1. Bank deposits are taking place before cash receipts have been counted. a. Reconcile bank deposits and cash receipts by two separate employess.
2. Possible collusion between employees and customers.
b. Require approval by second employee or supervisor.
3. Unauthorized access to physical inventory.
c. Revise physical inventory procedures so there is limited access to the physical inventory.
4. Unauthorized access to inventory records,
d. Safeguard perpetual inventory records so that access is limited to adjustment approval by responsible official.
5. Collusion between two employees or employees and customers. e. Segregate duties so only responsible official authorize refunds or credits.
6. Misnumbering of documents or failure to us accurate filing system f. Use prenumbered documents.
7. Unauthorized discounts or credits to customers.
g. Require approval by a responsible party for discounts and credits.
8. Misunderstanding of or failure to comply with written procedures h. Create or update written procedures and require employee familiarization.
a. Encrypt data stored on company laptops.
b. Enforce strong password techniques such as use of at least an 8 character length, multiple character types, random characters, changed frequently. Also lock out accounts after 3-5 unsuccessful login attempts. c. Integrate physical and logical security. In this case, the system should reject any attempts any user to remotely log into the system if that same user is already logged in from a physical workstation. The system should also notify appropriate security staff about such an incident. d. Detective and corrective controls include employing anti-spyware software that automatically checks and cleans all detected spyware on an employee's computer as part of the logon process for accessing a company's information system. Employees should be taught that this is a common example of a sophisticated phishing scam. e. Implement a policy that files can only be encrypted using company encryption software and where IT security has access to the encryption keys through some form of key escrow. f. Teach programmers secure programming practices, including the need to carefully check all user input. It is also important for management to support the commitment to secure coding practices, even if that means a delay in completing, testing, and deploying new programs. Useful detective controls include to make sure programs are thoroughly tested before being put into use and to have internal auditors routinely test in-house developed software. g. Insist on secure code as part of the specifications for purchasing any 3rd party software. Thoroughly test the software prior to use. Employ a patch management program so that any vendor provided fixes and patches are immediately implemented. h. Enact a policy that forbids any implementation of unauthorized wireless access points. Conduct routine audits for unauthorized or rouge wireless access points. i. The best preventive control is security awareness training. Teach employees to never insert USB drives unless they are absolutely certain of their source. In addition, employ anti-spyware software that automatically checks and cleans all detected spyware on an employee's computer as part of the logon...