Internal Auditing Final Case Study

(TCO A, C) Jim worked for AAA Job Shop, Inc. for over 30 years. Two months before Jim retired, the head of human resources told Jim that the company would pay for health insurance for Jim and his wife for the remainder of his life, and for his wife’s life if she were to survive him, and handed Jim a letter from the company describing this. Jim had

5. No because the amount of the invoice fluctuates for the same product in this type of scheme and therefore it would be difficult to figure out how much the invoice should have been made out for.

A1. The Nature of the incident was that an employee was able to hack into the computer system and gain access to the financial payroll system, human resources and even email system. This employee used several methods in order to gain access into the system: IP spoofing, Data modification, Man in the middle attack and compromised-key attack. As a result the employee was able to tamper with payroll system. An auditor discovered the discrepancies and tried to make upper management aware of the situation through email, but the email was intercepted by the hacker. The hacker impersonated an employee and persuaded the auditor into granting him more access into the system which resulted in additional sabotage into the payroll system. Hacker

The communication between the IT department and the HR department is a key factor. This will keep everyone in the loop to what is going on. That allows the necessary changes to be made in the early stages instead of the later stages. This communication will help save the company time and money.

* According to the material in Chapter 9, most employee complaints related to performance evaluations are based on alleged violations of employment law. Determine what you think would be a common complaint that could have legal consequences. Propose a strategy that HR could implement to reduce the number of these types of employee complaints.

The employees can be afraid that the observations of their weak performance can eventually result in dismissal or extra

Provide a robust performance management tool in which information is searchable, and management has the ability to enter and track goals for each of his employees.

Company’s new CAE can explain to the non-audit employees that IAD’s objective is to add values and help improve the business processes as well as company performance, which will affect each employee significantly. It is important to let all employees understand that the answers or thoughts they provide to the internal auditors will not be used against them. Moreover, establishing good relationship and providing ongoing communication with the non-audit employees can make them feel more comfortable to share their feedback and thoughts, and can reduce the “us vs. them” relationship between company’s non-audit employees and the staff of internal auditors.

During a meeting assumptions are thoroughly checked, all options are reviewed keeping risks and benefits in mind. Achieving the objectives and checking the confidence of the individuals, making sure the situation is recoverable is of utmost importance. These factors are kept in mind by 87% of the employees. The employer on the other hand is open to all further doubts brought about by his employees.

a. The risk is associated with the lack of segregation of duties and the potential of the treasurer to authorize the use of funds without any outside review.

Consider situations and possibilities to the risks that may be encountered on payroll and create a risk management solution.

The aim of this report is to develop an audit plan using the 2007/2008 annual reports of the WesFarmers. This report will provide an understanding of the underlying concepts of an overall audit strategy. This strategy will bring forward the direction and scope of the WesfFarmers audit plan. This report will address five major points these are as follows:

Quality Objectives - The quality objectives define measurable goals relative to the company's quality management system. Requirements on the quality objectives are in ISO 9001:2008 section 5.4.1.

According to the Institute of Internal Auditors (IIA), (2011), the internal auditing is a team of consultants, a department and a division or other practitioner which independent, have objective assurance and conduct a consulting activity which is designed to add value and improve the organization operations. The internal auditor can help an organization in achieving its objectives by bringing a discipline and systematic approach in order to improve and evaluate the effectiveness of risk management, control and governance process.

9-37. Is Jennifer right about the need to evaluate the workers formally? The managers? Why or why not?