Final Project On Vitakraft (edited).pptx
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Final Project On Vitakraft (edited).pptx as PDF for free.
More details
- Words: 1,685
- Pages: 22
Final Project on Vitakraft
Introduction:
Vitakraft is a petfood company located in Weston Ohio.
Small company so it lacks a lot of controls
Owned by German Owners
The company would benefit from a Data flowchart, a BPD, and a document flowchart.
Video link: https://www.youtube.com/watch?v=AP6cJzz041w
Timeline: http://vitakraftsunseed.com/sunseed/about
Importance of Business cycles(why Vitakraft needs these cycles analyzed):
Payroll cycle is not well organized
There is a miscommunication on when the employees will be paid, and who does what in the payroll cycle.
Much of this poor segregation comes in the form of who analyzes payroll changes and who completes what document.
Slow speeds of sending production orders between departments in expenditure cycle.
Miscommunication in the Revenue cycle on who does what and what to do with shipments and customer returns.
Miscommunication on required documents and their flow in the production cycle.
Benefits of the diagrams:
Data Flowcharts will help in the understanding of the logical order of tasks, and which steps might not be completed.
BPD diagrams will ensure that the right employees are doing the right tasks
Document Flowcharts will help the employees to know which documents need to be available at which step of the processes.
Benefits of Diagrams Continued:
Better system of review for payroll, and a clearer communication on raise opportunities.
More Understanding on who does what in the payroll process, and who reviews the payroll before submission.
Less downtime for purchase order sending between departments.
Better segregation in the Revenue cycle
Further understanding of the document flow in the production cycle.
Data Flow Diagram on payroll:
Document flowchart on Payroll:
BPD on payroll:
Document flowchart on Production:
BPD on Revenue Cycle:
Data Flow diagram on Expenditure cycle:
Narrative Description: Employee H.R department
Accounting Department Supervisor Credit Department Warehouse Department
Sales Staff Customer Service Production Department
Payroll Clerk/Department
Shipping service Customer Government Management Production Management
Upper management Operating departments EG production
Activity Checks over payroll of discrepancies, updates payroll before sending changes to the payroll Database. Updates employee hours and changes on database. Prepares customer invoices and updates the accounts receivable. Also updates A/P and makes any necessary adjustments throughout work cycle to general ledger, and other financial reports. Look over time cards, and approve them before sending them up the ladder to payroll clerk, and HR. Issues credit memos for returned goods, decides if customers can apply for a loan, or payment plan. Checks inventory levels for discrepancies, orders new stock if necessary, matches and packs customer orders to be sent to the shipping area for the shipping service to ship products. Generates reports for shipping service and management. Sends purchase requisitions for needed orders. In charge of processing customer orders and creating the sales orders. In charge of receiving faulty or returned products and informing the credit department to issue a credit memo. Reads production orders and operations cards, starts the production. Makes packing slips, and packing slips, stacks products on pallets to be sent to warehouse department. Sends purchase requisitions for needed orders. Records the time card data and creates the payroll reports. These reports are later sent to HR to look them over. Prepares journal entries for accounting to check over, makes reports and paychecks to be distributed. Receives goods and takes them to the customer such as Meijer. Receives goods, makes orders, and sends faulty or defective merchandise back to company. Receives reports on company such as tax reports and withholding reports. Receives reports on payroll, and other internal reports to review. Receives inventory file, forecasts production, and plans the production for the cycle. Also uses the operations list and bill of materials to make the production order that is later sent to the production department. External entity that looks over the progress reports for the production location. Record time card data and send it to the payroll department for further processing.
Controls against computer fraud and abuse:
Training in most common methods of identity theft and social engineering
Employees are trained to not give out personal information or important company information to unknown sources.
Use of Firewalls, Anti-malware, encryption and IDS in aid of stopping attacks
Lack of use of IPS
Controls and AIS:
Use of Application controls on computers and network to ensure data is complete, valid, and accurate.
Detective controls: that ensure duplicate numbers are not inputted.
Corrective controls: in the form of adjustments to data, and restoring backup files, and the database.
Preventative controls: in the form of segregation of duties (still needs more segregation)
Lack of security guards, or employee who checks on computer systems daily.
