SlideShare a Scribd company logo

BSA520 v4Gail Industries Case StudyBSA520 v4Page 6 of 6.docx

Download as DOCX, PDF
J
jasoninnes20

BSA/520 v4 Gail Industries Case Study BSA/520 v4 Page 6 of 6 Gail Industries: Smallville Collections Processing Entity Case Study This case study will be used to complete your assignments throughout the course. Some sections of the case study will be necessary in multiple assignments. See the assignment instructions for specific assignment requirements.Introduction to Gail Industries Gail Industries is a partner to many Fortune 1000 companies and governments around the world. Gail Industries’ role is to manage essential aspects of their clients’ operations while interacting with and supporting the people their clients serve. They manage millions of digital transactions every day for various back office processing contracts. One of Gail Industries’ clients is the city of Smallville. Smallville, despite its name, is a metropolis seated in the heart of the nation. The city has 2.5 million residents, and the greater Smallville metropolitan area has a population of about 4 million people.Overview of the Operations of Smallville Collections Processing Entity (SCOPE) Summary of Services Provided Collections Processing The Smallville Collections Processing Entity (SCOPE) provides collections processing services to the city of Smallville. SCOPE receives tax payments, licensing fees, parking tickets, and court costs for this major municipality. The city of Smallville sends out invoices and other collections notices, and SCOPE processes payments received through the mail, through an online payment website, and through an interactive voice response (IVR) system. Payments are in the form of checks, debit cards, and credit cards. After processing invoices, SCOPE deposits the monies into the bank account for the city. SCOPE is responsible for ensuring the security of the mail that comes into the possession of all employees, subcontractors, and agents at its processing facility, located within Smallville. Controls and procedures for money and mail handling are established by SCOPE to ensure payments are accounted for, from the earliest point received through processing and deposit. These controls and procedures provide: 1. Assurances for proper segregation of duties 2. The design and use of satisfactory documentation to ensure proper recording of transactions 3. The safeguarding of access to and use of all assets and records 4. Independent checks on performance Payment Receipt The purpose of collections processing is to receive and process various types of payments, post the payment data to the Central Collections System (CCS), and deposit the accompanying funds in the Smallville bank account. This process includes the following types of payment receipts: · Regular mail – paper checks only · Website – credit and debit card payments; electronic checks · IVR – credit and debit card payments Mail Delivery A bonded courier picks up the payments from the United States Postal Service (USPS) facility in Smallville. SCOPE uses a subcontractor for courier servic ...

