CIMA Strategic Case Study Core Activity E: Pixlwizz

CIMA

Strategic Case Study

Core Activity E: Pixlwizz

© HTFT Partnership – Pixlwizz Core Activity Pack E 2

Contents

Core Activity E: Recommend and maintain a sound control environment ................................................ 4

Task 49: to be added ..................................................................................................................................... 5

Task 50: Internal audit investigation ............................................................................................................. 6

Task 51: Corporate governance .................................................................................................................... 7

Task 52: Importance of committees ............................................................................................................. 8

Task 53: Internal audit independence ........................................................................................................... 9

Task 54: Internal audit review ..................................................................................................................... 10

Task 55: Internal Audit Planning ................................................................................................................. 12

Task 56: Amendment to operations............................................................................................................ 13

Task 57: Playable characters ....................................................................................................................... 15

Task 58: Data Breach and Poor Governance ............................................................................................... 17


Disclaimer

The Study Materials are for educational purposes only. HTFT Partnership Limited will not accept any responsibility to

any party for the use of these Study Materials for any purpose other than for educational purposes, including but not

limited to the giving of advice by you to any third party.

Intellectual Property

At all times, HTFT Partnership Limited and/or its licensors, remain the owner of the intellectual property in the Study

Materials. No Study Materials or any part of them may be reproduced, stored in a retrieval system, or transmitted in

any form or by any means without the prior written permission of HTFT Partnership Limited.

In consideration of receipt by HTFT Partnership Limited of the Fee, HTFT Partnership Limited grants to you a non-

exclusive, non-transferable licence to use the Study Materials strictly for your own educational purposes only.

You may not modify, copy, reproduce, re-publish, sub-licence, sell, upload, broadcast, post, transmit, make available,

disseminate, or distribute in any way any of the Study Materials.

Use of the Study Materials not expressly permitted in these Terms is strictly prohibited and will constitute an

infringement of either HTFT Partnership Limited’s copyright or HTFT Partnership Limited's other intellectual property

rights, and/or the copyright or other intellectual property rights of HTFT Partnership Limited's licensors.


Core Activity E: Recommend and maintain a sound control environment

Assessment Outcomes

AO E1: I can apply internal audit resources

AO E2: I can recommend appropriate controls and evaluate the implications of compliance failures

AO E3: I can recommend responses to the threats arising from poor governance


Task 49: to be added

To be added


Task 50: Internal audit investigation

Maria Tektonidou asks you to join her in her office:

“I have printed an extract from the Board minutes. I need your advice:

Can you please analyse whether it would be appropriate to have the internal audit department

investigate whether the fraud that was reported was an isolated incident?”

[sub-task (a) = 30%]

P3 C3

The attachment referred to can be found by clicking the Reference Materials button.

Reference Material

Extract from Board minutes

Afifi provided the Board with an update in relation to a fraud undertaken by two customer service

executives. Gamers are able to collect VIP points for consistent play and purchases across Pixlwizz’s

range of games, VIP points can also be awarded to players by customer services for unsatisfactory

experiences when playing one of Pixlwizz’s games.

The VIP points can be used on discounts on future purchases, exclusive sets and items on Pixlwizz’s VIP

store or even get tickets to events and experiences like the Jakob Plunge Magenta launch event.

If a complaint is received from a gamer the customer services team are supposed to investigate and

after a period of 21 days if we are unable to rectify the problem VIP points may be awarded to the

gamers account as a goodwill gesture.

It has been noted that a member of staff within the customer service department has been logging

fake customer complaints under bogus gaming accounts and then a second manager within customer

services after 21 days has been approving a points credit to the bogus gamer. Then the staff have used

the bogus gamer accounts to obtain goods from the VIP store worth a significant monetary value.

At present we are unsure how many bogus gamer accounts have been created and complaints logged

against them.

The two staff members have been dismissed for attempted fraud.


Task 51: Corporate governance

Today is the 1 November 2021 and you receive the following email:

From: Maria Tektonidou,

To: Senior Manager

Subject: Corporate Governance

Hi

Pixlwizz was founded in 1986 and is listed on the Westland’s stock market. As such it does need to

comply with Westland’s Corporate Code of Governance.

Can you please analyse the current board structure of Pixlwizz and recommend changes or

improvements which will help Pixlwizz comply with good corporate governance codes?


Maria Tektonidou

Chief Finance Officer

Pixlwizz

P3 B3


Task 52: Importance of committees

It is the 1 November 2021, and you receive the following email from Maria Tektonidou, Chief Finance

Officer:


To: Senior Manager

Subject: Importance of Committees

Hi

We haven’t reviewed our committee structure since it was implemented prior to the company listing

on the Westland Stock Exchange. Which is a long time ago now.

I would like to sit on the audit committee, only Anna Bredstrom has finance experience, but she

retired from her role as finance director of a major quoted electronics company years ago, you are

talking over 7 years ago. I think that my up-to-date financial skills and experience would really help the

work of the audit committee.

Before I propose this to the Board, I need your help with the following:

Firstly, please identify the purpose of an audit committee and would it be appropriate for me to sit on

the audit committee?