Controls for Information Security:
Creation of a security aware culture
Access controls including multi-modal and multi-factor authentication
Training in preventative and detective measures to high-level IT employees and managers
Use of firewalls, IDS, Ant-malware, encryption, and locks on computer systems rooms
Lack of use of security guards, or employee to check over computer rooms on a daily basis.
Lack of a IPS system
Lack of a solid plan if an attack were to occur.
Confidentiality and Privacy controls:
Access controls, and knowledge of what information should and should not be divulged.
Encryption and access controls prevent every employee for accessing critically important documents.
Use of Data loss prevention software (DLP): to prevent the leakage of sensitive information
Use of a spam filter to prevent high-levels of spam, and screening of e-mails
Lack of the use of a digital watermark or IRM software
Shredding of personal documents and minimized physical documents, only use customer information when necessary.
Lack of an employee to monitor privacy policies.
Processing integrity and availability controls:
Use of data entry controls like filed check, sign check, limit check, size check, reasonableness test, and validity test.
Reconciliation of the general ledger against the other account totals like inventory control account being equal to the sum of the item balances in the inventory database.
Data users are trained to make sure data is reasonable and complete before submission.
Use of checksums
Lack of good backup plan, every 2-weeks full backup, incremental backups daily.
Internal controls Overview/Summary:
The internal control mechanism lines up well with Vitakraft’s goals of protecting their data, and creating an environment that is aware of the many attacks that might occur.
IPS should be implemented to make it possible to not only detect attacks, but better prevent them.
Employee should be put in charge of checking over computer rooms on a daily basis, same employee perhaps could enforce the privacy policy as well.
More frequent full backups and a better response plan, and action in the case of an attack or a major data loss.
Narrative Description of Internal Controls: Employee IT Employee #1
Activity Enforces the use of IDS and IPS software to be able to not only detect attacks but also be able to prevent them in cases where the patterns are able to be detected in the attacks. Also ensures that DLP software is properly used to make sure sensitive emails are not sent out, this process includes screening emails.
IT Employee #2
Handles the firewalls and anti-malware to ensure that attacks are blocked before they can do too much harm. Also handles the encryption of data to ensure that potential attackers cannot easily steal data. Also helps with the input and output controls to make sure data is complete and reasonable. Handles the corrective controls and application controls as they deal with the AIS. Ensures that the software that handles errors is up to date and able to be used by the accounting department as well as other departments such as the production department. Also handles the multimodal and multifactor log in to make sure there are multiple layers to log in attempts.
IT Employee #3
IT Manager
IT Manager #2
HR department Management
In charge of properly training employees in the ways of preventing and detecting attacks, also in charge of supervising IT employees work to ensure that they are properly doing it. Also has the responsibilities of checking over the computer rooms for tampering and making sure that all the IT employees know about what information should and should not be leaked. Double checks the work done by the IT employees and handles the initiation of a proper 4-step plan in prevention against potential attacks. Also handles the weekly full backups along with the daily incremental backups. Last of all, investigates new IT options such as log analysis, and IRM software. Shreds personal information and stores employee personal information online to avoid identity theft. Ensures that customer information is kept in confidence and will not be sent to third parties. Also ensures that non-IT personnel are trained in what to look for in case of an attack and what is too sensitive to leak to competitors or the public.
Conclusions/Recommendations:
Vitakraft is doing an okay job of diagraming their processes and implementing controls.
Examples of issues are a poorly-structured HR department, understanding of how documents are sent through their system, and improper segregation between the different departments.
Vitakraft has a lot of issues in terms of their internal controls.
Problems include not using an IDS and other controls as mentioned earlier, no use of log analysis, and a poor plan in case of an attack/bad backup procedures.
Executive Summary:
Could employ the use of an IPS in the future to improve the strength of their network
Better spam filters to decrease the amount of spam that makes it through
Better segregation as to who does what in the IT department
New and improved process in case of an attack (4-step process mentioned in text)
More in-depth level of encryption to prevent data theft
Employee In charge of enforcing privacy policies
More frequent full-backups, and a detailed comparison of the different backup methods.
The End
Introduction:
Vitakraft is a petfood company located in Weston Ohio.
Small company so it lacks a lot of controls
Owned by German Owners
The company would benefit from a Data flowchart, a BPD, and a document flowchart.