Education
1 of 11
BSA/520 v4 Gail Industries Case Study BSA/520 v4 Page 6 of 6 Gail Industries: Smallville Collections Processing Entity Case Study This case study will be used to complete your assignments throughout the course. Some sections of the case study will be necessary in multiple assignments. See the assignment instructions for specific assignment requirements.Introduction to Gail Industries Gail Industries is a partner to many Fortune 1000 companies and governments around the world. Gail Industries’ role is to manage essential aspects of their clients’ operations while interacting with and supporting the people their clients serve. They manage millions of digital transactions every day for various back office processing contracts. One of Gail Industries’ clients is the city of Smallville. Smallville, despite its name, is a metropolis seated in the heart of the nation. The city has 2.5 million residents, and the greater Smallville metropolitan area has a population of about 4 million people.Overview of the Operations of Smallville Collections Processing Entity (SCOPE) Summary of Services Provided Collections Processing The Smallville Collections Processing Entity (SCOPE) provides collections processing services to the city of Smallville. SCOPE receives tax payments, licensing fees, parking tickets, and court costs for this major municipality. The city of Smallville sends out invoices and other collections notices, and SCOPE processes payments received through the mail, through an online payment website, and through an interactive voice response (IVR) system. Payments are in the form of checks,
debit cards, and credit cards. After processing invoices, SCOPE deposits the monies into the bank account for the city. SCOPE is responsible for ensuring the security of the mail that comes into the possession of all employees, subcontractors, and agents at its processing facility, located within Smallville. Controls and procedures for money and mail handling are established by SCOPE to ensure payments are accounted for, from the earliest point received through processing and deposit. These controls and procedures provide: 1. Assurances for proper segregation of duties 2. The design and use of satisfactory documentation to ensure proper recording of transactions 3. The safeguarding of access to and use of all assets and records 4. Independent checks on performance Payment Receipt The purpose of collections processing is to receive and process various types of payments, post the payment data to the Central Collections System (CCS), and deposit the accompanying funds in the Smallville bank account. This process includes the following types of payment receipts: · Regular mail – paper checks only · Website – credit and debit card payments; electronic checks · IVR – credit and debit card payments Mail Delivery A bonded courier picks up the payments from the United States Postal Service (USPS) facility in Smallville. SCOPE uses a subcontractor for courier services. This courier is dedicated, picking up and delivering mail only for SCOPE. This courier is also required to sign for registered, certified, and express delivery envelopes. Opening and Sorting Mail The daily success of payment processing depends on receiving
mail quickly from the postal service, opening that mail, and properly sorting the contents for processing. Batches contain similar payment types: tax payments are processed together, court collections together, and so forth. Deposits Deposits are made daily into the Smallville bank account. Electronic payments (debit cards, credit cards, and paperless checks) are deposited through an interface between CCSys and the bank. Checks are converted to electronic debits and deposited electronically. However, those that cannot be converted to electronic form are deposited in physical form.Functional Areas of Operations Gail Industries uses the following specific functional areas of operations for SCOPE: · Contract manager – responsible for the overall management of contract deliverables of the payment processing operation, including the monitoring of financial expenditures to ensure compliance with contract budgets. · Operations manager – responsible for planning, managing, and controlling the day-to-day activities of the team that provides operational support for the business unit, including the establishment of operational objectives and work plans and delegation of assignments to subordinate managers. · Information technology (IT) manager – responsible for developing and maintaining the strategy of the future direction of IT infrastructure, including developing plans for the implementation of new IT projects and managing relationships with IT-related vendors and subcontractors. · Accounting – responsible for performing a variety of routine clerical and accounting functions within the accounting department, including daily balancing of receipts. In addition, the accountant resolves exception transactions, including charged back checks (bounced checks), forgery affidavits, and recoupment. · Call center – the city of Smallville does not have a centralized
call center for handling questions relating to payments and invoices. It is considering adding one to the scope of services offered by Gail Industries.Information SystemsServices Gail Industries services are designed around the following tools and technologies: · Data Capture and Imaging – real-time instrument imaging and data capture—provides imaging, accountability and reporting of checks and remitted payments. · Invoice Management and Reporting – data correction and maintenance utilizing automated payment auditing and historical analysis. A browser-based application is available for internal SCOPE and Smallville staff to perform administrative functions. A separate internet-accessible payment portal allows for citizens, business owners, and others to view invoices and make payments.Processing Platforms Gail Industries currently utilizes cloud-based servers on the Amazon Web Services (AWS) platform for internet-accessible application. Data capture, imaging, and the payment processing application run on local servers in a secured computer room. Local servers run both Linux and Windows Server operating systems. Data is stored on Microsoft SQL Server to provide storage of payment, image, and balancing data. The servers supporting the CCS are housed within the server room (also known as the data center) and are managed by Gail Industries’ IT staff. The IT staff provides the following services: · Firewall management – monitoring and management of the firewall systems and networks on a 24/7/365 basis. · Network monitoring – proactive network and server monitoring services to help maximize system performance and uptime. · Data backup – data backup services for the production payment, imaging, and balancing data. · Incident management – IT incident monitoring, documentation, and resolution management.Control Objectives and Related Controls
Note: Only select control objectives and related controls are included in the list below.Physical Security (Data Center) Control Objective 1: The controls provide reasonable assurance that physical access to computer resources within Gail Industries’ data center is restricted to authorized and appropriate personnel. To protect physical assets, management has documented and implemented physical access procedures to grant, control, monitor, and revoke access to the on-site data center. The data center requires two-factor authentication: a biometric credential via retinal eye scanner and a badge access card. Individuals requesting badge access document the request on a standardized employee management form that must be approved by departmental management. Administrative access to the badge access system is restricted to authorized IT personnel. When an employee is terminated, IT personnel revoke the badge access privileges as a component of the termination process. In addition, the IT manager performs a review of badge access privileges on a monthly basis to help ensure that terminated employees do not retain badge access. All visitors must sign a logbook and present picture ID to their escort upon entering the data center. Access is restricted to authorized IT personnel and equipment technicians. CCTV surveillance cameras are utilized throughout the facility and the data center to record activity; these images are retained for a minimum of 45 days.Physical Security (Facilities) Control Objective 2: Controls provide reasonable assurance that physical access to assets within Gail Industries’ facilities is restricted to authorized and appropriate personnel. To protect physical assets, management has documented and implemented physical access procedures to grant, control, monitor, and revoke access to the on-site facility for SCOPE. A door badge access system is employed to control access to areas within the facility (including the data center) through the use of predefined security zones. Individuals requesting badge access to the facility document the
request on a standardized employee management form, accessible through Gail Industries’ employee on-boarding system (known as GEO). All requests must be approved by departmental management. Administrative access to the badge access system is restricted to authorized IT personnel. Upon termination (voluntary or involuntary), IT personnel revoke badge access privileges as a task in the termination process. In addition, the IT manager performs a monthly review of badge access privileges to ensure that terminated employees do not retain badge access. Both entrances into the facility are locked and are monitored by administrative personnel. The receptionist must unlock the door for visitor access. Visitors are required to ring a video doorbell and announce themselves to the receptionist. Visitors sign a logbook when entering the facility, and they are required to wear a visitor’s badge at all times. Visitors must be escorted by an authorized employee when accessing sensitive facility areas such as the mail room and server room. CCTV surveillance cameras are utilized throughout the facility and server room to record activity. Video images are retained for a minimum of 45 days.Change Management Control Objective 4: Controls provide reasonable assurance that changes to network infrastructure and system software are documented, tested, approved, and properly implemented to protect data from unauthorized changes and to support user entities’ internal control over financial reporting. Documented change management policies and procedures are in place to address change management activities. Further, there are provisions for emergency changes to the infrastructure and operating systems. Change requests are documented via a change request (CR) form. CRs include details of the change, including the change requestor, the date of the request, the change description, and change specifications. Management, through the Change Advisory Board (CAB), holds a weekly meeting to review and prioritize change requests. During this meeting, management authorizes change requests by signing off
on the CR form. Detailed testing is performed prior to implementation of the change in test environments that are logically separated from the production environment. The CAB approves the changes prior to implementation. The ability to implement infrastructure and operating system updates to the production systems is restricted to user accounts of authorized IT personnel.Logical Security Control Objective 5: Controls provide reasonable assurance that administrative access to network infrastructure and operating system resources is restricted to authorized and appropriate users to support user entities’ internal control over financial reporting. Information security policies have been documented and are updated annually to assist personnel in the modification of access privileges to information systems and guide them in safeguarding system infrastructure, information assets, and data. Infrastructure and operating system users are authenticated via user account and password prior to being granted access. Password requirements are configured to enforce minimum password length, password expiration intervals, password complexity, password history requirements, and invalid password account lockout threshold, as documented in the IT Policies and Procedures Manual. The CCS application authenticates users through the use of individual user accounts and passwords before granting access to the applications. CCS utilizes predefined security groups for role-based access privileges. The application enforces password requirements of password minimum length, password expiration intervals, password complexity, password history, and invalid password account lockout threshold.Excerpt from IT Policies and Procedures Manual Version 1.0, 12/31/2016 Revision History Date Author
Notes 12/31/2016 Ken Smith Version 1.0, accepted by client Overview This policy is intended to establish guidelines for effectively creating, maintaining, and protecting passwords at SCOPE. Scope This policy shall apply to all employees, contractors, and affiliates of SCOPE, and shall govern acceptable password use on all systems that connect to SCOPE network or access or store SCOPE, city of Smallville, or Gail Industries data. Policy Password Creation 1. All user and admin passwords must be at least [8] characters in length. Longer passwords and passphrases are strongly encouraged. 2. Where possible, password dictionaries should be utilized to prevent the use of common and easily cracked passwords. 3. Passwords must be completely unique, and not used for any other system, application, or personal account. 4. Default installation passwords must be changed immediately after installation is complete. Password Aging 1. User passwords must be changed every 60 days. Previously used passwords may not be reused. 2. System-level passwords must be changed on a monthly basis. Password Protection 1. Passwords must not be shared with anyone (including coworkers and supervisors), and must not be revealed or sent electronically. 2. Passwords shall not be written down or physically stored anywhere in the office. 3. When configuring password “hints,” do not hint at the format of your password (e.g., “zip + middle name”) 4. User IDs and passwords must not be stored in an unencrypted
format. 5. User IDs and passwords must not be scripted to enable automatic login. 6. “Remember Password” feature on websites and applications should not be used. 7. All mobile devices that connect to the company network must be secured with a password and/or biometric authentication and must be configured to lock after 3 minutes of inactivity. Enforcement It is the responsibility of the end user to ensure enforcement with the policies above. If you believe your password may have been compromised, please immediately report the incident to the IT Department and change the password. Copyright© 2019 by University of Phoenix. All rights reserved. Copyright© 2019 by University of Phoenix. All rights reserved. Type a caption for your photo The highest rates of victims in Washington, D.C. include: Include 5-10 types of victims and statistics for each type Crime Victims' Bill of Rights Insert information Phone: [Telephone] Email: [Email address] Web: [Web address] Victims’ Rights and Services Above the title, insert an appropriate and engaging graphic. In this text box, Insert a few important statistics. Crime Victims’ Compensation Program Contact Us Insert information Types of Victims Note: This brochure is designed to be printed. You should test print
on regular paper to ensure proper positioning before printing on card stock. You may need to uncheck Scale to Fit Paper in the Print dialog (in the Full Page Slides dropdown). Check your printer instructions to print double-sided pages. To change images on this slide, select a picture and delete it. Then click the Insert Picture icon in the placeholder to insert your own image. To change the logo to your own, right-click the picture “replace with LOGO” and choose Change Picture. Header Community Resources This spot would be perfect for a mission statement. You might use the right side of the page to summarize how you stand out from the crowd and use the center for a brief success story. (And be sure to pick photos that show off what your company does best. Pictures should always dress to impress.) Think a document that looks this good has to be difficult to format? Think again! The placeholders in this brochure are formatted for you. Enter your own text with just a click. “insert powerful quote about rights and/or services.” Get the exact results you want To easily customize the look of this brochure, on the Design tab of the ribbon, check out the Themes, Colors, and Fonts galleries. Have company-branded colors or fonts? No problem! The Themes, Colors, and Fonts galleries give you the option to add your own. Use a photo depicting victim resources Don’t forget to include some specifics about what you offer, and how you differ from the competition. Want to help us create change? Volunteer with us!
Insert volunteer information Use a photo depicting volunteers Note: This brochure is designed to be printed. You should test print on regular paper to ensure proper positioning before printing on card stock. You may need to uncheck Scale to Fit Paper in the Print dialog (in the Full Page Slides dropdown). Check your printer instructions to print double-sided pages. To change images on this slide, select a picture and delete it. Then click the Insert Picture icon in the placeholder to insert your own image. To change the logo to your own, right-click the picture “replace with LOGO” and choose Change Picture.

