Hello, dear friend, you can consult us at any time if you have any questions, add WeChat: daixieit

ACB2420 Accounting Information Systems

Tutorial 7 – System Availability; Confidentiality and Privacy; Data Analysis Tools for FM (Autofilter, Conditonal Formatting, Find&Replace & Text functions) & Control Framework for Protecting Data – Suggested Solutions

Part 1: Group Activity

Protecting Privacy of Tax Returns [CMA examination, adapted]

The department of taxation in your state is developing a new computer system for processing individual and corporate income-tax returns. The new system features direct data input and inquiry capabilities. Identification of taxpayers is provided by using the Social Security number for individuals and federal tax identification number for corporations. The new system should be fully implemented in time for the next tax season.

The new system will serve three primary purposes:

1. Tax return data will either be automatically input directly into the system if the taxpayer files electronically or by a clerk at central headquarters scanning a paper return received in the mail.

2. The returns will be processed using the main computer facilities at central headquarters. Processing will include four steps:

a. Verifying mathematical accuracy

b. Auditing the reasonableness of deductions, tax due, and so on, through the use of edit routines, which also include a comparison of current and prior years’ data

c. Identifying returns that should be considered for audit by department revenue agents

d. Issuing refund cheques to taxpayers

3.  Inquiry services. A taxpayer will be allowed to determine the status of his or her return or get  information  from  the  last  three  years’  returns  by  calling  or  visiting  one  of  the department’s regional offices, or by accessing the department’s web site and entering their social security number.

The state commissioner of taxation and the state attorney general are concerned about protecting the privacy of personal information submitted by taxpayers. They want to have potential problems identified before the system is fully developed and implemented so that the proper controls can be incorporated into the new system.

Required

Describe the potential privacy problems that could arise in each of the following three areas of processing, and recommend the corrective action(s) to solve each problem identified:

a.  Data input

b.  Processing of returns

c.  Data inquiry                                                                                       [CMA examination, adapted]

Part 2: Data Analysis Tools for FM (Autofilter, Conditonal Formatting, Find&Replace & Text functions) & Control Framework for Protecting Data

Download Tutorial7.xlsx from Moodle (Week7>Tutorial 7) . Instructions are in the workbook.

See Tutorial7_solutions.xlsx

Part 3: Questions to complete at home (Good revision questions for your final exam)

Question 1 (Source: Romney et.al.(2020) Problem 13.7 pp. 443-444)

Which control(s) would best mitigate the following threats?

a.  A company was planning on introducing fault tolerance into its system architecture but had not finalized its decision yet. In the meantime, the IT department ensured that all backups  were  made —full  backups  every  Friday  night  and  daily  incremental  backups. However, the main hard drive, housing all the company data, crashed. The IT department secured a replacement hard drive, but they were unable to restore the company data.

•    Ensure that  all  backups  are  regularly tested to  ensure that  backups  can  actually  be restored in the case of any disaster.

•    Having fault tolerance (e.g. in terms of mirroring disks using RAID) could also mitigate this risk.

b. Overnight, a fire broke out in the server room of a large company. Luckily the fire was quickly contained since smoke detectors were triggered, spraying water and killing the fire. The manager and IT staff member on standby were notified. They rushed to the office to ensure that the disaster recovery plan was implemented. Since damage to the server room was mostly superficial, it was possible to resume operations as soon as the file servers were up and running again. The manager and IT staff member on standby could not agree on the process of getting everything up and running again.

•   It is of no use if there is a disaster recovery plan (DRP) in place, but the plan is not documented appropriately with specific instructions on who should be notified (in this case, this step might have been clear) and what steps should be followed to resume operations. The  DRP should also  be tested  periodically to ensure that changes  in equipment and procedures are also recorded.

c.    In several countries, electricity supply is often suspended, referred to as load-shedding or rolling blackout, during specific set times to balance the supply-and-demand on the power grid. Unfortunately, often the load-shedding is not managed according to the scheduled time, and companies face problems with their database servers.

•   The first step would be to install an uninterruptible power supply (UPS) to provide protection in the event of a power failure (or load-shedding, in his case). The UPS should allow enough time for the system to at least be powered down gracefully in the event of an extended power outage. It is important to regularly check the batteries in the UPS to ensure that it will function when needed. In cases of long power outages, it would be best to have backup generators.