8/13/2019 DQ 9-14 (Kelompok)

1/4

Case Question for Internal Control

MailMed Inc. (MMI), a pharmaceutical firm, provides discounted prescription drugs through

direct mail. MMI has a small systems staff that designs and writes MMI=s customized software.

ntil recently, MMI=s transaction data were transmitted to a service !ureau for processing on its

hardware.

MMI has e"perienced significant sales growth as the cost of prescription drugs has increased and

medical insurance companies have !een tightening reim!ursements in order to restrain premium

cost increases. #s a result of these increased sales, MMI has purchased its own computer

hardware. $he computer center is installed on the ground floor of its two story head%uarters!uilding. It is !ehind large plate glass windows so that the state of the art computer center can !e

displayed as a measure of the company=s success and attract customer and investor attention.

$he computer area is e%uipped with halon gas fire suppression e%uipment and an uninterrupti!le

power supply system.

MMI has hired a small computer operations staff to operate this computer center. $o handle

MMI=s current level of !usiness, the operations staff is on a two shift schedule, five days per

wee&. MMI=s systems and programming staff, now located in the same !uilding, has access to

the computer center and can test new programs and program changes when the operations staff is

not availa!le. #s the systems and programming staff is small and the wor& demands have

increased, systems and programming documentation is developed only when time is availa!le.

'eriodically, !ut not on a scheduled !asis, MMI !ac&s up its programs and data files, storing them

at an off site location.

nfortunately, due to several days of heavy rains, MMI=s !uilding recently e"perienced serious

flooding which reached several feet into the first floor and affected not only the computer

hardware !ut also the data and program files that were on site.

8/13/2019 DQ 9-14 (Kelompok)

2/4

REQUIRED:

a. escri!e at least four computer security wea&nesses that e"isted at MailMed Inc. prior to the

flood occurrence.

!. escri!e at least five components that should !e incorporated in a formal disaster recovery

plan in order that MailMed Inc. can !ecome operational within * hours after a disaster affects its

computer operations capa!ility.

c. Identify at least three factors other than the plan itself, that MailMed Inc. should consider in

formulating a formal disaster recovery plan.

(+ourceCM# -#M)

REQUIRED:

a. Describe at least four computer security weaknesses that existed at MailMed Inc. prior

to the flood occurrence.

/. 0iles are !ac&ed up periodically, not on a scheduled !asis.

*. $he computer center is on the ground floor, !ehind glass not secure.

1. +ystems and programming staff has access to the computer center when operations staff is not

availa!le. 'rogrammers should not !e a!le to modify #live2 production environment, should not

!e unsupervised.

3. ocumentation is inade%uate systems documentation is developed only when time is

availa!le.

. !ile yan" diback#up secara berkala$ tidak secara ter%adwal.

8/13/2019 DQ 9-14 (Kelompok)

3/4

&. 'usat komputer di lantai dasar$ di balik kaca # tidak aman.

(. )istem dan staf pemro"raman memiliki akses ke pusat komputer ketika staf operasi

tidak tersedia. 'ro"rammer seharusnya tidak dapat memodifikasi lin"kun"an

produksi * +li,e$ tidak boleh tanpa pen"awasan.

-. Dokumentasi tidak memadai # sistem dokumentasi dikemban"kan hanya ketika

waktu tersedia.

b. Describe at least fi,e components that should be incorporated in a formal disaster

reco,ery plan in order that MailMed Inc. can become operational within & hours after a

disaster affects its computer operations capability.

/. Contact List: 4ames and telephone num!ers of operations manager, programming staff,!uilding maintenance manager and &ey personnel (disaster and recovery team).

*. Offsite storage5 0acility used for data !ac&ups. #uthorization for several disaster recovery

team mem!ers to pic& up !ac&ups.

1. Detailed backup strategy: +hould include daily, wee&ly, and month end !ac& up, stored

offsite.

3. Select a Ahot site@:#nother computer facility that can !e used in an emergency.

6. Test:7oth hot site and data restoration on e"isting computer on a regular !asis.

8. Signed contracts and authorizations so that &ey disaster recovery team mem!ers can deal with

computer vendors and suppliers for replacement hardware or supplies.

. 'rocedures for reinstating files, rerunning progras, and recalling containated output!

. Daftar /ontak: 0ama dan nomor telepon dari mana%er operasional$ staf pemro"raman$

memban"un mana%er pemeliharaan dan personil kunci 1bencana dan tim pemulihan2.

8/13/2019 DQ 9-14 (Kelompok)

4/4

&. 'enyimpanan offsite: !asilitas yan" di"unakan untuk backup data. /ewenan"an untuk

beberapa an""ota tim pemulihan bencana untuk men"ambil backup.

(. strate"i back#up yan" detail: Mencakup back up harian$ min""uan$ dan akhir bulan$

disimpan offsite 1luar2.

-. 'ilih situs +hot *: !asilitas lain komputer yan" dapat di"unakan dalam keadaan

darurat.

3. 4est: /edua 5ot site dan pemulihan data pada komputer yan" ada secara teratur.

6. Menandatan"ani kontrak dan otorisasi sehin""a an""ota tim pemulihan bencana utama

dapat berurusan den"an ,endor komputer dan pemasok untuk pen""antian hardware atau

persediaan.

. 'rosedur untuk pemulihan file kembali$ men%alankan pro"ram kembali$ dan recalling

output yan" terkontaminasi.

c. Identify at least three factors other than the plan itself$ that MailMed Inc. should

consider in formulatin" a formal disaster reco,ery plan.

/. +electing the proper team within the company.

*. 'roper computer room design and layout.

1. 'reventative maintenance program.

3. Implementing proper security measures5 such as scheduled !ac& ups, loc&ed computer room,

limited access to computer room, program change control procedures (so live system cannot !e

changed until properly tested), etc.

. Memilih tim yan" tepat dalam perusahaan.

&. desain dan tata letak ruan" /omputer yan" tepat

(. 'ence"ahan pro"ram pemeliharaan.

-. Menerapkan ukuran keamanan yan"tepat: seperti pen%adwalan kembali$ ruan"

komputer yan" terkunci$ akses terbatas ke ruan" komputer$ prosedur pen"endalian

perubahan pro"ram 1sehin""a sistem hidup tidak dapat diubah sebelum diperiksa2$ dll