Secondly, we have all the required committees needed for good corporate governance. But there has

been some talk lately of allowing executive directors onto the Pixlwizz’s committees as members. The

Board would happily introduce executive directors to the committees if it was appropriate. Please

could you identify and explain the purpose and composition of any committees that can have

executive directors under best practice corporate governance.


Maria Tektonidou


Pixlwizz

P3 B3


Task 53: Internal audit independence

Today is the 1 November 2021 and you receive the following email from Maria Tektonidou, Chief

Finance Officer:


To: Senior Manager

Subject: Internal Audit and Independence

Hi

We do not have a separate internal audit department sometimes I get the financial controller

(Marianne Shar) to undertake audit reports for the Audit Committee. Marianne is very skilled; her

audit reports are detailed, and I really trust the work she does for me.

In addition to performing the odd internal audit report for us she is a key individual within Pixlwizz’s

Accounting and finance function managing the team and preparing financial statements. She also

sometimes goes on holiday with Sandra (my sister). They were at school together and have always

really enjoyed each other’s company.

At a recent board meeting one of the non-executive directors expressed concerns. The non-executive

director suggested that anyone performing internal audits should be independent, we should have a

separate team focusing on internal audit and that I should not be using finance personnel to conduct

audit investigations. I felt he went a bit overboard to be honest as Marianne’s reports are good, she

had prior auditing experience and her IFRS knowledge is fantastic.

Please could you identify the main purpose of an internal audit department and discuss the main

independence issues that arise in relation to Marianne performing both internal audit work /

preparing financial statements?


Maria Tektonidou


Pixlwizz

P3 C3


Task 54: Internal audit review

Today is the 1 November 2021 and Maria Tektonidou, Chief Finance Officer stops by your workspace:

“‘This internal audit review arrived today. Carrie, the chief internal auditor, sent this to the Board.

Needless to say, the Board is concerned about the implications for Pixlwizz.

We did not anticipate that the controls would be quite as weak in relation to basic functions such as

employee retention and recruitment!

Firstly, please could you recommend, with reasons, the internal controls that we could implement at

Pixlwizz to mitigate the risk identified.

Secondly, I would like you to explain the difficulties that Pixlwizz’s internal audit department might

face if they investigated further the compliance with appropriate standards and procedures of HR due

diligence carried out on new employees.”


P3 C3

The attachment referred to can be found by clicking on the Reference Materials button.


Reference Material

Internal audit review into Pixlwizz’s Employee Management and Recruitment Processes

From: James Junior

To: Carrie Johnson (Chief Internal Auditor)

Sent: 1 November 2021

Subject: Internal audit review

Dear Carrie

The Audit committee provided approval for the internal audit team to investigate the full recruitment

process within Pixlwizz. This was mainly because Pixlwizz is reliant on the development of exciting new

games and there was concern about the access that our employees have to commercially sensitive

data.

The investigation was carried out last month. The investigation included ensuring receipt of all

references from any previous employer, evidencing, and updating the criminal records of potential

and current employees, and obtaining assurances that employment conditions are adhered to

annually. This is a summary of my review of the controls in place at Pixlwizz relating to the employee

management and HR recruitment process.

1. Controls are strong in relation to formal authorisation of a new employee joining Pixlwizz.

Strong authorisation controls mean that we do not have any specific concerns about

operational managers and HR starting to recruit for specific roles required by Pixlwizz.

2. In a sample of 500 employees across all 4 offices with access to commercially sensitive

information like game development, 50 employee files had no formal evidence of background

checks being completed prior to recruitment. No formal identity was obtained for these 50

employees. Neither were previous employment references obtained or criminal records

checked. This increases the risk of unsuitable personnel being employed at one of Pixlwizz’s

offices and ultimately increases the risk of fraud, hacking of our sensitive data or cybercrime

against us or one of our partners.


Task 55: Internal Audit Planning


Officer:

From: Maria Tektonidou

To: Senior Manager

Subject: Internal audit planning

Hi

As you know we have a total of 4 offices within the Pixlwizz Group, all our operations are heavily

dependent on IT systems for financial recordings to systems that ensure we capture our talented

creative staffs new ideas to create new forms of gameplay. We have access to millions of gamers

personal identifiable information and payment details, as well as employee data. The risk committee

of Pixlwizz have just informed me that they have identified a significant risk relating to gamer’s

sensitive data stored in our database.

Significant and adequate controls are in place to prevent hackers or other external parties from

accessing the records that are on Pixlwizz’s system but the controls relating to staff are far weaker.

The risk committee are concerned that a disgruntled or dishonest member of staff could access the

system, obtain confidential data, and use this data maliciously. For example: they could sell one of our

latest game ideas to our direct competitors like Prantain.

The Chief Internal Auditor has been made aware of this. It is being added to the internal audit plan for

the year and they will carry out detailed audit testing to establish the extent of the risk, and the

adequacy of the internal controls that are in place to reduce this risk. I would like to understand more

about the process of internal audit testing.

Please explain how Pixlwizz’s Internal Audit Department should plan and then carry out an audit

investigation to identify the specific risk of a member of staff obtaining and using confidential data in a

dishonest way.


