cima strategic case study core activity e: pixlwizz
TRANSCRIPT
CIMA
Strategic Case Study
Core Activity E: Pixlwizz
© HTFT Partnership – Pixlwizz Core Activity Pack E 2
Contents
Core Activity E: Recommend and maintain a sound control environment ................................................ 4
Task 49: to be added ..................................................................................................................................... 5
Task 50: Internal audit investigation ............................................................................................................. 6
Task 51: Corporate governance .................................................................................................................... 7
Task 52: Importance of committees ............................................................................................................. 8
Task 53: Internal audit independence ........................................................................................................... 9
Task 54: Internal audit review ..................................................................................................................... 10
Task 55: Internal Audit Planning ................................................................................................................. 12
Task 56: Amendment to operations............................................................................................................ 13
Task 57: Playable characters ....................................................................................................................... 15
Task 58: Data Breach and Poor Governance ............................................................................................... 17
© HTFT Partnership – Pixlwizz Core Activity Pack E 3
Disclaimer
The Study Materials are for educational purposes only. HTFT Partnership Limited will not accept any responsibility to
any party for the use of these Study Materials for any purpose other than for educational purposes, including but not
limited to the giving of advice by you to any third party.
Intellectual Property
At all times, HTFT Partnership Limited and/or its licensors, remain the owner of the intellectual property in the Study
Materials. No Study Materials or any part of them may be reproduced, stored in a retrieval system, or transmitted in
any form or by any means without the prior written permission of HTFT Partnership Limited.
In consideration of receipt by HTFT Partnership Limited of the Fee, HTFT Partnership Limited grants to you a non-
exclusive, non-transferable licence to use the Study Materials strictly for your own educational purposes only.
You may not modify, copy, reproduce, re-publish, sub-licence, sell, upload, broadcast, post, transmit, make available,
disseminate, or distribute in any way any of the Study Materials.
Use of the Study Materials not expressly permitted in these Terms is strictly prohibited and will constitute an
infringement of either HTFT Partnership Limited’s copyright or HTFT Partnership Limited's other intellectual property
rights, and/or the copyright or other intellectual property rights of HTFT Partnership Limited's licensors.
© HTFT Partnership – Pixlwizz Core Activity Pack E 4
Core Activity E: Recommend and maintain a sound control environment
Assessment Outcomes
AO E1: I can apply internal audit resources
AO E2: I can recommend appropriate controls and evaluate the implications of compliance failures
AO E3: I can recommend responses to the threats arising from poor governance
© HTFT Partnership – Pixlwizz Core Activity Pack E 5
Task 49: to be added
To be added
© HTFT Partnership – Pixlwizz Core Activity Pack E 6
Task 50: Internal audit investigation
Maria Tektonidou asks you to join her in her office:
“I have printed an extract from the Board minutes. I need your advice:
Can you please analyse whether it would be appropriate to have the internal audit department
investigate whether the fraud that was reported was an isolated incident?”
[sub-task (a) = 30%]
P3 C3
The attachment referred to can be found by clicking the Reference Materials button.
Reference Material
Extract from Board minutes
Afifi provided the Board with an update in relation to a fraud undertaken by two customer service
executives. Gamers are able to collect VIP points for consistent play and purchases across Pixlwizz’s
range of games, VIP points can also be awarded to players by customer services for unsatisfactory
experiences when playing one of Pixlwizz’s games.
The VIP points can be used on discounts on future purchases, exclusive sets and items on Pixlwizz’s VIP
store or even get tickets to events and experiences like the Jakob Plunge Magenta launch event.
If a complaint is received from a gamer the customer services team are supposed to investigate and
after a period of 21 days if we are unable to rectify the problem VIP points may be awarded to the
gamers account as a goodwill gesture.
It has been noted that a member of staff within the customer service department has been logging
fake customer complaints under bogus gaming accounts and then a second manager within customer
services after 21 days has been approving a points credit to the bogus gamer. Then the staff have used
the bogus gamer accounts to obtain goods from the VIP store worth a significant monetary value.
At present we are unsure how many bogus gamer accounts have been created and complaints logged
against them.
The two staff members have been dismissed for attempted fraud.
© HTFT Partnership – Pixlwizz Core Activity Pack E 7
Task 51: Corporate governance
Today is the 1 November 2021 and you receive the following email:
From: Maria Tektonidou,
To: Senior Manager
Subject: Corporate Governance
Hi
Pixlwizz was founded in 1986 and is listed on the Westland’s stock market. As such it does need to
comply with Westland’s Corporate Code of Governance.
Can you please analyse the current board structure of Pixlwizz and recommend changes or
improvements which will help Pixlwizz comply with good corporate governance codes?
