June 3, 2013
Jana L. Highwort, MBA
University of Phoenix
Risks and Internal Controls for Kudler Fine Foods Internal controls are policies and procedures a company uses to ensure the accuracy and validity of their data. Risks are threats to that data that could be internal or external of the company (Hunton, Bryant, & Bagranoff, 2004). The following paragraphs will identify and analyze the risks and internal controls as they relate to the information systems for Kudler Find Foods. This will give Kudler information on how to evaluate risks and the application of the internal controls and this document will discuss other external risks associate with buying a new accounting information system (AIS).
Identifying and Analyzing Risks There are many types of risks that a company has to confront each day in information technology (IT). The four main types of risk are business, audit, security, and continuity risks. A business risk is when a company will not be able to achieve its goals and objectives; this could be union issues, a competing company, fraud, or production equipment failure. Audit risks include misstatement of financials by an auditor or a failure by an auditor to uncover fraud or material errors. A security risk can be a host of things that would ruin the integrity and access of the data, which can also lead to fraud or misuse of other information from internal (like employees) to external (like hackers) sources. And, finally, continuity risks are information system risks that have to do with backup, recovery and day to day availability of the system. When unplanned risks occur, management and auditor need to act quickly to intercept the risk, balance the risk with cost-effective countermeasures, since it is impossible to plan all risks (Hunton, Bryant, & Bagranoff, 2004). It is important to thoroughly evaluate the AIS selected for risks as it includes confidential
References: Apollo Group, Inc. (2013). Kudler Fine Foods: Intranet. Retrieved from ACC/542 – Accounting Information Systems course website. Disaster Recovery Journal. (2011). Generally Accepted Practices: Risk Evaluation and Control. Retrieved from http://www.drj.com/GAP/gap Goldenberg, N. (2011). Are Your ERP Systems Vulnerable? Retrieved from http://www.eisneramper.com/ERP-Systems-Vulnerability-211.aspx Hunton, J. A., Bryant, S. M., & Bagranoff, N. A. (2004). Core Concepts of Information Technology Auditing. New York: Wiley & Sons. Pomerantz, G. and Rao, N. (August, 2009). 2009 Segregation of Duties Checklist. Retrieved from http://www.bdoconsulting.com/resources/thought-leaders/SegDutiesChecklist-19.pdf