Assignment - Year 3 (Semester 1 - January) ENGLISH FOR WORKPLACE COMMUNICATION OUMH2203

To:                   The CEO

From:               Asterina Sapphire, Manager of Information and Technology

Date:               28 January 2013

Subject:           Installing Electronic Auditing Procedures To Monitor The Computer Use

of Employee

Nowadays, several of our competitors have installed electronic auditing procedures to monitor the computer use of employees. Thus, as manager of information and technology I am responsible to investigate this trend. Electronic auditing is computer-assisted auditing that uses electronic records to complete all or part of the audit. If we use a computer to record our business activity and maintain this data electronically, we are a candidate for an electronic audit.

To do this, we use a combination of purchased and custom-designed software to perform electronic data conversion and analysis. Electronic auditing uses various audit techniques including electronic detail auditing and sampling. It is common to use more than one technique in the same audit. For example, sales and purchases of fixed assets could be audited using the electronic detail technique, while expenses could be audited using a sampling method. Then, when performing an electronic audit, it may be possible to review every transaction in a file, eliminating the need for sampling. If we can perform a detail audit within the same amount of time as a sample, a detail audit will be performed.

Meanwhile, sampling involves taking a segment of a much larger group or population and making a conclusion about the population based on the sample results. Generally, a sample can be conducted much faster than a detail audit and is, therefore, less costly for you and the organization.

For your info sir, purpose why are other companies doing this because the list can be designed to record the various activities in the levels of systems, applications, and users. If implemented correctly, provide an audit trail of control detection is important to help realize the goals of security policy. The audit trail usually consists of two types of audit data that is typed on each detailed listing and list-oriented events.

In this procedure, electronic auditing can detects unauthorized access to the system in real-time or after the event. The main purpose of detection to penetrate the control system. In  reconstruction of events, analysis of the audit can be used to reconstruct the various stages that can lead to a variety of events such as system failures, security offenders by someone.

In my opinion, I think we should doing electronic auditing procedure in our organization. This because, electronic auditing often offers additional functionality such as the ability to perform sample selections or to assist in the detection of fraud.  Audit samples can quickly be drawn using a variety of sampling techniques, such as random selection, fixed interval or conditional sampling. The ability to assist in fraud detection may be accomplished in various ways. For instance, it can search the data set for unusual biases such as excessive expense reimbursement requests that are just below the thresholds that require a manager's approval. Or the data may be searched for patterns of fraud based on Benford's Law which is the mathematical theory relating to the normal distribution of digits in a series of numbers. The software will detect and identify unusual numerical patterns so they can be investigated.

Electronic auditing also offers many advantages but there are also some issues to be addressed before the techniques can be implemented.  The first step is to decide what tests should be performed. Whether we are searching for fraud or performing audit tests based on risk assessment, we will need to determine what information should be tested and what data elements we will need to complete the tests.  Some test ideas might be to compare vendor addresses with employee addresses or to search for unusually high OT or bonuses in the payroll data.  The test options are only limited by the information available to our understanding of the data.

Next, we will need to consider how to get the information and how to get it into the software. This is where electronic auditing software offers some additional benefits such as the ability to read many different file types allowing the software to use information from many different kinds of systems. Some of these programs also provide “wizard” utilities to assist us through the import process.

With this, our employees will not have to consider this thing is an invasion of their privacy because electronic auditing can increase personal accountability. The audit trail can be used to monitor user activity on the lowest level of detail. This capability is a preventive control that can be used to influence behavior.

In instituting our employees monitoring system, there are a lot advantages and disadvantages. However, each of these things has its own explanation.  First advantage is Higher Employee Productivity which discourage employee from surfing the internet for personal purpose such as paying their bills through internet banking, surfing social network website such as Facebook, Twitter and etc.

In addition, it also can Increase in Security. Any kind of viruses or malware could severely disrupt a business's day to day activities. This could become detrimental to productivity and have a knock on effect on profits. By monitoring employee internet use and ensuring only business surfing is carried out this significantly reduces the risk of an employee browsing to an infected website. The cost of having an internet monitoring solution setup would be far less than dealing with a major disruption due to a virus infection.

Next is proper internet use. The majority of employees will never abuse internet privileges but as with anything there will always be someone who will abuse the freedom. With an internet monitoring system we can ensure that the internet connection is only used for business activities. We can ensure that none of the staff will use the internet to go to adult websites (porn). And we can also ensure that the staff won't download any unnecessary staff such as movies, clips, songs and etc.

And the last advantage from electronic auditing is it can protection from legal issues. It can protection from legal issues. This is because many companies nowadays  implement employees computer monitoring policies simply because they want to protect themselves from potentially expensive lawsuits and legal problems. According to the Texas Workforce Commission, companies can be held liable for employee misuse of company email, such as threats of violence or any type of harassment. In some extreme cases, the employer may be included as a liable party if an employee uses the company computer to view and send child pornography or other illegal materials. Beside, protection from Information theft (hacked by hackers) will protect our organization and its employees from theft of confidential or private information including trademarked and copyrighted materials.

On the other hand, disadvantage from electronic auditing are employee morale which is the benefits of internet monitoring are pretty obvious but what's not so obvious is the dent in staff morale. Employee who were always loyal, productive and actively working hard may suffer from a blow to self-esteem. They may feel that their bosses don't have any trust in them to do their job. Low employee morale always causes a decrease in productivity and this can outweigh all the benefits of internet monitoring.

Meanwhile, second disadvantage for doing electronic auditing in our organization is privacy. As a result of internet monitoring many employees will feels like their privacy is being violated and let's face-it no one likes to be watched. It would obviously be quicker for an employee to carry out online banking at lunchtime rather than go down to the bank and have to wait in a queue. Employees may feel uneasy about carrying out their online banking if they knew their connection was being monitored.