[sub-task (a) = 30%]
Maria Tektonidou
Chief Finance Officer
Pixlwizz
P3 B3
© HTFT Partnership – Pixlwizz Core Activity Pack E 8
Task 52: Importance of committees
It is the 1 November 2021, and you receive the following email from Maria Tektonidou, Chief Finance
Officer:
From: Maria Tektonidou,
To: Senior Manager
Subject: Importance of Committees
Hi
We haven’t reviewed our committee structure since it was implemented prior to the company listing
on the Westland Stock Exchange. Which is a long time ago now.
I would like to sit on the audit committee, only Anna Bredstrom has finance experience, but she
retired from her role as finance director of a major quoted electronics company years ago, you are
talking over 7 years ago. I think that my up-to-date financial skills and experience would really help the
work of the audit committee.
Before I propose this to the Board, I need your help with the following:
Firstly, please identify the purpose of an audit committee and would it be appropriate for me to sit on
the audit committee?
Secondly, we have all the required committees needed for good corporate governance. But there has
been some talk lately of allowing executive directors onto the Pixlwizz’s committees as members. The
Board would happily introduce executive directors to the committees if it was appropriate. Please
could you identify and explain the purpose and composition of any committees that can have
executive directors under best practice corporate governance.
[sub-task (a) = 50%]
Maria Tektonidou
Chief Finance Officer
Pixlwizz
P3 B3
© HTFT Partnership – Pixlwizz Core Activity Pack E 9
Task 53: Internal audit independence
Today is the 1 November 2021 and you receive the following email from Maria Tektonidou, Chief
Finance Officer:
From: Maria Tektonidou,
To: Senior Manager
Subject: Internal Audit and Independence
Hi
We do not have a separate internal audit department sometimes I get the financial controller
(Marianne Shar) to undertake audit reports for the Audit Committee. Marianne is very skilled; her
audit reports are detailed, and I really trust the work she does for me.
In addition to performing the odd internal audit report for us she is a key individual within Pixlwizz’s
Accounting and finance function managing the team and preparing financial statements. She also
sometimes goes on holiday with Sandra (my sister). They were at school together and have always
really enjoyed each other’s company.
At a recent board meeting one of the non-executive directors expressed concerns. The non-executive
director suggested that anyone performing internal audits should be independent, we should have a
separate team focusing on internal audit and that I should not be using finance personnel to conduct
audit investigations. I felt he went a bit overboard to be honest as Marianne’s reports are good, she
had prior auditing experience and her IFRS knowledge is fantastic.
Please could you identify the main purpose of an internal audit department and discuss the main
independence issues that arise in relation to Marianne performing both internal audit work /
preparing financial statements?
[sub-task (a) = 55%]
Maria Tektonidou
Chief Finance Officer
Pixlwizz
P3 C3
© HTFT Partnership – Pixlwizz Core Activity Pack E 10
Task 54: Internal audit review
Today is the 1 November 2021 and Maria Tektonidou, Chief Finance Officer stops by your workspace:
“‘This internal audit review arrived today. Carrie, the chief internal auditor, sent this to the Board.
Needless to say, the Board is concerned about the implications for Pixlwizz.
We did not anticipate that the controls would be quite as weak in relation to basic functions such as
employee retention and recruitment!
Firstly, please could you recommend, with reasons, the internal controls that we could implement at
Pixlwizz to mitigate the risk identified.
Secondly, I would like you to explain the difficulties that Pixlwizz’s internal audit department might
face if they investigated further the compliance with appropriate standards and procedures of HR due
diligence carried out on new employees.”
[sub-task (a) = 50%]
P3 C3
The attachment referred to can be found by clicking on the Reference Materials button.
© HTFT Partnership – Pixlwizz Core Activity Pack E 11
Reference Material
Internal audit review into Pixlwizz’s Employee Management and Recruitment Processes
From: James Junior
To: Carrie Johnson (Chief Internal Auditor)
Sent: 1 November 2021
Subject: Internal audit review
Dear Carrie
The Audit committee provided approval for the internal audit team to investigate the full recruitment
process within Pixlwizz. This was mainly because Pixlwizz is reliant on the development of exciting new
games and there was concern about the access that our employees have to commercially sensitive
data.
The investigation was carried out last month. The investigation included ensuring receipt of all
references from any previous employer, evidencing, and updating the criminal records of potential
and current employees, and obtaining assurances that employment conditions are adhered to
annually. This is a summary of my review of the controls in place at Pixlwizz relating to the employee
management and HR recruitment process.
