DQ 9-14 (Kelompok)

download DQ 9-14 (Kelompok)

of 4

Transcript of DQ 9-14 (Kelompok)

  • 8/13/2019 DQ 9-14 (Kelompok)

    1/4

    Case Question for Internal Control

    MailMed Inc. (MMI), a pharmaceutical firm, provides discounted prescription drugs through

    direct mail. MMI has a small systems staff that designs and writes MMI=s customized software.

    ntil recently, MMI=s transaction data were transmitted to a service !ureau for processing on its

    hardware.

    MMI has e"perienced significant sales growth as the cost of prescription drugs has increased and

    medical insurance companies have !een tightening reim!ursements in order to restrain premium

    cost increases. #s a result of these increased sales, MMI has purchased its own computer

    hardware. $he computer center is installed on the ground floor of its two story head%uarters!uilding. It is !ehind large plate glass windows so that the state of the art computer center can !e

    displayed as a measure of the company=s success and attract customer and investor attention.

    $he computer area is e%uipped with halon gas fire suppression e%uipment and an uninterrupti!le

    power supply system.

    MMI has hired a small computer operations staff to operate this computer center. $o handle

    MMI=s current level of !usiness, the operations staff is on a two shift schedule, five days per

    wee&. MMI=s systems and programming staff, now located in the same !uilding, has access to

    the computer center and can test new programs and program changes when the operations staff is

    not availa!le. #s the systems and programming staff is small and the wor& demands have

    increased, systems and programming documentation is developed only when time is availa!le.

    'eriodically, !ut not on a scheduled !asis, MMI !ac&s up its programs and data files, storing them

    at an off site location.

    nfortunately, due to several days of heavy rains, MMI=s !uilding recently e"perienced serious

    flooding which reached several feet into the first floor and affected not only the computer

    hardware !ut also the data and program files that were on site.

  • 8/13/2019 DQ 9-14 (Kelompok)

    2/4

    REQUIRED:

    a. escri!e at least four computer security wea&nesses that e"isted at MailMed Inc. prior to the

    flood occurrence.

    !. escri!e at least five components that should !e incorporated in a formal disaster recovery

    plan in order that MailMed Inc. can !ecome operational within * hours after a disaster affects its

    computer operations capa!ility.

    c. Identify at least three factors other than the plan itself, that MailMed Inc. should consider in

    formulating a formal disaster recovery plan.

    (+ourceCM# -#M)

    REQUIRED:

    a. Describe at least four computer security weaknesses that existed at MailMed Inc. prior

    to the flood occurrence.

    /. 0iles are !ac&ed up periodically, not on a scheduled !asis.

    *. $he computer center is on the ground floor, !ehind glass not secure.

    1. +ystems and programming staff has access to the computer center when operations staff is not

    availa!le. 'rogrammers should not !e a!le to modify #live2 production environment, should not

    !e unsupervised.

    3. ocumentation is inade%uate systems documentation is developed only when time is

    availa!le.

    . !ile yan" diback#up secara berkala$ tidak secara ter%adwal.

  • 8/13/2019 DQ 9-14 (Kelompok)

    3/4

    &. 'usat komputer di lantai dasar$ di balik kaca # tidak aman.

    (. )istem dan staf pemro"raman memiliki akses ke pusat komputer ketika staf operasi

    tidak tersedia. 'ro"rammer seharusnya tidak dapat memodifikasi lin"kun"an

    produksi * +li,e$ tidak boleh tanpa pen"awasan.

    -. Dokumentasi tidak memadai # sistem dokumentasi dikemban"kan hanya ketika

    waktu tersedia.

    b. Describe at least fi,e components that should be incorporated in a formal disaster

    reco,ery plan in order that MailMed Inc. can become operational within & hours after a

    disaster affects its computer operations capability.

    /. Contact List: 4ames and telephone num!ers of operations manager, programming staff,!uilding maintenance manager and &ey personnel (disaster and recovery team).

    *. Offsite storage5 0acility used for data !ac&ups. #uthorization for several disaster recovery

    team mem!ers to pic& up !ac&ups.

    1. Detailed backup strategy: +hould include daily, wee&ly, and month end !ac& up, stored

    offsite.

    3. Select a Ahot site@:#nother computer facility that can !e used in an emergency.

    6. Test:7oth hot site and data restoration on e"isting computer on a regular !asis.

    8. Signed contracts and authorizations so that &ey disaster recovery team mem!ers can deal with

    computer vendors and suppliers for replacement hardware or supplies.

    . 'rocedures for reinstating files, rerunning progras, and recalling containated output!

    . Daftar /ontak: 0ama dan nomor telepon dari mana%er operasional$ staf pemro"raman$

    memban"un mana%er pemeliharaan dan personil kunci 1bencana dan tim pemulihan2.

  • 8/13/2019 DQ 9-14 (Kelompok)

    4/4

    &. 'enyimpanan offsite: !asilitas yan" di"unakan untuk backup data. /ewenan"an untuk

    beberapa an""ota tim pemulihan bencana untuk men"ambil backup.

    (. strate"i back#up yan" detail: Mencakup back up harian$ min""uan$ dan akhir bulan$

    disimpan offsite 1luar2.

    -. 'ilih situs +hot *: !asilitas lain komputer yan" dapat di"unakan dalam keadaan

    darurat.

    3. 4est: /edua 5ot site dan pemulihan data pada komputer yan" ada secara teratur.

    6. Menandatan"ani kontrak dan otorisasi sehin""a an""ota tim pemulihan bencana utama

    dapat berurusan den"an ,endor komputer dan pemasok untuk pen""antian hardware atau

    persediaan.

    . 'rosedur untuk pemulihan file kembali$ men%alankan pro"ram kembali$ dan recalling

    output yan" terkontaminasi.

    c. Identify at least three factors other than the plan itself$ that MailMed Inc. should

    consider in formulatin" a formal disaster reco,ery plan.

    /. +electing the proper team within the company.

    *. 'roper computer room design and layout.

    1. 'reventative maintenance program.

    3. Implementing proper security measures5 such as scheduled !ac& ups, loc&ed computer room,

    limited access to computer room, program change control procedures (so live system cannot !e

    changed until properly tested), etc.

    . Memilih tim yan" tepat dalam perusahaan.

    &. desain dan tata letak ruan" /omputer yan" tepat

    (. 'ence"ahan pro"ram pemeliharaan.

    -. Menerapkan ukuran keamanan yan"tepat: seperti pen%adwalan kembali$ ruan"

    komputer yan" terkunci$ akses terbatas ke ruan" komputer$ prosedur pen"endalian

    perubahan pro"ram 1sehin""a sistem hidup tidak dapat diubah sebelum diperiksa2$ dll