Professional Documents
Culture Documents
A-9 50 marks
Your client, Cowboys and Crooks, has just computerised its debtors and creditors
systems. For this purpose the management of the company recently established a
department known as the IS department (Information Systems).
Entry clerks
There are three computer terminals in the IS department that are linked online to the
mainframe computer in the office of the IS manager, Clint Westwood. Mr Westwood
is responsible for appointing new staff members after interviews have been
conducted with them, as well as for solving problems that arise within the IS
department.
Bud Spender is the programmer for Cowboys and Crooks. The following job
description appears in the employment contract of programmers:
John Dwayne acts as control clerk. He receives all data for input and processing
from the user departments. He also hands the day's printouts and other output
documents to the messenger at the end of each day, who then takes this to the
appropriate departments.
Terence Kill is the librarian. Terence stores all data files of Cowboys and Crooks by
locking them in the safe at the end of each day, after he has walked through the
whole department and collected all disks. When Bud Spender's work load is too
great, Terence also acts as assistant programmer. Billy and Shane are the two
capturing clerks. They prepare data for computer processing and enter the data.
REQUIRED
A-9 50 punte
U kliënt, Cowboys en Crooks, het pas hulle voorraad-, debiteure en krediteure stelsels
gerekenariseer. Vir hierdie doel het die bestuur van die maatskappy onlangs 'n afdeling
tot stand gebring wat bekend staan as die RIS-afdeling (Rekenaar
Inligtingstelselsafdeling).
Die organisasiestruktuur van die RIS-afdeling sien tans soos volg daaruit:
RIS-bestuurder
Invoerklerke
Daar is 3 rekenaar terminale binne die RIS-afdeling, wat intyds gekoppel is aan die
hoofraamrekenaar in die RIS-bestuurder, Clint Westwood, se kantoor. Meneer
Westwood is verantwoordelik om nuwe personeellede aan te stel, nadat onderhoude
met die aansoekers gevoer is, asook om alle probleme wat binne die RIS-afdeling
ontstaan, op te los.
John Dwayne tree op as kontroleklerk. John ontvang alle data vir invoer en
verwerking vanaf die gebruikersafdelings. Hy oorhandig ook aan die einde van elke
dag die betrokke dag se drukstukke en ander uitvoerdokumente aan die bode, wie
dit dan na die toepaslike afdelings neem.
Terence Kill is die bibliotekaris. Terence bewaar alle datalêers van Cowboys en
Crooks deur dit aan die einde van elke dag in die kluis toe te sluit, nadat hy deur die
hele afdeling gestap het en alle stiffies gekollekteer het. Wanneer Bud Spender se
werkslading te veel is, tree Terence ook as hulp-programmeerder op. Billy en Shane
is die twee invoerklerke. Hulle berei data voor vir rekenaarverwerking en sleutel die
data in.
Meneer Westwood wil binnekort 'n hele aantal nuwe personeel binne sy afdeling
aanstel. Hy het u genader om hom behulpsaam te wees met die opstel van
standaardprosedures om te verseker dat goeie personeelpraktyke deurentyd binne
die RIS-afdeling toegepas word.
Vorderingsvraag / Progress question
VERLANG
3. Bespreek die kontroles wat ingestel kan word om ongemagtigde toegang tot die
rekenaars, sagteware en data te voorkom en op te spoor. (21)
Vorderingsvraag / Progress question
A-9 50 punte
Behalwe vir die voer van onderhoude deur die EDV-bestuurder, wil dit
voorkom asof daar 'n gebrek is aan formele en behoorlike
aanstellingsprosedures.
Die kontroleklerk voer geen prosedure/toetse/kontroles uit oor die data wat vir
invoer ontvang word, die verwerkingsproses self en die resultate van
verwerking (uitvoerdokumentasie) nie. (2)
Dit blyk dat die bibliotekaris slegs data lêers bewaar en nie ook die ander
sagteware (toepassings- en stelselprogramme) en stelseldokumentasie van
Cowboys en Crooks nie.
Verlof: Spesiale reëlings moet getref word wanneer persone met vakansie- of
siekverlof is en persone moet aangemoedig word om gereeld verlof te neem.