1. Controls are strong in relation to formal authorisation of a new employee joining Pixlwizz.
Strong authorisation controls mean that we do not have any specific concerns about
operational managers and HR starting to recruit for specific roles required by Pixlwizz.
2. In a sample of 500 employees across all 4 offices with access to commercially sensitive
information like game development, 50 employee files had no formal evidence of background
checks being completed prior to recruitment. No formal identity was obtained for these 50
employees. Neither were previous employment references obtained or criminal records
checked. This increases the risk of unsuitable personnel being employed at one of Pixlwizz’s
offices and ultimately increases the risk of fraud, hacking of our sensitive data or cybercrime
against us or one of our partners.
© HTFT Partnership – Pixlwizz Core Activity Pack E 12
Task 55: Internal Audit Planning
It is the 1 November 2021, and you receive the following email from Maria Tektonidou, Chief Finance
Officer:
From: Maria Tektonidou
To: Senior Manager
Subject: Internal audit planning
Hi
As you know we have a total of 4 offices within the Pixlwizz Group, all our operations are heavily
dependent on IT systems for financial recordings to systems that ensure we capture our talented
creative staffs new ideas to create new forms of gameplay. We have access to millions of gamers
personal identifiable information and payment details, as well as employee data. The risk committee
of Pixlwizz have just informed me that they have identified a significant risk relating to gamer’s
sensitive data stored in our database.
Significant and adequate controls are in place to prevent hackers or other external parties from
accessing the records that are on Pixlwizz’s system but the controls relating to staff are far weaker.
The risk committee are concerned that a disgruntled or dishonest member of staff could access the
system, obtain confidential data, and use this data maliciously. For example: they could sell one of our
latest game ideas to our direct competitors like Prantain.
The Chief Internal Auditor has been made aware of this. It is being added to the internal audit plan for
the year and they will carry out detailed audit testing to establish the extent of the risk, and the
adequacy of the internal controls that are in place to reduce this risk. I would like to understand more
about the process of internal audit testing.
Please explain how Pixlwizz’s Internal Audit Department should plan and then carry out an audit
investigation to identify the specific risk of a member of staff obtaining and using confidential data in a
dishonest way.
[sub-task (a) = 55%]
Many thanks
Maria
Chief Finance Officer
Pixlwizz
P3 C3
© HTFT Partnership – Pixlwizz Core Activity Pack E 13
Task 56: Amendment to operations
It is the 1 November 2021, and you receive the following email from Maria Tektonidou, Chief Finance
Officer:
From: Maria Tektonidou
To: Senior Manager
Subject: Amendment to operations
Hi
As you will be aware we are always looking for new and innovative ways to use automation and
technology to boost productivity and efficiency within Pixlwizz.
Over time, robots will be introduced into roles that are specific to business functions, such as admin
roles, customer services and human resources They can even handle speaking in 20+ languages. The
idea will be to automate more manual and repetitive tasks will eliminate some existing jobs but could
also enable some workers to focus on higher value, more rewarding and creative work, removing the
monotony from their day jobs.
Robots can also be trained to carry out security checks, they have high definition digital cameras and
are able to use mobile face recognition. It can alert and transmit data back to the police if it believes
there has been a breach of security at one of Pixlwizz’s sites.
Safety-wise, the project team has been conducting many tests on robot safety using standards
practices and protocols and consequently improved the robot’s hardware and software to ensure the
robot was safe to be deployed in a human-populated environment. In addition, throughout all testing
a human operator was present with a remote emergency button enabling them to shut the robot
down instantly, if necessary.
Please, recommend with reasons, whether the risk committee should evaluate the results of this trial
before deciding whether Robots should be implemented to all of Pixlwizz’s offices.
[sub-task (a) = 30%]
Many thanks
Maria
Chief Finance Officer
Pixlwizz
P3 B3
© HTFT Partnership – Pixlwizz Core Activity Pack E 14
Reference Material
Northland Telegraph
Redundancies imminent as robots replace Pixlwizz
Employees
Pixlwizz, the Game creator plan to replace a large percentage of their 5,100 staff with robots, the company have already started using them to undertake roles within the organisation and they can even act like spy cams, secretly recording and analysing visitors without their awareness. The robots will also be doing security patrols and have the ability to taser any on site occupants if they feel they are acting suspiciously. Staff and visitors will have little choice but to interact with these fake humans, otherwise they risk the chance of stung. Some visitors have already complained about the use of Robots around Northland Office, stating they felt anxious the whole time they were there and scarred to come “face to face” with one of these things. Staff are now extremely concerned for their job security, and their ability to put food on the table. A spokesperson for Pixlwizz admitted that this would hopefully enable them to directly reduce their staff costs and increase profitability.