Recommended

BSA505 v4Gail Industries Case StudyBSA505 v4Page of G.docx
BSA505 v4Gail Industries Case StudyBSA505 v4Page of G.docxBSA505 v4Gail Industries Case StudyBSA505 v4Page of G.docx
BSA505 v4Gail Industries Case StudyBSA505 v4Page of G.docx
curwenmichaela
 
BSA505 v4Gail Industries Case StudyBSA505 v4Page of G.docx
BSA505 v4Gail Industries Case StudyBSA505 v4Page of G.docxBSA505 v4Gail Industries Case StudyBSA505 v4Page of G.docx
BSA505 v4Gail Industries Case StudyBSA505 v4Page of G.docx
jasoninnes20
 
Bsa505 v4 gail industries case studybsa505 v4page 2 of 14
Bsa505 v4 gail industries case studybsa505 v4page 2 of 14Bsa505 v4 gail industries case studybsa505 v4page 2 of 14
Bsa505 v4 gail industries case studybsa505 v4page 2 of 14
honey690131
 
BSA505 v4Gail Industries Case StudyBSA505 v4Page 2 of 14.docx
BSA505 v4Gail Industries Case StudyBSA505 v4Page 2 of 14.docxBSA505 v4Gail Industries Case StudyBSA505 v4Page 2 of 14.docx
BSA505 v4Gail Industries Case StudyBSA505 v4Page 2 of 14.docx
richardnorman90310
 
BSA505 v4Gail Industries Case StudyBSA505 v4Page 2 of 14.docx
BSA505 v4Gail Industries Case StudyBSA505 v4Page 2 of 14.docxBSA505 v4Gail Industries Case StudyBSA505 v4Page 2 of 14.docx
BSA505 v4Gail Industries Case StudyBSA505 v4Page 2 of 14.docx
jasoninnes20
 
BSA505 v4Gail Industries Case StudyBSA505 v4Page 2 of 14.docx
BSA505 v4Gail Industries Case StudyBSA505 v4Page 2 of 14.docxBSA505 v4Gail Industries Case StudyBSA505 v4Page 2 of 14.docx
BSA505 v4Gail Industries Case StudyBSA505 v4Page 2 of 14.docx
curwenmichaela
 
L {M,s s ∈ L(M), L(M) = 2}. Prove that L ∉ SD by a reduc.docx
L {M,s s ∈ L(M), L(M) = 2}. Prove that L ∉ SD by a reduc.docxL {M,s s ∈ L(M), L(M) = 2}. Prove that L ∉ SD by a reduc.docx
L {M,s s ∈ L(M), L(M) = 2}. Prove that L ∉ SD by a reduc.docx
croysierkathey
 
Sample audit plan
Sample audit planSample audit plan
Sample audit plan
Maher Manan
 

Recommended

BSA505 v4Gail Industries Case StudyBSA505 v4Page of G.docx
BSA505 v4Gail Industries Case StudyBSA505 v4Page of G.docxBSA505 v4Gail Industries Case StudyBSA505 v4Page of G.docx
BSA505 v4Gail Industries Case StudyBSA505 v4Page of G.docx
curwenmichaela
 
BSA505 v4Gail Industries Case StudyBSA505 v4Page of G.docx
BSA505 v4Gail Industries Case StudyBSA505 v4Page of G.docxBSA505 v4Gail Industries Case StudyBSA505 v4Page of G.docx
BSA505 v4Gail Industries Case StudyBSA505 v4Page of G.docx
jasoninnes20
 
Bsa505 v4 gail industries case studybsa505 v4page 2 of 14
Bsa505 v4 gail industries case studybsa505 v4page 2 of 14Bsa505 v4 gail industries case studybsa505 v4page 2 of 14
Bsa505 v4 gail industries case studybsa505 v4page 2 of 14
honey690131
 
BSA505 v4Gail Industries Case StudyBSA505 v4Page 2 of 14.docx
BSA505 v4Gail Industries Case StudyBSA505 v4Page 2 of 14.docxBSA505 v4Gail Industries Case StudyBSA505 v4Page 2 of 14.docx
BSA505 v4Gail Industries Case StudyBSA505 v4Page 2 of 14.docx
richardnorman90310
 
BSA505 v4Gail Industries Case StudyBSA505 v4Page 2 of 14.docx
BSA505 v4Gail Industries Case StudyBSA505 v4Page 2 of 14.docxBSA505 v4Gail Industries Case StudyBSA505 v4Page 2 of 14.docx
BSA505 v4Gail Industries Case StudyBSA505 v4Page 2 of 14.docx
jasoninnes20
 
