QUESTION
(a) Internal control systems need to be continuously monitored. This is a process that assesses the quality of the performance of a system over time and is accomplished by two approaches. Describe those two approaches.
(b) The auditors of a healthcare company found that the company is in breach of the Data Protection Act following an investigation into the online application system for refund of claims. This function of online application was outsourced to an IT company a year ago. The security breach meant that the personal data of customers applying for refunds was potentially visible to others visiting the website. The IT Company was asked to immediately stop the online application facility. Further investigations revealed that the IT Company did not have any experience in developing and hosting such IT systems.
i. Identify and explain the controls that should have been in place to possibly avoid the breach.
ii. The healthcare company could have made use of indicators to provide an early warning signal that a risk is emerging to enable management to take proactive action. What is this indicator and how would it have helped the company?