Internal Control

Internal Control and Risk Evaluation

Risks in the Current System

What is risk? Simply put, risks are the chances of negative outcomes. Business enterprises face a variety of risks, including business, audit, security, and continuity risks. Managers and auditors strive to balance risk, rather than eliminate it. It is true that no risk means no reward. It’s also true that IT in some cases makes business riskier and in other cases makes it more secure. Classifying risks can be helpful in identifying specific risks (Bagranoff).

One of the most obvious risks in Kuddler Fine Foods’ current system is the security features of its REMs. The system lacks system security features which makes it vulnerable to data confidentiality threats. Moreover, the company doesn’t have an in-house IT support that’s available at any time. The presence of an on-site IT administrator is very important in every business. Problems such as overloading the server may shut down a company’s intranet or web site, which may cause lost of sales or even lost of customers’ trust and confidence to the company.

Backup and recovery procedures ensure that in the case of interruptions in continuity, procedures are available to restore data and operations. Backup procedures vary widely in complexity and cost. For a small business, the procedure may involve a daily dumping of files on a diskette that the owner takes home. Larger businesses are likely to schedule frequent full and incremental data backups and to use procedures such as physical or electronic vaulting, formal disaster recovery planning and redundant systems (Bagranoff).

Internal Control

In 1992, the Committee of Sponsoring Organizations (COSO) of the National Commission on Fraudulent Financial Reporting published a document called Internal Control Integrated Framework, which defined internal control as the process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable...