The Travel Internal Audit Department have reviewed the IT function to assist in establishing new efficiencies. After an extensive review of the IT management procedures, the auditor discovers the following: When reviewing the companys IT organisation for financial delegation and accountabilities, the Audit Department listed the following duties:

Systems Analysts: Supervise programming staff. Design client applications or select third party software. Check operation of applications while running. Determine any necessary maintenance or efficiency adjustments and corrections to program applications and make such program changes as necessary. Train Computer Operators in program applications they have designed. Prepare User Operations Manual for applications they have designed.

Programmers: Code program applications to specifications designed by system analysts. Assist System Analysts in documenting application procedures. Prepare test data for testing program. Operate computer when testing programs or when computer operators are absent due to illness or annual leave or during end of month second shifts.

Librarian: Ensure computer operating system is maintained to latest version from software supplier. Maintain register of all client application programs. Maintain register of all utility programs. Secure all programs not in use in a cupboard in the computer room. Create backup copies of all data and programs once a month and store in the "Library" cupboard in the computer room.

Other IT General security procedures were also noted as follows: i. Each member of the staff signed a daily log book when they arrived and left for the day. Many staff members signed for both arrival and departure on arrival or during the day when their workload allowed them. ii. Visitors were issued with a visitor's badge at the entrance to the IT area and allowed them to then enter to see the relevant member of staff. iii. Security doors to the IT department and the computer room were usually left open. iv. Fire alarms were functioning but fire extinguishers were not carrying valid test tags. v. The company had regular tours of their computer room by schools in the vicinity. vi. The computer hardware supplier had recently moved their head office operations to another state. Their new head office had the only other mainframe computer of their brand that was large enough to be used as an emergency backup.

Tasks required: a) Review the current roles of the IT organisational staff and identify any conflicting roles and responsibilities, explain why these are internal control weaknesses and recommend who should do these roles and why. b) For each of the IT General Security issues, review and develop procedures to identify the internal control issues, the risks to the business and develop appropriate modifications to ensure organisational compliance that will prevent or detect future instances of the error