It is important to have a control structure in order to reduce the threats and risks related to accounting standards regardless of the department. The overall structure of assessment related to the financial transactions, can be divided into four different sections related to the risk assessment which will be discussed as a part of the inherited risks and threats associated with the Recreation's IT environment.
Complexity of determining the account amount
The complexity of determination of the account amount primarily depends upon the computing environment which is created by the IT department. The overall structure which is created within the organization does not support a very sound system of database analysis, and there are multiple layers of hierarchy which are associated with this determination. There is another important issue, where it is clearly specified that the application development and maintenance are not a part of the strategic policy creation system, which would further add to the complexity of account analysis.
History (including any audit differences identified)
The circumstances of the entity's business environment
Management's overall risk awareness
There is not much emphasis on the related risk management features, and it is clearly visible by the fact that there is no such monthly or fortnightly assessment of the current changes in the codes or even the maintenance of critical computing equipments.
Hence, if we do an overall assessment the major threats would be related to an analysis based on a review to be done by Dan as a CFO in order to identify the key requirements on a fortnightly or monthly basis which should be related to the risk management features including critical computing equipments and the modifications happening in the codes along with the backup retained.
Identify how you would mitigate the threats
Shared service centre is a very important and handy method to handle the various risks associated with the lack of systematic time-bound reviews. Hence, it is important to initiate and maintain a regular audit structure which should take place in a timely manner. The network access seems to be the next most important issue related to associated risks and therefore it is important to ensure that a streamlined password management policy, including no password sharing and single sign-on logins should be applicable to the network structure. Database and applications are the key aspect of operations related to Recreation.INC and therefore these have to be absolutely risk-free and thus it must be mandatory to ensure that there is an audit in case of database after each basic step including the execution of the customer table, product table and sales order table. A process map of the entire database maintenance has to be created in order to ensure that after each step there is a relative check and the overall retention of database is also managed on the basis of history of audits that are maintained. Similarly, for the applications the access maintenance and the overall handling of the PeopleSoft software is very important, and therefore the only step towards mitigation has to be a sound analysis after each step involving customer relationship management, technical service, planned engineering, sales and service execution, operations, distributions and business support.
Identify what the company has done to mitigate the threats you identified in question 1 and how well you think they work
Recreation INC. has a fantastic risk management profiling and they ensure that all their important risks like the overall hierarchy, Access related features; database and applications are thoroughly checked and supported. The CFO/IT Director Dan handles the overall audit and maintenance structure which makes it possible to have a set structure of review of code changes and the relative planning. The access and password control are necessary aspects of any IT setup, and the control aspects related to the same are taken care of by Recreation well, although there can be few improvements in the same. The database is designed exactly as per the basic norms associated with the multiple user network environments and the integration takes care of all the various compatibility issues. Applications already have a very sound reporting and strategy structure based on People soft and therefore all the probable features are well mitigated at Recreation Inc.