Released by AICPA
Task 1455_01
To: Management
Re: Data security and accessibility for a mobile workforce
The following memorandum is intended to outline various options for data storage for 3WAT, Inc.'s mobile
workforce and address data safety, data integrity, and data access issues.
The company's current approach allows for storage of data on the individual laptops of 3WAT's highly
mobile workforce. The somewhat obvious weaknesses in doing business this way include compromised
data safeguarding, loose controls over data, and uneven access to information.
Data safeguarding issues should be initially addressed with a mobile device security policy specifically
addressing handheld devices. Information technology policies should include an educational component
and be joined with companion human resources policies that address the consequences of
noncompliance with the mobile device security policy.
Effective policies will mirror controls that remove users from security decisions. Users must, for example,
be required to use passwords for access to company networks, be limited to using only company-owned
devices for company data, and take responsibility for assigned hardware.
Improved controls and uniform access to data can be accomplished in a range of ways. Connections to
company networks may take the form of virtual private networks (VPNs) that connect to 3WAT's internal
network or the use of cloud computing. VPNs are more secure but more expensive. The cloud will be
less expensive; however, the company's security requirements may require more rigorous controls than
those afforded by the cloud.
The mobile workforce is an important tactic in modern business. An enterprise architecture that
addresses data safety, data integrity, and data access issues is vitally important. I have outlined a few
issues and solutions or action steps in the preceding memorandum and look forward to the opportunity to
assist in the revisions to the company's infrastructure and to incorporate these approaches into a revised
Task 273_01
To: Management of Purft, Inc.
Re: Segregation of duties—accountant
The following memorandum has been prepared in response to your request that I discuss the internal
control issues related to the tasks assigned to the staff accountant in his job description.
The control weaknesses are significant.
Internal controls rely heavily on segregation of incompatible duties that could potentially allow an
employee to process a transaction from beginning to end without any effective oversight. Segregation of
duties helps prevent fraud by requiring that multiple parties collude in order to process transactions either
incorrectly (commit errors) or fraudulently (commit irregularities).
Generally speaking, transaction authorization should be segregated from transaction recordkeeping. And
the underlying custody of assets associated with authorization and record keeping should be segregated
from both.
In multiple instances, the job description of the staff accountant combines incompatible functions. For
example, the endorsement, coding, and recording of checks received for deposit should not be combined
with accounts receivable subledger reconciliations. The opportunity for misapplication of receipts to
incorrect accounts increases as one person handles the custody (coding) and record keeping (recoding
and reconciliation) of this end of the revenue cycle. In addition, the custody of accounts payable checks
mailed to vendors should not be combined with the record-keeping function associated with reconciliation
of accounts payable and various asset (fixed asset and investment) subsidiaries. Falsified transactions
could go undetected for significant periods if checks are handled inappropriately and no adjustment is
made to the underlying accounting records.
The discussion above is not exhaustive; however, the job description of the staff accountant includes a
number of incompatible duties that compromise and weaken internal controls. I would be delighted to
meet with you further and discuss options to separate duties more effectively among members of your
finance group.
Management Advisory