BSA505 v4Gail Industries Case StudyBSA505 v4Page 2 of 14.docx
BSA505 v4Gail Industries Case StudyBSA505 v4Page 2 of 14.docxBSA505 v4Gail Industries Case StudyBSA505 v4Page 2 of 14.docx
BSA505 v4Gail Industries Case StudyBSA505 v4Page 2 of 14.docx
curwenmichaela
 
L {M,s s ∈ L(M), L(M) = 2}. Prove that L ∉ SD by a reduc.docx
L {M,s s ∈ L(M), L(M) = 2}. Prove that L ∉ SD by a reduc.docxL {M,s s ∈ L(M), L(M) = 2}. Prove that L ∉ SD by a reduc.docx
L {M,s s ∈ L(M), L(M) = 2}. Prove that L ∉ SD by a reduc.docx
croysierkathey
 
Sample audit plan
Sample audit planSample audit plan
Sample audit plan
Maher Manan
 
Accounting
AccountingAccounting
Accounting
TaseerBaloch1
 
CV_CMDB_ITAM_SACM_Anil_Kumar_S
CV_CMDB_ITAM_SACM_Anil_Kumar_SCV_CMDB_ITAM_SACM_Anil_Kumar_S
CV_CMDB_ITAM_SACM_Anil_Kumar_S
Anil Kumar S - ITIL®, LSSGB
 
EBS Answers Webinar Series - Ace your Audit: Preparing Your Oracle E-Business...
EBS Answers Webinar Series - Ace your Audit: Preparing Your Oracle E-Business...EBS Answers Webinar Series - Ace your Audit: Preparing Your Oracle E-Business...
EBS Answers Webinar Series - Ace your Audit: Preparing Your Oracle E-Business...
eprentise
 
SPM SUMMIT NESL.pdf
SPM SUMMIT NESL.pdfSPM SUMMIT NESL.pdf
SPM SUMMIT NESL.pdf
ISPMAIndia
 
CaseStudy_CCRC_July2015
CaseStudy_CCRC_July2015CaseStudy_CCRC_July2015
CaseStudy_CCRC_July2015
Richard Wilson
 
F & I Administration Processing Controls- An SSAE 16 Professionals Perspective
F & I Administration Processing Controls- An SSAE 16 Professionals PerspectiveF & I Administration Processing Controls- An SSAE 16 Professionals Perspective
F & I Administration Processing Controls- An SSAE 16 Professionals Perspective
Gary Pennington
 
02 a&a all questions
02 a&a all questions02 a&a all questions
02 a&a all questions
Muhammad Ovais
 
12order to-cash
12order to-cash12order to-cash
12order to-cash
Saurabh Kashyap
 
CV - DehghaniTelma -
CV - DehghaniTelma -CV - DehghaniTelma -
CV - DehghaniTelma -
Telma Dehghani
 
Managing Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesManaging Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust Principles
ControlCase
 
Chapter 6
Chapter 6Chapter 6
Chapter 6
Nur Dalila Zamri
 
Analysis ofAccounting.pptx
Analysis ofAccounting.pptxAnalysis ofAccounting.pptx
Analysis ofAccounting.pptx
SheenaSab1
 
CISA_WK_1.pptx
CISA_WK_1.pptxCISA_WK_1.pptx
CISA_WK_1.pptx
dotco
 
Trim HR - experts in payroll and compliance automation services
Trim HR - experts in payroll and compliance automation servicesTrim HR - experts in payroll and compliance automation services
Trim HR - experts in payroll and compliance automation services
Radhika Kokane
 
1Running Head AUDIT EVIDENCE2AUDIT EVIDENCE
1Running Head AUDIT EVIDENCE2AUDIT EVIDENCE1Running Head AUDIT EVIDENCE2AUDIT EVIDENCE
1Running Head AUDIT EVIDENCE2AUDIT EVIDENCE
kendahudson
 
1Running Head AUDIT EVIDENCE2AUDIT EVIDENCE.docx
1Running Head AUDIT EVIDENCE2AUDIT EVIDENCE.docx1Running Head AUDIT EVIDENCE2AUDIT EVIDENCE.docx
1Running Head AUDIT EVIDENCE2AUDIT EVIDENCE.docx
aulasnilda
 
1Running Head AUDIT EVIDENCE2AUDIT EVIDENCE.docx
1Running Head AUDIT EVIDENCE2AUDIT EVIDENCE.docx1Running Head AUDIT EVIDENCE2AUDIT EVIDENCE.docx
1Running Head AUDIT EVIDENCE2AUDIT EVIDENCE.docx
herminaprocter
 
Audit and Assurance
Audit and AssuranceAudit and Assurance
Audit and Assurance
MuhamadSyawal7
 
Bullzeye is a discount retailer offering a wide range of products,.docx
Bullzeye is a discount retailer offering a wide range of products,.docxBullzeye is a discount retailer offering a wide range of products,.docx
Bullzeye is a discount retailer offering a wide range of products,.docx
CruzIbarra161
 
Page 1 of 4 Bullzeye Data Breach Readiness Assessment .docx
Page 1 of 4 Bullzeye Data Breach Readiness Assessment .docxPage 1 of 4 Bullzeye Data Breach Readiness Assessment .docx
Page 1 of 4 Bullzeye Data Breach Readiness Assessment .docx
alfred4lewis58146
 
1-2paragraphsapa formatWelcome to Module 6. Divers.docx
1-2paragraphsapa formatWelcome to Module 6. Divers.docx1-2paragraphsapa formatWelcome to Module 6. Divers.docx
1-2paragraphsapa formatWelcome to Module 6. Divers.docx
jasoninnes20
 
1-Post a two-paragraph summary of the lecture;  2- Review the li.docx
1-Post a two-paragraph summary of the lecture;  2- Review the li.docx1-Post a two-paragraph summary of the lecture;  2- Review the li.docx
1-Post a two-paragraph summary of the lecture;  2- Review the li.docx
jasoninnes20
 

More Related Content

Similar to BSA520 v4Gail Industries Case StudyBSA520 v4Page 6 of 6.docx

EBS Answers Webinar Series - Ace your Audit: Preparing Your Oracle E-Business...
EBS Answers Webinar Series - Ace your Audit: Preparing Your Oracle E-Business...EBS Answers Webinar Series - Ace your Audit: Preparing Your Oracle E-Business...
EBS Answers Webinar Series - Ace your Audit: Preparing Your Oracle E-Business...
eprentise
 