Video link: https://www.youtube.com/watch?v=AP6cJzz041w
Timeline: http://vitakraftsunseed.com/sunseed/about
Importance of Business cycles(why Vitakraft needs these cycles analyzed):
Payroll cycle is not well organized
There is a miscommunication on when the employees will be paid, and who does what in the payroll cycle.
Much of this poor segregation comes in the form of who analyzes payroll changes and who completes what document.
Slow speeds of sending production orders between departments in expenditure cycle.
Miscommunication in the Revenue cycle on who does what and what to do with shipments and customer returns.
Miscommunication on required documents and their flow in the production cycle.
Benefits of the diagrams:
Data Flowcharts will help in the understanding of the logical order of tasks, and which steps might not be completed.
BPD diagrams will ensure that the right employees are doing the right tasks
Document Flowcharts will help the employees to know which documents need to be available at which step of the processes.
Benefits of Diagrams Continued:
Better system of review for payroll, and a clearer communication on raise opportunities.
More Understanding on who does what in the payroll process, and who reviews the payroll before submission.
Less downtime for purchase order sending between departments.
Better segregation in the Revenue cycle
Further understanding of the document flow in the production cycle.
Data Flow Diagram on payroll:
Document flowchart on Payroll:
BPD on payroll:
Document flowchart on Production:
BPD on Revenue Cycle:
Data Flow diagram on Expenditure cycle:
Narrative Description: Employee H.R department
Accounting Department Supervisor Credit Department Warehouse Department
Sales Staff Customer Service Production Department
Payroll Clerk/Department
Shipping service Customer Government Management Production Management
Upper management Operating departments EG production
Activity Checks over payroll of discrepancies, updates payroll before sending changes to the payroll Database. Updates employee hours and changes on database. Prepares customer invoices and updates the accounts receivable. Also updates A/P and makes any necessary adjustments throughout work cycle to general ledger, and other financial reports. Look over time cards, and approve them before sending them up the ladder to payroll clerk, and HR. Issues credit memos for returned goods, decides if customers can apply for a loan, or payment plan. Checks inventory levels for discrepancies, orders new stock if necessary, matches and packs customer orders to be sent to the shipping area for the shipping service to ship products. Generates reports for shipping service and management. Sends purchase requisitions for needed orders. In charge of processing customer orders and creating the sales orders. In charge of receiving faulty or returned products and informing the credit department to issue a credit memo. Reads production orders and operations cards, starts the production. Makes packing slips, and packing slips, stacks products on pallets to be sent to warehouse department. Sends purchase requisitions for needed orders. Records the time card data and creates the payroll reports. These reports are later sent to HR to look them over. Prepares journal entries for accounting to check over, makes reports and paychecks to be distributed. Receives goods and takes them to the customer such as Meijer. Receives goods, makes orders, and sends faulty or defective merchandise back to company. Receives reports on company such as tax reports and withholding reports. Receives reports on payroll, and other internal reports to review. Receives inventory file, forecasts production, and plans the production for the cycle. Also uses the operations list and bill of materials to make the production order that is later sent to the production department. External entity that looks over the progress reports for the production location. Record time card data and send it to the payroll department for further processing.
Controls against computer fraud and abuse:
Training in most common methods of identity theft and social engineering
Employees are trained to not give out personal information or important company information to unknown sources.
Use of Firewalls, Anti-malware, encryption and IDS in aid of stopping attacks
Lack of use of IPS
Controls and AIS:
Use of Application controls on computers and network to ensure data is complete, valid, and accurate.
Detective controls: that ensure duplicate numbers are not inputted.
Corrective controls: in the form of adjustments to data, and restoring backup files, and the database.
Preventative controls: in the form of segregation of duties (still needs more segregation)
Lack of security guards, or employee who checks on computer systems daily.
Controls for Information Security:
Creation of a security aware culture
Access controls including multi-modal and multi-factor authentication
Training in preventative and detective measures to high-level IT employees and managers
Use of firewalls, IDS, Ant-malware, encryption, and locks on computer systems rooms
Lack of use of security guards, or employee to check over computer rooms on a daily basis.
Lack of a IPS system
Lack of a solid plan if an attack were to occur.
Confidentiality and Privacy controls:
Access controls, and knowledge of what information should and should not be divulged.