© HTFT Partnership – Pixlwizz Core Activity Pack E 15
Task 57: Playable characters
It is the 1 November 2021, and you receive the following email from Maria Tektonidou, Chief Finance
Officer:
From: Maria Tektonidou
To: Senior Manager
Subject: Loss of compromising data
Hi,
I have forward you an article that went online this morning. Needless to say, it has caused a great deal
of embarrassment for Pixlwizz’s Board, significantly upset staff and morale is at an all-time low. The
story distorts the facts. As you know, the Board want to ensure we attract and retain top talent, so
have agreed for a project team to investigate pay inequality within Pixlwizz.
The tablet computer belongs to Zhiwu Chen, Pixlwizz’s Chief Commercial Officer, who had been
travelling on business with me late last week. We had a series of meetings lined up over two days in
relation to how we can put a robust approach in place to measure jobs and salaries to diagnose,
understand and address salary variance in our workforce.
We stayed and ate in Hotel Harvard for the two nights we were away. The tablet is his own personal
property. He uploaded some files and emails to it before travelling out of town for this business
meeting and the tablet was not in his briefcase when he got home, leaving him unsure whether it had
been stolen or whether he had left it somewhere over the course of the business trip.
Pixlwizz’s CEO has reminded me that we have a strictly ‘zero tolerance’ rule concerning data security
and has warned me that Zhiwu may face dismissal.
Please, recommend stating reasons, the controls that Pixlwizz could put in place to prevent a
recurrence of this loss of compromising data.
[sub-task (a) = 40%]
Many thanks
Maria
Chief Finance Officer
Pixlwizz
P3 D2
The attachment referred to can be found by clicking on the Reference Materials button.
© HTFT Partnership – Pixlwizz Core Activity Pack E 16
Reference Material
Westland Telegraph Pixlwizz playing at equality
Westland Telegraph have come into possession of a tablet
computer that contains confidential records in relation to Pixlwizz’s 5,100 staff remuneration. The
tablet computer was found abandoned in a bar in Westland’s Hotel Harvard. The machine was found
by an unnamed member of the public who left it with the Westland Telegraph reception desk.
Westland Telegraph’s Business Correspondent reviewed the files and concluded that Pixlwizz has
significant pay inequality amongst all its workers, especially amongst staff involved in the creation of a
video game.
Imagine the boost to company morale when everyone knows they are being paid fairly regardless of
age or gender or how brazen they are during salary negotiations. Pixlwizz pride themselves on being a
place where talented people wish to work and publicising how they rely on cooperation between all
workers across all levels to continue to be successful. SO why not pay ALL workers fairly?!
Hopefully shining a spotlight on Pixlwizz’s pay discrepancies will spur on some action!!
© HTFT Partnership – Pixlwizz Core Activity Pack E 17
Task 58: Data Breach and Poor Governance
Five hours later, Maria Tektonidou returns from the Board meeting that was called to discuss the
possible data breach. He asks you to join him in his office and hands you a document:
“I have brought you an extract from the minutes of this morning’s Board meeting. I need you to draft a
paper for me that I can take to the next Board meeting that evaluates the possible criticism that the
data breach arose because of poor governance by the Board”
[sub-task (a) = 45%]
P3 B3
The attachment referred to can be found by clicking on the Reference Materials button.
Reference Material
Extract from emergency Board meeting
Kevin Kneen, Head of IT, updated the Board.
To meet the changing dynamic of game play, a number of years ago Pixlwizz created their own
online marketplace which can be accessed through the Pixlwizz website, the marketplace allows
gamers to cloud play but also download the latest games direct to their PC / Laptop. It has now
been confirmed that 100 million gamer accounts were accessed this morning. It is unusual for
there to be more than 800,000 players online at any point in a given day, the maximum number of
players we have had is 2 million and this was just after the new release of Jakob Plunge. It seems
that the hackers, tried to force the gamers to update their personal details, prompting them to
provide their credit card details.
Access to gamer accounts was suspended immediately after the Head of IT Security suspected
that there had been a data breach.
Our customer relations department is currently drafting an email that will be sent to each of the
gamers who accounts were accessed. It will warn them that their personal data may have been
accessed including their full name, postal address, email, date of birth and credit card number. The
email will also advise them to seek advice from their bank if they had input their three digit
validation number into the fake website. Pixlwizz do not keep a record of the validation number, so
it cannot be obtained by breaching gamer accounts.
The Board debated how to respond and have decided to email all users to warn them that there
have been some “IT problems” and advise them that Pixlwizz’s website which they gain access to
game play and downloads through would never ask for personal information such as credit card
validation numbers.