CaseStudy_CCRC_July2015
CaseStudy_CCRC_July2015CaseStudy_CCRC_July2015
CaseStudy_CCRC_July2015
Richard Wilson
 
1Running Head AUDIT EVIDENCE2AUDIT EVIDENCE
1Running Head AUDIT EVIDENCE2AUDIT EVIDENCE1Running Head AUDIT EVIDENCE2AUDIT EVIDENCE
1Running Head AUDIT EVIDENCE2AUDIT EVIDENCE
kendahudson
 
1Running Head AUDIT EVIDENCE2AUDIT EVIDENCE.docx
1Running Head AUDIT EVIDENCE2AUDIT EVIDENCE.docx1Running Head AUDIT EVIDENCE2AUDIT EVIDENCE.docx
1Running Head AUDIT EVIDENCE2AUDIT EVIDENCE.docx
aulasnilda
 
1Running Head AUDIT EVIDENCE2AUDIT EVIDENCE.docx
1Running Head AUDIT EVIDENCE2AUDIT EVIDENCE.docx1Running Head AUDIT EVIDENCE2AUDIT EVIDENCE.docx
1Running Head AUDIT EVIDENCE2AUDIT EVIDENCE.docx
herminaprocter
 
Bullzeye is a discount retailer offering a wide range of products,.docx
Bullzeye is a discount retailer offering a wide range of products,.docxBullzeye is a discount retailer offering a wide range of products,.docx
Bullzeye is a discount retailer offering a wide range of products,.docx
CruzIbarra161
 
Page 1 of 4 Bullzeye Data Breach Readiness Assessment .docx
Page 1 of 4 Bullzeye Data Breach Readiness Assessment .docxPage 1 of 4 Bullzeye Data Breach Readiness Assessment .docx
Page 1 of 4 Bullzeye Data Breach Readiness Assessment .docx
alfred4lewis58146
 

Similar to BSA520 v4Gail Industries Case StudyBSA520 v4Page 6 of 6.docx (20)

Accounting
AccountingAccounting
Accounting
 
CV_CMDB_ITAM_SACM_Anil_Kumar_S
CV_CMDB_ITAM_SACM_Anil_Kumar_SCV_CMDB_ITAM_SACM_Anil_Kumar_S
CV_CMDB_ITAM_SACM_Anil_Kumar_S
 
EBS Answers Webinar Series - Ace your Audit: Preparing Your Oracle E-Business...
EBS Answers Webinar Series - Ace your Audit: Preparing Your Oracle E-Business...EBS Answers Webinar Series - Ace your Audit: Preparing Your Oracle E-Business...
EBS Answers Webinar Series - Ace your Audit: Preparing Your Oracle E-Business...
 
SPM SUMMIT NESL.pdf
SPM SUMMIT NESL.pdfSPM SUMMIT NESL.pdf
SPM SUMMIT NESL.pdf
 
CaseStudy_CCRC_July2015
CaseStudy_CCRC_July2015CaseStudy_CCRC_July2015
CaseStudy_CCRC_July2015
 
F & I Administration Processing Controls- An SSAE 16 Professionals Perspective
F & I Administration Processing Controls- An SSAE 16 Professionals PerspectiveF & I Administration Processing Controls- An SSAE 16 Professionals Perspective
F & I Administration Processing Controls- An SSAE 16 Professionals Perspective
 
02 a&a all questions
02 a&a all questions02 a&a all questions
02 a&a all questions
 
12order to-cash
12order to-cash12order to-cash
12order to-cash
 
CV - DehghaniTelma -
CV - DehghaniTelma -CV - DehghaniTelma -
CV - DehghaniTelma -
 
Managing Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesManaging Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust Principles
 
Chapter 6
Chapter 6Chapter 6
Chapter 6
 
Analysis ofAccounting.pptx
Analysis ofAccounting.pptxAnalysis ofAccounting.pptx
Analysis ofAccounting.pptx
 
CISA_WK_1.pptx
CISA_WK_1.pptxCISA_WK_1.pptx
CISA_WK_1.pptx
 
Trim HR - experts in payroll and compliance automation services
Trim HR - experts in payroll and compliance automation servicesTrim HR - experts in payroll and compliance automation services
Trim HR - experts in payroll and compliance automation services
 
1Running Head AUDIT EVIDENCE2AUDIT EVIDENCE
1Running Head AUDIT EVIDENCE2AUDIT EVIDENCE1Running Head AUDIT EVIDENCE2AUDIT EVIDENCE
1Running Head AUDIT EVIDENCE2AUDIT EVIDENCE
 
1Running Head AUDIT EVIDENCE2AUDIT EVIDENCE.docx
1Running Head AUDIT EVIDENCE2AUDIT EVIDENCE.docx1Running Head AUDIT EVIDENCE2AUDIT EVIDENCE.docx
1Running Head AUDIT EVIDENCE2AUDIT EVIDENCE.docx
 
1Running Head AUDIT EVIDENCE2AUDIT EVIDENCE.docx
1Running Head AUDIT EVIDENCE2AUDIT EVIDENCE.docx1Running Head AUDIT EVIDENCE2AUDIT EVIDENCE.docx
1Running Head AUDIT EVIDENCE2AUDIT EVIDENCE.docx
 
Audit and Assurance
Audit and AssuranceAudit and Assurance
Audit and Assurance
 
Bullzeye is a discount retailer offering a wide range of products,.docx
Bullzeye is a discount retailer offering a wide range of products,.docxBullzeye is a discount retailer offering a wide range of products,.docx
Bullzeye is a discount retailer offering a wide range of products,.docx
 
Page 1 of 4 Bullzeye Data Breach Readiness Assessment .docx
Page 1 of 4 Bullzeye Data Breach Readiness Assessment .docxPage 1 of 4 Bullzeye Data Breach Readiness Assessment .docx
Page 1 of 4 Bullzeye Data Breach Readiness Assessment .docx
 

More from jasoninnes20

1-2paragraphsapa formatWelcome to Module 6. Divers.docx
1-2paragraphsapa formatWelcome to Module 6. Divers.docx1-2paragraphsapa formatWelcome to Module 6. Divers.docx
1-2paragraphsapa formatWelcome to Module 6. Divers.docx
jasoninnes20
 
1-Identify the benefits of sharing your action research with oth.docx
1-Identify the benefits of sharing your action research with oth.docx1-Identify the benefits of sharing your action research with oth.docx
1-Identify the benefits of sharing your action research with oth.docx
jasoninnes20
 
1-Pretend that you are a new teacher.  You see that one of your st.docx
1-Pretend that you are a new teacher.  You see that one of your st.docx1-Pretend that you are a new teacher.  You see that one of your st.docx
1-Pretend that you are a new teacher.  You see that one of your st.docx
jasoninnes20
 
