Smith, a certified public accounting firm, was engaged to audit the financial statements of the Sky-is-the-Limit company. The company has its own IT installation. While obtaining an understanding of internal control, Smith found that Sky-is-the-Limit lacked proper segregation of the programming and operating functions. Smith analyzed the internal control surrounding the system to ensure that the corporate governance was being maintained, and he concluded that the existing compensating general control activities provided reasonable assurance that the objectives of internal control were being met.
Prepare a letter addressed to the board of directors that discusses the following:
- How is the separation of the programming and operating functions accomplished in a properly functioning IT environment?
- Explain the 3 subdivisions of information systems management, and discuss how they apply to this situation.