Three years ago the Triumph Manufacturing implemented a networked transaction processing system to link their various departments and allow data sharing.  Prior to then, Triumph employed a system based on stand-alone PCs. When the new system was implemented each employee was given a user ID and assigned a four digit password to permit access to the system.  Once in the system, they had the option of changing their passwords or keeping the one originally assigned.  Since everyone in the organization was new to the system, the operating philosophy adopted by Triumph was to establish an open system that would facilitate efficient processing with minimal inconvenience.  Towards this end, employee access privileges to data and processes were assigned based on functional affiliation. For example sales staff had access to all processes and data pertaining to sales transactions such as order entry procedures, inventory control, credit checking, customer credit files, sales invoices, inventory records, etc.  Similarly, all accounting staff were granted access to such processes as updating accounts receivable, accounts payable, cash receipts and all journals, subsidiary ledgers, and general ledger accounts related to these tasks.    

Recently, the internal auditor identified material errors and possible irregularities in the financial statements.  She is concerned about the lack of security and the potential for fraud and unauthorized access from internet hackers.  

Required:

Outline the control procedures and policies that would reduce these risks and explain your solution.