12-27 (Objectives 12-2, 12-3) Your new audit client, Hardwood Lumber Company, has a computerized accounting system for all financial statement cycles. During planning, you visited with the information systems vice president and learned that personnel in information systems are assigned to one of four departments: systems programming, applications programming, operations, or data control. Job tasks are specific to the individual and no responsibilities overlap with other departments. Hardwood Lumber relies on the operating system software to restrict online access to individuals. The operating system allows an employee with “READ” capabilities to only view the contents of the program or file. “CHANGE” allows the employee to update the contents of the program or file. “RUN” allows the employee to use a program to process data. Programmers, both systems and applications, are restricted to a READ-only access to all live application software program files but have READ and CHANGE capabilities for test copies of those software program files. Operators have READ and RUN capabilities for live application programs. Data control clerks have CHANGE access to data files only and no access to software program files. The person in charge of operations maintains access to the operating software security features and is responsible for assigning access rights to individuals. The computer room is locked and requires a card-key to access the room. Only operations staff have a card-key to access the room, and security cameras monitor access. A TV screen is in the information systems vice president’s office to allow periodic monitoring of access. The TV presents the live picture and no tape record is maintained. The librarian, who is in the operations department, is responsible for maintaining the library of program tapes and files. The librarian has READ and CHANGE access rights to program tapes and files. The files, when not being used, are stored in shelves located in a room adjacent to the computer room. They are filed numerically based on the tape label physically attached on the outside of the tape cartridge to allow for easy identification by operators as they access tapes from the shelves for processing.
What recommendations for change can you suggest to improve Hardwood’s information systems function?