Encryption and access controls prevent every employee for accessing critically important documents.
Use of Data loss prevention software (DLP): to prevent the leakage of sensitive information
Use of a spam filter to prevent high-levels of spam, and screening of e-mails
Lack of the use of a digital watermark or IRM software
Shredding of personal documents and minimized physical documents, only use customer information when necessary.
Lack of an employee to monitor privacy policies.
Processing integrity and availability controls:
Use of data entry controls like filed check, sign check, limit check, size check, reasonableness test, and validity test.
Reconciliation of the general ledger against the other account totals like inventory control account being equal to the sum of the item balances in the inventory database.
Data users are trained to make sure data is reasonable and complete before submission.
Use of checksums
Lack of good backup plan, every 2-weeks full backup, incremental backups daily.
Internal controls Overview/Summary:
The internal control mechanism lines up well with Vitakraft’s goals of protecting their data, and creating an environment that is aware of the many attacks that might occur.
IPS should be implemented to make it possible to not only detect attacks, but better prevent them.
Employee should be put in charge of checking over computer rooms on a daily basis, same employee perhaps could enforce the privacy policy as well.
More frequent full backups and a better response plan, and action in the case of an attack or a major data loss.
Narrative Description of Internal Controls: Employee IT Employee #1
Activity Enforces the use of IDS and IPS software to be able to not only detect attacks but also be able to prevent them in cases where the patterns are able to be detected in the attacks. Also ensures that DLP software is properly used to make sure sensitive emails are not sent out, this process includes screening emails.
IT Employee #2
Handles the firewalls and anti-malware to ensure that attacks are blocked before they can do too much harm. Also handles the encryption of data to ensure that potential attackers cannot easily steal data. Also helps with the input and output controls to make sure data is complete and reasonable. Handles the corrective controls and application controls as they deal with the AIS. Ensures that the software that handles errors is up to date and able to be used by the accounting department as well as other departments such as the production department. Also handles the multimodal and multifactor log in to make sure there are multiple layers to log in attempts.
IT Employee #3
IT Manager
IT Manager #2
HR department Management
In charge of properly training employees in the ways of preventing and detecting attacks, also in charge of supervising IT employees work to ensure that they are properly doing it. Also has the responsibilities of checking over the computer rooms for tampering and making sure that all the IT employees know about what information should and should not be leaked. Double checks the work done by the IT employees and handles the initiation of a proper 4-step plan in prevention against potential attacks. Also handles the weekly full backups along with the daily incremental backups. Last of all, investigates new IT options such as log analysis, and IRM software. Shreds personal information and stores employee personal information online to avoid identity theft. Ensures that customer information is kept in confidence and will not be sent to third parties. Also ensures that non-IT personnel are trained in what to look for in case of an attack and what is too sensitive to leak to competitors or the public.
Conclusions/Recommendations:
Vitakraft is doing an okay job of diagraming their processes and implementing controls.
Examples of issues are a poorly-structured HR department, understanding of how documents are sent through their system, and improper segregation between the different departments.
Vitakraft has a lot of issues in terms of their internal controls.
Problems include not using an IDS and other controls as mentioned earlier, no use of log analysis, and a poor plan in case of an attack/bad backup procedures.
Executive Summary:
Could employ the use of an IPS in the future to improve the strength of their network
Better spam filters to decrease the amount of spam that makes it through
Better segregation as to who does what in the IT department
New and improved process in case of an attack (4-step process mentioned in text)
More in-depth level of encryption to prevent data theft
Employee In charge of enforcing privacy policies
More frequent full-backups, and a detailed comparison of the different backup methods.
The End
Related Documents
Final Project On Vitakraft (edited).pptx
November 2019 24
Final Project On Hpcl.docx
July 2020 9
Final Project On Honda Siel
June 2020 4
Project On Demat Account Final
May 2020 6
Final Project On Tata Indicom
May 2020 7
Final Project Report On Hris.docx
November 2019 16More Documents from ""
Final Project On Vitakraft (edited).pptx
November 2019 24
Hello Ryan.docx
November 2019 16
Hello Shanno1.docx
November 2019 17
Assignment #34.docx
November 2019 12
Hello Ashle1.docx
November 2019 9