audit: airline company
TRANSCRIPT
Alipao, Angelica
Barbin, Roselie
Dreo, Demi Joanna
Vejano, Rachell-Ann
Airlines
Company Name: Accenture Inc., Navitaire Intl. LLC
Client: Cebu Pacific Airlines
Name of the Interviewee: Angelica Berico
Position: Software Quality Assurance Engineer
Accenture is a global management consulting, technology services and outsourcing company,
with approximately 289,000 people serving clients in more than 120 countries.
Navitaire, a wholly owned subsidiary of Accenture, delivers industry-leading technology services
that enable growth, profitability and innovation to more than 70 airlines worldwide, including many of
the world’s most successful airlines. It offers a full suite of proven solutions focused on revenue
generation and streamlining costs in the areas of reservations, ancillary sales, distribution, planning,
revenue management, revenue accounting, business intelligence and operations management and
recovery.
Description of the computer information system of the company
As a technology driven organization, it is a standard to know and be up to date with industry
mandated processes, information systems and security because it helps improve our day-to-day
processes especially in our line of work, which revolves around software development and maintenance
releases. Some of the software that we use includes electronic email, Microsoft test managers, and
Microsoft Visual Studio Team Foundation Server, which helps us track all our day to day tasks instead of
using a pen of paper, therefore helps save the environment.
Portion of the business that utilize the use of the CIS
Everyone in the office uses it from badges, communications like emails and phones, to team
foundation servers that we utilize to track down all our activities. Even the usage of networks and
internet to deliver our client's needs.
Did the entity develop its own CIS? If not, what separate company did?
As a business solutions provider the company develop airline systems to help improve and
utilize revenues. Also, the company partners and buys licensed products from other business solution
companies.
GENERAL CONTROLS are those control policies and procedures that relate to the overall computer
information system. This affects multiple application systems (payroll, accounts payable and accounts
receivable).
1. Organizational and Operations Controls
All departments use CIS since everything has their own accounts, deliverables and its kind of
services that needs to be addressed.
Information that it usually process includes tasks, revenue accounting, communications and
software development related.
The IT department is allowed to provide input data transactions.
There is a clear assignment of authority and responsibility in the IT department.
The entity has a large IT department and to maintain orderliness, data privacy and integrity from
our clients, tasks are assigned to different employees.
Systems analyst and programmers use the programs they developed.
Computer operators who run the program participate in program design.
2. Systems development and documentation controls
Triage teams, project managers, business analysts, developers, quality assurance and most
importantly the client approve the development and changes in the software, all have their
opinion on the changes.
The changes or specifications are written and documented for each system.
The user departments ask for changes in the program and they participate in the testing of the
program.
3. Hardware and Systems Software Control
Computer hardware, operating system and other supporting software are controlled and
monitored by the IT department.
To detect and prevent equipment failures, the company values the saying, "Plan Ahead, Be
Ahead, Plan BCM" so they always have the risk and strategies planned beforehand. For example:
the use of UPS (an external power supply) to make sure business is not interrupted even in
power interruptions.
4. Access controls
Access to the computers and the program depends on what are allowed and set by the IT.
Unauthorized persons can’t have physical contact with the computers, they are only allowed to
enter until the receiving area.
Programs require usernames and passwords.
The password is required to be changed often. If the employee feels that the password is
compromised, he/she must change it immediately.
4. Data recovery controls
The entity has back-up files in case of loss of data and is secured off-site and within the entity
itself.
The files copied to tapes/disks for back-up for every transaction.
5. Monitoring controls
The CIS evaluated for its adequacy and effectiveness every month.
The evaluation and monitoring of the adequacy and effectiveness of the overall CIS operations
are performed by the internal and external inspectors, and certification programs set by the
industry.
APPLICATION CONTROLS are those policies and procedures that relate to specific use of the system.
The company develops the New Skies Airline reservation system that is widely used by carriers
around the world. The business function it performs includes all airline industry carrier needs; said
functions include, but are not limited to: scheduling, airport operations, booking, GDS messaging, fares,
and revenue accounting.
1. Controls over input
The company aims to create an industry and a production like environment especially in
developing and creating systems. To prevent inaccurate or incomplete data entry, validation
controls are recommended.
Some transactions require higher authority before it is processed and there are transactions that
only specific employees are allowed to process.
2. Controls over processing
The program detects errors in the processing of transactions through different validation
controls and conditions set in the system codes. These controls and conditions are based on
industry standards and client business scenarios.
3. Controls over output
The program normally produces outputs for bookings, revenue reports, ledgers, board passes.
The only people who are authorized to receive such outputs are the ones directly assigned in
each functionality.
Other user departments are allowed to receive the output data of other user departments
The output data is checked for accurateness and completeness.