1- What is the difference between a multi-valued attribute and a.docx
1- What is the difference between a multi-valued attribute and a.docx1- What is the difference between a multi-valued attribute and a.docx
1- What is the difference between a multi-valued attribute and a.docx
jasoninnes20
 
1- reply to both below, no more than 75 words per each.  PSY 771.docx
1- reply to both below, no more than 75 words per each.  PSY 771.docx1- reply to both below, no more than 75 words per each.  PSY 771.docx
1- reply to both below, no more than 75 words per each.  PSY 771.docx
jasoninnes20
 
1-  I can totally see where there would be tension between.docx
1-  I can totally see where there would be tension between.docx1-  I can totally see where there would be tension between.docx
1-  I can totally see where there would be tension between.docx
jasoninnes20
 

More from jasoninnes20 (20)

1-2paragraphsapa formatWelcome to Module 6. Divers.docx
1-2paragraphsapa formatWelcome to Module 6. Divers.docx1-2paragraphsapa formatWelcome to Module 6. Divers.docx
1-2paragraphsapa formatWelcome to Module 6. Divers.docx
 
1-Post a two-paragraph summary of the lecture;  2- Review the li.docx
1-Post a two-paragraph summary of the lecture;  2- Review the li.docx1-Post a two-paragraph summary of the lecture;  2- Review the li.docx
1-Post a two-paragraph summary of the lecture;  2- Review the li.docx
 
1-What are the pros and cons of parole. Discuss!2-Discuss ways t.docx
1-What are the pros and cons of parole. Discuss!2-Discuss ways t.docx1-What are the pros and cons of parole. Discuss!2-Discuss ways t.docx
1-What are the pros and cons of parole. Discuss!2-Discuss ways t.docx
 
1-page (max) proposal including a Title, Executive Summary, Outline,.docx
1-page (max) proposal including a Title, Executive Summary, Outline,.docx1-page (max) proposal including a Title, Executive Summary, Outline,.docx
1-page (max) proposal including a Title, Executive Summary, Outline,.docx
 
1-Identify the benefits of sharing your action research with oth.docx
1-Identify the benefits of sharing your action research with oth.docx1-Identify the benefits of sharing your action research with oth.docx
1-Identify the benefits of sharing your action research with oth.docx
 
1-page APA 7 the edition No referenceDescription of Personal a.docx
1-page APA 7 the edition No referenceDescription of Personal a.docx1-page APA 7 the edition No referenceDescription of Personal a.docx
1-page APA 7 the edition No referenceDescription of Personal a.docx
 
1-Pretend that you are a new teacher.  You see that one of your st.docx
1-Pretend that you are a new teacher.  You see that one of your st.docx1-Pretend that you are a new teacher.  You see that one of your st.docx
1-Pretend that you are a new teacher.  You see that one of your st.docx
 
1- What is the difference between a multi-valued attribute and a.docx
1- What is the difference between a multi-valued attribute and a.docx1- What is the difference between a multi-valued attribute and a.docx
1- What is the difference between a multi-valued attribute and a.docx
 
1- What is a Relational Algebra What are the operators. Explain.docx
1- What is a Relational Algebra What are the operators. Explain.docx1- What is a Relational Algebra What are the operators. Explain.docx
1- What is a Relational Algebra What are the operators. Explain.docx
 
1- Watch the movie Don Quixote, which is an adaptation of Cerv.docx
1- Watch the movie Don Quixote, which is an adaptation of Cerv.docx1- Watch the movie Don Quixote, which is an adaptation of Cerv.docx
1- Watch the movie Don Quixote, which is an adaptation of Cerv.docx
 
1- reply to both below, no more than 75 words per each.  PSY 771.docx
1- reply to both below, no more than 75 words per each.  PSY 771.docx1- reply to both below, no more than 75 words per each.  PSY 771.docx
1- reply to both below, no more than 75 words per each.  PSY 771.docx
 
1- Pathogenesis 2- Organs affected in the body 3- Chain of i.docx
1- Pathogenesis 2- Organs affected in the body 3- Chain of i.docx1- Pathogenesis 2- Organs affected in the body 3- Chain of i.docx
1- Pathogenesis 2- Organs affected in the body 3- Chain of i.docx
 
1-  I can totally see where there would be tension between.docx
1-  I can totally see where there would be tension between.docx1-  I can totally see where there would be tension between.docx
1-  I can totally see where there would be tension between.docx
 
1- One of the most difficult challenges leaders face is to integrate.docx
1- One of the most difficult challenges leaders face is to integrate.docx1- One of the most difficult challenges leaders face is to integrate.docx
1- One of the most difficult challenges leaders face is to integrate.docx
 
1- Design one assignment of the Word Find (education word) and the o.docx
1- Design one assignment of the Word Find (education word) and the o.docx1- Design one assignment of the Word Find (education word) and the o.docx
1- Design one assignment of the Word Find (education word) and the o.docx
 
1- This chapter suggests that emotional intelligence is an interpers.docx
1- This chapter suggests that emotional intelligence is an interpers.docx1- This chapter suggests that emotional intelligence is an interpers.docx
1- This chapter suggests that emotional intelligence is an interpers.docx
 
1-2 pages APA format1. overall purpose of site 2. resources .docx
1-2 pages APA format1. overall purpose of site 2. resources .docx1-2 pages APA format1. overall purpose of site 2. resources .docx
1-2 pages APA format1. overall purpose of site 2. resources .docx
 
1-Define Energy.2- What is Potential energy3- What is K.docx
1-Define Energy.2- What is Potential energy3- What is K.docx1-Define Energy.2- What is Potential energy3- What is K.docx
1-Define Energy.2- What is Potential energy3- What is K.docx
 
1- Find one quote from chapter 7-9. Explain why this quote stood.docx
1- Find one quote from chapter 7-9. Explain why this quote stood.docx1- Find one quote from chapter 7-9. Explain why this quote stood.docx
1- Find one quote from chapter 7-9. Explain why this quote stood.docx
 
1-Confucianism2-ShintoChoose one of the religious system.docx
1-Confucianism2-ShintoChoose one of the religious system.docx1-Confucianism2-ShintoChoose one of the religious system.docx
1-Confucianism2-ShintoChoose one of the religious system.docx
 

Recently uploaded

Gardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterGardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch Letter
MateoGardella
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
ciinovamais
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
QucHHunhnh
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdf
Chris Hunter
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
kauryashika82
 

Recently uploaded (20)

APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Gardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterGardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch Letter
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docx
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdf
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 

