Laserfiche WebLink
CHAPTER 4: CASH HANDLING SYSTEMS <br />Can" to be used as a back -up for any alternate Cashier when <br />additional coverage is needed. Adherence to and enforcement of <br />improved control procedures will improve accountability and <br />security of the customer payment process and better <br />communicate DWS management's objective to safeguard <br />customer monies. <br />Criteria. Internal Control Criteria — COSO Component No. 3. <br />"Control activities are the policies and procedures that help ensure <br />management's directives are carried out. They help ensure that <br />necessary actions are taken to address risks to the achievement <br />of organizational objectives. Control activities occur throughout <br />the organization at all levels and in all functions. They include a <br />range of activities as diverse as approvals; authorizations; <br />verifications; reconciliations; reviews of operating performance; <br />security of assets; and segregation of duties." <br />Criteria. Internal Control Criteria — COSO Component No. 4. <br />"Information and Communication — Pertinent information must be <br />identified, captured, and communicated in a form and timeframe <br />that enable employees to carry out their responsibilities in an <br />effective and efficient manner. Information systems produce <br />reports containing operational, financial, and compliance- related <br />information that help management run and control the <br />organization. " <br />FINDING Computer system security at walk -in customer service <br />Payment windows is inadequate. <br />The Public Utility Billing System (PUBS) is logged onto at the <br />beginning of each work day using the Cashier's login, and is not <br />programmed with an automatic lockout mechanism after a <br />specified period of nonuse. The current PUBS application also <br />does not require entry of an authorized user identifier or password <br />for entering of each transaction. At the Hilo office and Waimea <br />and Kona District offices, the auditors observed that Cashiers at <br />walk -in payment windows leave their computers logged onto <br />PUBS when leaving to do other tasks. Although a screen saver is <br />used, the payment screen remains accessible simply by hitting <br />any computer key, creating the potential for unauthorized access <br />and unauthorized transactions to be entered into PUBS. If the <br />Customer Service Supervisor or other personnel is covering for <br />the Cashier, they can transact business under the Cashier's login. <br />As a result, there is no audit trail of transactions by Cashier login, <br />reducing overall accountability and the ability of individual <br />Cashiers to control transactions entered under their own Iogins. <br />32 <br />