Alman-Najar Namla

IT 141 A
Assignment
5-25 MailMed Inc. (Control Weaknesses and a Disaster Recovery Plan)
1. Describe at least four computer control weaknesses that existed at MailMed Inc.
Prior to the flood occurrence.

Place of Processing Center the processing center is too obvious for

everybody. Unlawful elements have an advantage when they want to steal
information from the company.
Protection from natural disaster the data processing center is
protected against fire only. But no/t floods. The center should be protected
from all types of natural disasters even from terrorist attacks.
Unscheduled backup procedure the backing up of files is not
scheduled. The company might lose a significant amount of data in case
of system meltdown.
Not guarded no security whatsoever was mentioned in the case only
people who know how to operate it.

2. Describe at least five components that should be incorporated in a formal

disaster recovery plan so that MailMed Inc. Can become operational within
72hours after a disaster affects its computer operations capability.

Describe procedures to be followed in every possible scenario

Recovery site that can either be hot or cold site
Appoint an executor or in charge
Describe role of the team members
Create a disaster recovery team and time table

3. Identify at least three factors, other than the plan itself that MailMed Inc.s
management should consider in formulating a formal disaster recovery plan.

Cost-benefit Analysis, inexpensive recovery plan

Insurance
Backup/recovery

5-26 Bad Bad Benny: A True Story (Identifying Controls for a System)

1. Identify the control weaknesses in the revenue and purchasing processes.

Separation of Duties as observed in the case, no separation of duties

where implemented only one personnel doing the work of appropriating,
approving and issuing of payments. He personally managed all aspects
of the cash function.
Conflict of Interests Benny had control over everything, approving and
checking of the payments. As the issuer of checks he had the liberty to
fake figures in the bank reconciliation. Which lead to high vulnerability in
their accounting system, resulting to fraud.
Hiring Family Members there are a lot of disadvantages in hiring family
members, most specially hiring them to control your money. They can take
advantage of you, which actually took place in the case, theres
favouritism, the dilemma of to discipline or not discipline and etc.
Lack of Supervision Benny couldnt have done it if there was
supervision.

2. Identify any general controls Arthur should have implemented to help protect the
company.
Arthur should have implemented better security policies like the following:

Identifying Threats Arthur should have identified the threats that could
come with his management actions i.e. hiring family. If he knew the risks
that come with that he could have thwarted Benny.
Assigning Responsibilities responsibilities should fit the skills and
capabilities of personnel. His son Arthur Junior was an accountant by
training what was he doing in the management program? If Arthur Junior
was in the accounting department he could have detected such atrocity
earlier and prevented the pilferage.
Assessing Risk the risk that come with non-segregation of duties
Managing the security program Arthur should still manage the security
program himself, being the man who built the company, he is the one who
knows the in and outs of the company, thus protecting his company better.

3. From Chapter 4, identify control activities that Arthur should have considered (or
implemented) that would have thwarted Bennys bad behaviour.
Distribution in implementing these control activities
Approvals
Authorization

Verification
Reconciliations
Segregation of Duties