BSA520 v4Gail Industries Case StudyBSA520 v4Page 6 of 6.docx

  • 1. BSA/520 v4 Gail Industries Case Study BSA/520 v4 Page 6 of 6 Gail Industries: Smallville Collections Processing Entity Case Study This case study will be used to complete your assignments throughout the course. Some sections of the case study will be necessary in multiple assignments. See the assignment instructions for specific assignment requirements.Introduction to Gail Industries Gail Industries is a partner to many Fortune 1000 companies and governments around the world. Gail Industries’ role is to manage essential aspects of their clients’ operations while interacting with and supporting the people their clients serve. They manage millions of digital transactions every day for various back office processing contracts. One of Gail Industries’ clients is the city of Smallville. Smallville, despite its name, is a metropolis seated in the heart of the nation. The city has 2.5 million residents, and the greater Smallville metropolitan area has a population of about 4 million people.Overview of the Operations of Smallville Collections Processing Entity (SCOPE) Summary of Services Provided Collections Processing The Smallville Collections Processing Entity (SCOPE) provides collections processing services to the city of Smallville. SCOPE receives tax payments, licensing fees, parking tickets, and court costs for this major municipality. The city of Smallville sends out invoices and other collections notices, and SCOPE processes payments received through the mail, through an online payment website, and through an interactive voice response (IVR) system. Payments are in the form of checks,
  • 2. debit cards, and credit cards. After processing invoices, SCOPE deposits the monies into the bank account for the city. SCOPE is responsible for ensuring the security of the mail that comes into the possession of all employees, subcontractors, and agents at its processing facility, located within Smallville. Controls and procedures for money and mail handling are established by SCOPE to ensure payments are accounted for, from the earliest point received through processing and deposit. These controls and procedures provide: 1. Assurances for proper segregation of duties 2. The design and use of satisfactory documentation to ensure proper recording of transactions 3. The safeguarding of access to and use of all assets and records 4. Independent checks on performance Payment Receipt The purpose of collections processing is to receive and process various types of payments, post the payment data to the Central Collections System (CCS), and deposit the accompanying funds in the Smallville bank account. This process includes the following types of payment receipts: · Regular mail – paper checks only · Website – credit and debit card payments; electronic checks · IVR – credit and debit card payments Mail Delivery A bonded courier picks up the payments from the United States Postal Service (USPS) facility in Smallville. SCOPE uses a subcontractor for courier services. This courier is dedicated, picking up and delivering mail only for SCOPE. This courier is also required to sign for registered, certified, and express delivery envelopes. Opening and Sorting Mail The daily success of payment processing depends on receiving
  • 3. mail quickly from the postal service, opening that mail, and properly sorting the contents for processing. Batches contain similar payment types: tax payments are processed together, court collections together, and so forth. Deposits Deposits are made daily into the Smallville bank account. Electronic payments (debit cards, credit cards, and paperless checks) are deposited through an interface between CCSys and the bank. Checks are converted to electronic debits and deposited electronically. However, those that cannot be converted to electronic form are deposited in physical form.Functional Areas of Operations Gail Industries uses the following specific functional areas of operations for SCOPE: · Contract manager – responsible for the overall management of contract deliverables of the payment processing operation, including the monitoring of financial expenditures to ensure compliance with contract budgets. · Operations manager – responsible for planning, managing, and controlling the day-to-day activities of the team that provides operational support for the business unit, including the establishment of operational objectives and work plans and delegation of assignments to subordinate managers. · Information technology (IT) manager – responsible for developing and maintaining the strategy of the future direction of IT infrastructure, including developing plans for the implementation of new IT projects and managing relationships with IT-related vendors and subcontractors. · Accounting – responsible for performing a variety of routine clerical and accounting functions within the accounting department, including daily balancing of receipts. In addition, the accountant resolves exception transactions, including charged back checks (bounced checks), forgery affidavits, and recoupment. · Call center – the city of Smallville does not have a centralized
  • 4. call center for handling questions relating to payments and invoices. It is considering adding one to the scope of services offered by Gail Industries.Information SystemsServices Gail Industries services are designed around the following tools and technologies: · Data Capture and Imaging – real-time instrument imaging and data capture—provides imaging, accountability and reporting of checks and remitted payments. · Invoice Management and Reporting – data correction and maintenance utilizing automated payment auditing and historical analysis. A browser-based application is available for internal SCOPE and Smallville staff to perform administrative functions. A separate internet-accessible payment portal allows for citizens, business owners, and others to view invoices and make payments.Processing Platforms Gail Industries currently utilizes cloud-based servers on the Amazon Web Services (AWS) platform for internet-accessible application. Data capture, imaging, and the payment processing application run on local servers in a secured computer room. Local servers run both Linux and Windows Server operating systems. Data is stored on Microsoft SQL Server to provide storage of payment, image, and balancing data. The servers supporting the CCS are housed within the server room (also known as the data center) and are managed by Gail Industries’ IT staff. The IT staff provides the following services: · Firewall management – monitoring and management of the firewall systems and networks on a 24/7/365 basis. · Network monitoring – proactive network and server monitoring services to help maximize system performance and uptime. · Data backup – data backup services for the production payment, imaging, and balancing data. · Incident management – IT incident monitoring, documentation, and resolution management.Control Objectives and Related Controls
  • 5. Note: Only select control objectives and related controls are included in the list below.Physical Security (Data Center) Control Objective 1: The controls provide reasonable assurance that physical access to computer resources within Gail Industries’ data center is restricted to authorized and appropriate personnel. To protect physical assets, management has documented and implemented physical access procedures to grant, control, monitor, and revoke access to the on-site data center. The data center requires two-factor authentication: a biometric credential via retinal eye scanner and a badge access card. Individuals requesting badge access document the request on a standardized employee management form that must be approved by departmental management. Administrative access to the badge access system is restricted to authorized IT personnel. When an employee is terminated, IT personnel revoke the badge access privileges as a component of the termination process. In addition, the IT manager performs a review of badge access privileges on a monthly basis to help ensure that terminated employees do not retain badge access. All visitors must sign a logbook and present picture ID to their escort upon entering the data center. Access is restricted to authorized IT personnel and equipment technicians. CCTV surveillance cameras are utilized throughout the facility and the data center to record activity; these images are retained for a minimum of 45 days.Physical Security (Facilities) Control Objective 2: Controls provide reasonable assurance that physical access to assets within Gail Industries’ facilities is restricted to authorized and appropriate personnel. To protect physical assets, management has documented and implemented physical access procedures to grant, control, monitor, and revoke access to the on-site facility for SCOPE. A door badge access system is employed to control access to areas within the facility (including the data center) through the use of predefined security zones. Individuals requesting badge access to the facility document the