However, the third disadvantages of implementing employee computer monitoring programs I mean  doing electronic auditing in our organization can create a tense work environment. Some employees may feel as if the management team doesn't trust them and this can lead to job dissatisfaction and turnover. Most young workers are so accustomed to the different Internet tools, they may be discouraged from working for a company that blocks them from certain websites or prohibits any type of non-work-related computer activities.

Next is devious employees. An employee surveillance system can sometimes lull you into a false sense of security. When you have active surveillance, you automatically assume that you have all of the necessary angles covered. Employees that want to defeat your monitoring system can find methods that you may have missed when you installed the system. Employees with expertise tend to tries to breach (hack) the security policy applied in the office just to test their skills and try the security level of the security policy.

Lastly is expense. Making use of an employee surveillance program requires additional staff members to monitor the surveillance and watch for significant events. There is also the additional expense of the equipment necessary to do surveillance, the software needed to integrate surveillance in with the computer network and the cost of ongoing maintenance and upgrades to our monitoring materials.  As our company expands so will the need for more surveillance to keep up with new staff members and additional company locations.

From the above, Employees should have the right to privacy, yet at the same time they should respect the workplace and not abuse the Internet for personal purposes. There are many offices that do still allow liberal policies, but their employees also realize that they cannot spend their day surfing the web and neglecting their jobs; it is a privilege that should not be abused. Respect goes both ways.

The bottom line is the computers and networks they are connected to are company property, so when it comes to rights, it is the company's right to make this decision. The workplace is an environment to work if employees are worried about their electronic privacy with all the technology available today they can do their personal business off hours.

There are clearly many pros and cons for using internet monitoring. Many companies go for other options such as filtering solution rather than monitoring. By using filtering software in the internet connection, certain types of websites are permanently blocked and certain are only block during office hours. This option is much less obtrusive and will often be easier to implement as staff won't feel that their privacy is being invaded.

Fairness is also a big issue. For example, I am not a smoker. There are other people that work under certain employer are smokers. Given the number of smoke breaks those heavy smokers take a day, estimated that time to add up to as much as 30-40 minutes per day, spent outside and away from their desks and phone. With other that is not a smoker, is it fair to them that they don't get that extra time in breaks? If they are surfing the web, they are still at their desk able to answer the phone. That's better than not being there at all. What about employees spending time talking on personal cell phones and sending text messages? Many phones also have Internet access on them, but how would you monitor that?

Another thing to consider in regard to monitoring employees is who gets the task of actually doing the monitoring. It will require work from the IT department or whoever does the computers to set up logs for keeping track of web usage. If you want some kind of keylogging software installed, this also requires extra work. Does this job go to department managers? If so, what if that department manager is part of the problem? How high up the corporate ladder do you have to place this monitor in order to make it fair? Many factors must be considered before jumping into a heavy handed monitoring policy.

And for your reference sir, you might have heard about keyloggers but really don’t know what they are reading this article will clear your mind. A keylogger also know as keystroke logger is software or hardware device which monitors each and every key typed by you on your keyboard. You cannot identify the presence of keylogger on your computer since it runs in background and also it is not listed in task manager or control panel. It can be used by company owner to spy on their employes.

In other word, Keylogger is  an ‘Access Control Software’. It enables us to control, restrict and record access and usage of  our organization PC. We can prevent the use of specific programs, block access to certain websites, restrict access to Windows functions and more. In addition to access control, Keylogger can also record all user activities including keystrokes, websites visits, applications ran, chats and more.

Keylogger runs hidden in the background to Spy on our Windows PC. It helps users secretly record keystrokes, reveal passwords, track websites, monitor applications or files and take screenshots and more. All the logs will be automatically sent to email box by users. Keylogger assists us to keep track of what is happening on our computer. The invisible Keylogger enables us to secretly track the keystrokes, Passwords (Website passwords, Facebook passwords, Yahoo passwords, Google mail passwords, Game passwords, World of Warcraft passwords, Skype passwords, AIM passwords) and many more website and application passwords from all computer users and automatically receive logs by email.

Keylogger is also professional in blocking websites and applications as a parental control tool. Adding the keywords of the website category or the launch file of an application to the Blacklist of the filter built into Keylogger, users are able to easily block all sorts of websites and programs. There are two types of keylogger hardware keylogger and software keylogger. Software keylogger is install in our organization’s computer where as a Hardware keylogger is attached to the keyboard.

Meanwhile, keylogger is a hardware device or a software program that records the real time activity of a computer user including the keyboard keys they press.

Keyloggers are used in IT organizations to troubleshoot technical problems with computers and business networks. Keyloggers can also be used by a family or business to monitor the network usage of people without their direct knowledge. Finally, malicious individuals may use keyloggers on public computers to steal passwords or credit card information.

Some keylogger software is freely available on the Internet, while others are commercial or private applications. Most keyloggers allow not only keyboard keystrokes to be captured but also are often capable of collecting screen captures from the computer. Normal keylogging programs store their data on the local hard drive but some are programmed to automatically transmit data over the network to a remote computer or Web server.

Keyloggers are sometimes part of malware packages downloaded onto computers without the owners' knowledge. Detecting the presence of a keylogger on a computer can be difficult. So-called anti-keylogging programs have been developed to thwart keylogging systems and these are often effective when used properly.

In my opinion, I think a carefully worded Internet usage policy combined with a strict punishment system is better than constantly keeping tabs on your employees. Having actually worked in a ‘Big Brother’ type environment, I can personally attest to the attitude it creates among employees and the way it contributes to the company's rather high turnover rate. If employees are spending too much time on the Internet, then I would first consider that a management issue. If those employees are playing on the web because they have too much free time then Internet usage may not be your only problem.

(2593 Words)