You play the role of Sam, the system administrator. Acme is responsible for completing a huge target of 180 thousand orders. It holds the reputation of having an extremely low error rate for the central distribution per industry standards. Therefore, Acme is viewed as a model of efficiency. Another good thing about Acme is that it operates XX and on holidays!
At the Acme Distribution Center, your colleagues are the following seven employees: Robert, the lead warehouse receiver Jennifer, sales and accounts payable Bradley, the warehouse general manager Lu Ellen, the shipper Buster, the shipper Lloyd, the purchasing agent Spare, for temporary help Jennifer works in the Sales Department by day and part-time as the evening accounts payable clerk with credit memo privileges to correct customer orders.
Jennifer is a valuable asset for the organization. Since she joined the accounts payable department, the late payment rate has dropped by 20 percent while the warehouse-shipping rate increased by 10 percent, and the overall profit has increased by a modest amount of 0. 005 percent for the first reporting period. Your general manager, Bradley is concerned that there is a high-value inventory moving through the system, but the profits are, at best, meager for high margin items.
Bradley discussed the issue of inventory volume with Lloyd to see if he knew of any reason for the miserable performance, since so many high-value teems were being ordered and shipped. Assignment Requirements Your goal is to ensure that the users have only those access permissions that they need to perform their jobs effectively. A bit of research reveals that the warehouse has many goods to ship. You developed the following matrix and scheme to identify conflicts in duties to address with the management.
This will help Acme during the pending audit and reduce asset risk. Questions: 1 . Define the concept of separation of duties (two points): The idea of having one or more people required to complete a task. 2. Define the concept of least privilege (two points): Decides whether a User, application, or other entity should be given a minimum level of rights necessary to perform important functions. 3. Define the concept of need to know (two points): Basically its restricted information or data that is very sensitive. 4.
Using the following legend, provide the users with the appropriate rights and permissions (32 points): Code Description Assigned to the user Needed for primary function Never Temporary By Position Assigned Read Only Segregation of Duties Matrix Current (System User-Rights and Permissions) Department Jennifer Buster Bradley Lloyd Lu Ellen Robert Spare Sam Receiving Shipping Sales Accounts Payable Segregation of Duties Matrix Revised Lloyd OR 5. Explain why you assigned the roles and access privileges to the users in the above scenario (32 points). . Robert, the lead warehouse receiver: Needs access to receiving information because he manages incoming package and should have access to shipping info to separate packages in warehouse. B. Jennifer, sales and accounts payable: Primary function need to manage sales and accounts payable along with read only access to shipping and receiving information to make sure it’s going to correct customer or warehouse. C. Bradley, the warehouse general manager: He should have read only access because his job is to make sure everything is on track. D.
Lu Ellen, the shipper: Should only have access to shipping info and read only information on receiving to make sure it’s going to correct place or person. E. Buster, the shipper: Same as Lu Ellen permissions. F. Lloyd, the purchasing agent: This person should have permissions for accounts payable as well read only sales information in order to make any purchases needed. G. Sam, the system administrator: All permissions allowed by this user incase information was incorrect or not validated. H. Spare, for temporary help: Temporary permissions given to this person since this person is only temporary. 6.
Questions on Snifter’s access account (15 points): a. What are the incompatible functions in Snifter’s access account? The incompatibilities are that Jennifer is in charge of sales and accounts payable. There will be a conflict between both aspects as they rely on one and another. She is in control of sales of goods and the payment of goods. There are multiple areas that can be a potential breach. B. Why do you think the incompatibility existed? It is incompatible because she can sell and bill goods as she sees fit. She could try to bill or sell to herself and say it’s been paid, when it hasn’t been. . Questions on Load’s access account (15 points): a. What were the potential conflicts and incompatible functions in Load’s, access account authorizations? There aren’t really any potential conflicts as he got read only access on sales and no permission on everything else except account payable so he can make purchase order. B. Explain your reasoning. In his situation, he couldn’t do what Jennifer could do and he only has access to account payable for orders. But, still it could be a potential breach because he as access to the accounts and could make an illegal purchase.