(2)
Skeiding van pligte en kennis moet egter deurentyd in gedagte gehou word
wanneer rotasie van pligte plaasvind. (1)
'n Formele, skriftelike beleid dat slags gemagtigde persone terminale mag
gebruik en dat streng opgetree sal word teen ongemagtigde gebruikers van
terminale. Hierdie beleid moet aan alle personeel deurgegee word. (1)
Vorderingsvraag / Progress question
Daar mag slegs binne besigheidsure toegang tot die stelsel verkry word - na-
ure moet toegang beperk word deur die gebruik van alarms en/of
sekuriteitswagte. (2)
o die terminale moet slegs gebruik kan word as die korrekte wagwoord
gebruik word;
o daar moet behoorlike kontrole oor wagwoorde te wees: personeel moet
ingelig word oor die belangrikheid van geheimhouding van wagwoorde;
o wagwoorde moet met sorg gekies word en nie vir die gemak waarmee
dit onthou kan word nie: geboortedatums en identiteitsnommers mag
byvoorbeeld nie gebruik word nie;
o wagwoorde mag nie gedruk, geskryf of geplak word waar ongemagtigde
gebruikers dit kan sien nie;
o wagwoorde moet gereeld verander word, veral na byvoorbeeld 'n
verandering in personeel. (5)
Die rekenaars moet rekord hou van onsuksesvolle pogings om toegang tot die
terminale te verkry. Sulke Iyste moet daagliks gedruk word en baie noukeurig
deur meneer Westwoord ondersoek en opgevolg word. (2)
Die stelsel moet 'n gebruiker outomaties uitlog as 'n terminaal vir 'n ruk lank
nie gebruik word nie. (1)
Wanneer die stelsel vir 'n sekere tyd nie gebruik is nie, moet toegang tot die
stelsel verkry word deur die herinvoer van die wagwoord. (1)
Vorderingsvraag / Progress question
Aan die einde van elke dag moet elke rekenaar 'n Iys/log/register druk van
daaglikse aktiwiteite. Dit moet deur ‘n onafhanklike persoon nagegaan word
vir enige ongemagtigde gebruik of veranderinge. Enige aanduidings van
ongemagtigde aktiwiteite moet onmiddellik ondersoek en opgevolg word. (2)
puntetoekenning: soos aangedui maksimum 21
Vorderingsvraag / Progress question
A-9 50 punte
The programmer design and test new systems and programming changes.
There is clearly a lack of a formal system development methodology which
pinned separated duties and responsibilities. (2)
The control clerk is not running procedures / tests / controls on the data
received for import, processing process itself and the results of processing
(export documentation). (2)
It seems that keep the librarian only keeps data files and not the other
software (application and system software) and system documentation of
Cowboys and Crooks.
It appears that the library function occurs informally the librarian walked
through the entire section and collect all discs. There is a lack of formal
authority and control over the issuing and receiving back of data files. (2)
Mark allocation: As indicated Maximum 13
Cowboys and Crooks must have a formal appointment policy to ensure that
only honest and competent staff appointed. It involves the following:
Vorderingsvraag / Progress question
Duties should be rotated regularly to bring about cross training and prevent
boredom. (1)
Career planning should be done for staff. Recognition should be given for
good work. Staff must always feel motivated and successful. People should
be promoted based on their performance. (2)
Continuous evaluation of work done by staff, should take place for example
the volume of work, quality work and so on. (1)
Management staff have a positive attitude toward internal control and control
cultivation, control measures should be put in place and staff properly trained
in its use. Management policy must be applied consistently and operation of
controls should be monitored. Management must set an example for staff. (3)
A formal, written policy that only authorized persons may use terminals and
that strict action will be taken against unauthorized users of terminals. This
policy should be given to all staff. (1)
o the doors should always be closed when the computer is not in use and
when Mr. Westwood leaves his office; (1)
o only authorized users have access to keys to the offices; (1)
Vorderingsvraag / Progress question
o computer terminal itself must be closed when not in use (physical terminal
locks); (1)
o the terminal should be placed in a visible, conspicuous places where it is not
hidden, so that an unauthorized person working on a computer can be
easily spotted. (1)
There may only access to the system within business hours. After-hours
access must be limited by the use of alarms and/or security guards. (2)
The system must automatically sign out if a user has not been at a terminal for
a while. (1)
When the system used for a certain time, have gained access to the system
by the reinsertion of the password. (1)
At the end of every day, every computer should have a list / log / register
pressure of daily activities. This should be checked by an independent person
for any unauthorized use or changes. Any evidence of unauthorized activities
must be investigated and followed up immediately. (2)