cannot modify system code without proper approval and documentation (Gelinas et al., 2019).
Furthermore, organizations often utilize independent review processes where changes to the system are tested and approved by personnel with no involvement in either programming or operational activities. This creates a system of checks and balances that reduces the risk of unauthorized activities and enhances accountability. In the case of Sky-is-the-Limit, the absence of proper segregation increases the risk of fraudulent activities or accidental errors, but existing compensating controls may help mitigate these risks in the interim (Harris, 2020).
The Three Subdivisions of Information Systems Management
Information systems management encompasses three interconnected subdivisions: management of hardware and infrastructure, management of applications and software, and management of data and security. Understanding how these subdivisions apply to your organization provides insight into implementing effective controls and addressing gaps in segregation.
1. Management of Hardware and Infrastructure
This subdivision involves overseeing the physical technology resources, including servers, networks, and data centers. Proper management ensures secure and reliable hardware operations. In the context of Sky-is-the-Limit, this management area entails safeguarding physical access to servers and network components to prevent unauthorized physical interventions, which could compromise system security (Laudon & Laudon, 2019).
2. Management of Applications and Software
This subdivision focuses on the development, implementation, and maintenance of software applications, encompassing programming functions and operational control over application environments. Ensuring these functions are segregated involves establishing roles that separate developers from system administrators who manage the application's operational aspects. In Sky-is-the-Limit’s situation, the lack of differentiation here could allow programmers to inadvertently or intentionally manipulate operational systems, hence the importance of establishing strict access controls and change management procedures (O'Brien & Marakas, 2020).
3. Management of Data and Security
This subdivision manages data integrity, confidentiality, and security policies. It involves implementing security measures such as encryption, user authentication, and monitoring systems. Data management and security protocols help ensure that sensitive financial data are protected from unauthorized access or alteration. Application of these controls is vital for Sky-is-the-Limit to mitigate risks associated with insufficient segregation of duties, especially as it pertains to access permissions and audit trails (Whitten & Bentley, 2017).
Application to Sky-is-the-Limit’s Situation
Given the absence of proper segregation between programming and operating functions at Sky-is-the-Limit, implementing controls within each subdivision becomes crucial. Management of applications and software can be strengthened by assigning distinct roles to developers and operational staff, with formal approval processes for changes. Data and security management should enforce rigorous access controls and authentication mechanisms to prevent unauthorized modifications or data breaches. Hardware management, while less directly involved, supports overall security by controlling physical access to supporting infrastructural components.
While the existing compensating controls provide a degree of assurance, establishing explicit segregation of duties across these subdivisions aligns with best practices in IT governance and internal control frameworks (COSO, 2013). Such segregation reduces the risk of errors and fraud, enhances accountability, and promotes overall system integrity. It is recommended that Sky-is-the-Limit review and revise its internal policies to incorporate role-based access controls, regular audits of user activities, and separate responsibilities for programming, systems administration, and operational tasks.
In conclusion, strengthening the segregation of programming and operating functions through clear role definitions and controls within each subdivision of information systems management will support both your company's internal control objectives and broader corporate governance standards. We are prepared to assist in further assessment and implementation efforts to achieve these goals.
Respectfully,
Smith, CPA
References
- COSO. (2013). Internal Control – Integrated Framework. Committee of Sponsoring Organizations of the Treadway Commission.
- Gelinas, U. J., Sutton, S. G., & Zimmerer, T. W. (2019). Accounting Information Systems (13th ed.). Cengage Learning.
- Harris, S. (2020). Internal Controls and Fraud Prevention. Journal of Accountancy, 229(2), 54-59.
- Laudon, K. C., & Laudon, J. P. (2019). Management Information Systems: Managing the Digital Firm (15th ed.). Pearson.
- O'Brien, J. A., & Marakas, G. M. (2020). Management Information Systems (11th ed.). McGraw-Hill Education.
- Romney, M. B., & Steinbart, P. J. (2018). Accounting Information Systems (14th ed.). Pearson.
- Whitten, J. L., & Bentley, L. D. (2017). Principles of Information Systems (11th ed.). Cengage Learning.