Protection of Motherboards and More Pty Ltd’s Assets †Free Samples

Question: Discuss about the Protection of Motherboards and More Pty Ltd.s Assets. Answer: Overview of the Revenue Cycle The revenue cycle is initiated by the receipt of a customers order via the companys website, email, or telephone; after which, a picking ticket is generated. Goods are then picked against the picking ticket and customers order and packed while generating a packing slip. Its after this step that the goods are ready for delivery and a sales order is generated. The delivery goes along with a bill of lading. Invoicing then proceeds after the shipment of goods to the customer and according to the shipment details after which the firm recognizes a liability for the goods sold on credit. From here on, the cash collection begins where the customer may pay in cash or bank and according to the terms of trade where a discount of 2% is offered for any payment made within three days. Amount received in cash is then deposited to the bank. While all this is happening, the shipping department also receives incoming deliveries from suppliers. Internal Control Weaknesses, their Impact, and Possible Solutions Internal controls weaknesses Impact of the weaknesses Possible solution Lack of segregation of duties: Use of the loading dock for both the outgoing shipment to customers as well as incoming deliveries. It increases the risk of fraud, intentional manipulation, unexpected error leading to loss of goods, and delays in delivery of goods to customers. Besides, it weakens other control procedures such as physical checks. The firm should implement different docks for receiving incoming deliveries and issuing outgoing shipment. This will enable a system of checks and balances where the two departments will check against each other and reduce the risk of fraud Placing of orders without the authenticating (supporting) documents Without legally binding source documents its impossible to defend a transaction. This has led to customers denying ordering and receiving goods since there exist no source documents to authenticate the orders. The firm should implement a system where there has to exist physical source documents such as orders, delivery notes, and bills of lading. Such documents are legally binding and make it impossible for customers to deny deliveries made. Delivering goods without an invoice. That is, generating an invoice after shipment. Customers receiving the goods without the delivery note and invoices have led to them denying receiving the goods later which has led to most of the credit sales being written off as uncollectible All deliveries should be accompanied by both the delivery note and an invoice. The invoice should be generated after the packing according to the packing slip and before delivery. Upon receipt of the goods, the customer should sign both the delivery note and the invoice which immediately creates a legally binding liability. Lack of physical controls; Failure to take stock counts for two years Failure to take stock counts have led to the loss of goods witnessed in the firm due to possible fraud and theft by the employees, failed deliveries, and delivery of the incorrect amount. The stock is a very sensitive item must be well guarded (Mary, 2017). The firm should institute a policy where physical stock counts happen on a monthly basis or after a fortnight after which stock, suppliers, and shipping details should be reconciled to check against any loss of stock. Making all sales on credit with no precise credit sale policy Credit terms increase the risk of bad debts. The firm should consider selling some of the items on a cash basis or instituting a policy where a certain percentage of the invoice amount is paid either on order or delivery. Overview of the Ransomware Attack Described by F-Secures' (a cybersecurity company) Chief Research Officer, Mikko Hypponen, as the biggest ransomware outbreak in history, the malware locked computers thus preventing access and demanded ransom from the victim if they were to gain back the access to the computers. The malware which spread to several computers across the world owed to a self-replicating software which took advantage of the vulnerabilities/weaknesses and bugs in the older version of Microsoft Windows and organizations using such widows found themselves the greatest victims (Moore and David, 2017). The most affected organizations were hospitals, large firms, and government agencies. The cyber extortionist duped their potential victims into opening the malware purportedly attached in their spam email as either orders or invoices. Several firms yielded to the trick and the extortionists' ransom demands although it remains unclear on how many firms did so. Appropriate Controls to protect the Firm from a Potential Ransomware Attack. Application controls Validity checks Configurable controls Such controls are defined at the system generation point Completeness and validity checks They check data being entered for validity and completeness (Moore and David, 2017) Authentication controls These controls provide an application system authentication mechanism Input controls They serve to ensure that data integrity feeds into the system only from upstream sources. Forensic controls They ensure scientifically correct data General controls Backup and recovery procedures To ensure the firms operation run continuously Integrity checks Checking that email and other data come from secure sources Encryption Coding of the firms data to ensure they are unreadable by other sources Physical access controls To prevent unauthorized access to both the hardware and software including emails Virus and malware scanning Scanning the computers for malware which might cause loss of data Firewall security To protect the firms internet and data from external threats In-depth white-listing and blacklisting Blocks unknown and unwanted applications and installation of apps from unknown sources Compliance with internal IT policies Such policies may limit usage of application not supported by data loss prevention Conclusion and Recommendations The internal control weaknesses of Motherboards and More Pty Ltd pose a huge risk of fraud and massive loss of revenue for the firm. As such, it is necessary to implement several internal controls to safeguard the firm's assets and deter fraud in the firm. Besides, given the alarming rise of cyber-attacks on organizations, it is advisable for the firm to implement several applications and general controls to prevent loss and corruption of its data in future. References Mary, A. (2017). Impact of effective internal controls in the management of Mother and Child Hospital Akure, Ondo State, Journal of Finance and Accounting 5 (1): 61-73 Moore, T., and David, P. (2017). Special Issue: Strategic Dimensions of Offensive Cyber Operations, Journal of Cybersecurity 3(1): 2057-2093