  • 6. request on a standardized employee management form, accessible through Gail Industries’ employee on-boarding system (known as GEO). All requests must be approved by departmental management. Administrative access to the badge access system is restricted to authorized IT personnel. Upon termination (voluntary or involuntary), IT personnel revoke badge access privileges as a task in the termination process. In addition, the IT manager performs a monthly review of badge access privileges to ensure that terminated employees do not retain badge access. Both entrances into the facility are locked and are monitored by administrative personnel. The receptionist must unlock the door for visitor access. Visitors are required to ring a video doorbell and announce themselves to the receptionist. Visitors sign a logbook when entering the facility, and they are required to wear a visitor’s badge at all times. Visitors must be escorted by an authorized employee when accessing sensitive facility areas such as the mail room and server room. CCTV surveillance cameras are utilized throughout the facility and server room to record activity. Video images are retained for a minimum of 45 days.Change Management Control Objective 4: Controls provide reasonable assurance that changes to network infrastructure and system software are documented, tested, approved, and properly implemented to protect data from unauthorized changes and to support user entities’ internal control over financial reporting. Documented change management policies and procedures are in place to address change management activities. Further, there are provisions for emergency changes to the infrastructure and operating systems. Change requests are documented via a change request (CR) form. CRs include details of the change, including the change requestor, the date of the request, the change description, and change specifications. Management, through the Change Advisory Board (CAB), holds a weekly meeting to review and prioritize change requests. During this meeting, management authorizes change requests by signing off
  • 7. on the CR form. Detailed testing is performed prior to implementation of the change in test environments that are logically separated from the production environment. The CAB approves the changes prior to implementation. The ability to implement infrastructure and operating system updates to the production systems is restricted to user accounts of authorized IT personnel.Logical Security Control Objective 5: Controls provide reasonable assurance that administrative access to network infrastructure and operating system resources is restricted to authorized and appropriate users to support user entities’ internal control over financial reporting. Information security policies have been documented and are updated annually to assist personnel in the modification of access privileges to information systems and guide them in safeguarding system infrastructure, information assets, and data. Infrastructure and operating system users are authenticated via user account and password prior to being granted access. Password requirements are configured to enforce minimum password length, password expiration intervals, password complexity, password history requirements, and invalid password account lockout threshold, as documented in the IT Policies and Procedures Manual. The CCS application authenticates users through the use of individual user accounts and passwords before granting access to the applications. CCS utilizes predefined security groups for role-based access privileges. The application enforces password requirements of password minimum length, password expiration intervals, password complexity, password history, and invalid password account lockout threshold.Excerpt from IT Policies and Procedures Manual Version 1.0, 12/31/2016 Revision History Date Author
  • 8. Notes 12/31/2016 Ken Smith Version 1.0, accepted by client Overview This policy is intended to establish guidelines for effectively creating, maintaining, and protecting passwords at SCOPE. Scope This policy shall apply to all employees, contractors, and affiliates of SCOPE, and shall govern acceptable password use on all systems that connect to SCOPE network or access or store SCOPE, city of Smallville, or Gail Industries data. Policy Password Creation 1. All user and admin passwords must be at least [8] characters in length. Longer passwords and passphrases are strongly encouraged. 2. Where possible, password dictionaries should be utilized to prevent the use of common and easily cracked passwords. 3. Passwords must be completely unique, and not used for any other system, application, or personal account. 4. Default installation passwords must be changed immediately after installation is complete. Password Aging 1. User passwords must be changed every 60 days. Previously used passwords may not be reused. 2. System-level passwords must be changed on a monthly basis. Password Protection 1. Passwords must not be shared with anyone (including coworkers and supervisors), and must not be revealed or sent electronically. 2. Passwords shall not be written down or physically stored anywhere in the office. 3. When configuring password “hints,” do not hint at the format of your password (e.g., “zip + middle name”) 4. User IDs and passwords must not be stored in an unencrypted
  • 9. format. 5. User IDs and passwords must not be scripted to enable automatic login. 6. “Remember Password” feature on websites and applications should not be used. 7. All mobile devices that connect to the company network must be secured with a password and/or biometric authentication and must be configured to lock after 3 minutes of inactivity. Enforcement It is the responsibility of the end user to ensure enforcement with the policies above. If you believe your password may have been compromised, please immediately report the incident to the IT Department and change the password. Copyright© 2019 by University of Phoenix. All rights reserved. Copyright© 2019 by University of Phoenix. All rights reserved. Type a caption for your photo The highest rates of victims in Washington, D.C. include: Include 5-10 types of victims and statistics for each type Crime Victims' Bill of Rights Insert information Phone: [Telephone] Email: [Email address] Web: [Web address] Victims’ Rights and Services Above the title, insert an appropriate and engaging graphic. In this text box, Insert a few important statistics. Crime Victims’ Compensation Program Contact Us Insert information Types of Victims Note: This brochure is designed to be printed. You should test print
  • 10. on regular paper to ensure proper positioning before printing on card stock. You may need to uncheck Scale to Fit Paper in the Print dialog (in the Full Page Slides dropdown). Check your printer instructions to print double-sided pages. To change images on this slide, select a picture and delete it. Then click the Insert Picture icon in the placeholder to insert your own image. To change the logo to your own, right-click the picture “replace with LOGO” and choose Change Picture. Header Community Resources This spot would be perfect for a mission statement. You might use the right side of the page to summarize how you stand out from the crowd and use the center for a brief success story. (And be sure to pick photos that show off what your company does best. Pictures should always dress to impress.) Think a document that looks this good has to be difficult to format? Think again! The placeholders in this brochure are formatted for you. Enter your own text with just a click. “insert powerful quote about rights and/or services.” Get the exact results you want To easily customize the look of this brochure, on the Design tab of the ribbon, check out the Themes, Colors, and Fonts galleries. Have company-branded colors or fonts? No problem! The Themes, Colors, and Fonts galleries give you the option to add your own. Use a photo depicting victim resources Don’t forget to include some specifics about what you offer, and how you differ from the competition. Want to help us create change? Volunteer with us!
  • 11. Insert volunteer information Use a photo depicting volunteers Note: This brochure is designed to be printed. You should test print on regular paper to ensure proper positioning before printing on card stock. You may need to uncheck Scale to Fit Paper in the Print dialog (in the Full Page Slides dropdown). Check your printer instructions to print double-sided pages. To change images on this slide, select a picture and delete it. Then click the Insert Picture icon in the placeholder to insert your own image. To change the logo to your own, right-click the picture “replace with LOGO” and choose Change Picture.