Many thanks

Maria


Pixlwizz

P3 C3


Task 56: Amendment to operations


Officer:


To: Senior Manager

Subject: Amendment to operations

Hi

As you will be aware we are always looking for new and innovative ways to use automation and

technology to boost productivity and efficiency within Pixlwizz.

Over time, robots will be introduced into roles that are specific to business functions, such as admin

roles, customer services and human resources They can even handle speaking in 20+ languages. The

idea will be to automate more manual and repetitive tasks will eliminate some existing jobs but could

also enable some workers to focus on higher value, more rewarding and creative work, removing the

monotony from their day jobs.

Robots can also be trained to carry out security checks, they have high definition digital cameras and

are able to use mobile face recognition. It can alert and transmit data back to the police if it believes

there has been a breach of security at one of Pixlwizz’s sites.

Safety-wise, the project team has been conducting many tests on robot safety using standards

practices and protocols and consequently improved the robot’s hardware and software to ensure the

robot was safe to be deployed in a human-populated environment. In addition, throughout all testing

a human operator was present with a remote emergency button enabling them to shut the robot

down instantly, if necessary.

Please, recommend with reasons, whether the risk committee should evaluate the results of this trial

before deciding whether Robots should be implemented to all of Pixlwizz’s offices.


Many thanks

Maria


Pixlwizz

P3 B3


Reference Material

Northland Telegraph

Redundancies imminent as robots replace Pixlwizz

Employees

Pixlwizz, the Game creator plan to replace a large percentage of their 5,100 staff with robots, the company have already started using them to undertake roles within the organisation and they can even act like spy cams, secretly recording and analysing visitors without their awareness. The robots will also be doing security patrols and have the ability to taser any on site occupants if they feel they are acting suspiciously. Staff and visitors will have little choice but to interact with these fake humans, otherwise they risk the chance of stung. Some visitors have already complained about the use of Robots around Northland Office, stating they felt anxious the whole time they were there and scarred to come “face to face” with one of these things. Staff are now extremely concerned for their job security, and their ability to put food on the table. A spokesperson for Pixlwizz admitted that this would hopefully enable them to directly reduce their staff costs and increase profitability.


Task 57: Playable characters


Officer:


To: Senior Manager

Subject: Loss of compromising data

Hi,

I have forward you an article that went online this morning. Needless to say, it has caused a great deal

of embarrassment for Pixlwizz’s Board, significantly upset staff and morale is at an all-time low. The

story distorts the facts. As you know, the Board want to ensure we attract and retain top talent, so

have agreed for a project team to investigate pay inequality within Pixlwizz.

The tablet computer belongs to Zhiwu Chen, Pixlwizz’s Chief Commercial Officer, who had been

travelling on business with me late last week. We had a series of meetings lined up over two days in

relation to how we can put a robust approach in place to measure jobs and salaries to diagnose,

understand and address salary variance in our workforce.

We stayed and ate in Hotel Harvard for the two nights we were away. The tablet is his own personal

property. He uploaded some files and emails to it before travelling out of town for this business

meeting and the tablet was not in his briefcase when he got home, leaving him unsure whether it had

been stolen or whether he had left it somewhere over the course of the business trip.

Pixlwizz’s CEO has reminded me that we have a strictly ‘zero tolerance’ rule concerning data security

and has warned me that Zhiwu may face dismissal.

Please, recommend stating reasons, the controls that Pixlwizz could put in place to prevent a

recurrence of this loss of compromising data.


Many thanks

Maria


Pixlwizz

P3 D2



Reference Material

Westland Telegraph Pixlwizz playing at equality

Westland Telegraph have come into possession of a tablet

computer that contains confidential records in relation to Pixlwizz’s 5,100 staff remuneration. The

tablet computer was found abandoned in a bar in Westland’s Hotel Harvard. The machine was found

by an unnamed member of the public who left it with the Westland Telegraph reception desk.

Westland Telegraph’s Business Correspondent reviewed the files and concluded that Pixlwizz has

significant pay inequality amongst all its workers, especially amongst staff involved in the creation of a

video game.

Imagine the boost to company morale when everyone knows they are being paid fairly regardless of

age or gender or how brazen they are during salary negotiations. Pixlwizz pride themselves on being a

place where talented people wish to work and publicising how they rely on cooperation between all

workers across all levels to continue to be successful. SO why not pay ALL workers fairly?!

Hopefully shining a spotlight on Pixlwizz’s pay discrepancies will spur on some action!!


Task 58: Data Breach and Poor Governance

Five hours later, Maria Tektonidou returns from the Board meeting that was called to discuss the

possible data breach. He asks you to join him in his office and hands you a document:

“I have brought you an extract from the minutes of this morning’s Board meeting. I need you to draft a

paper for me that I can take to the next Board meeting that evaluates the possible criticism that the

data breach arose because of poor governance by the Board”


P3 B3


Reference Material

Extract from emergency Board meeting

Kevin Kneen, Head of IT, updated the Board.

To meet the changing dynamic of game play, a number of years ago Pixlwizz created their own

online marketplace which can be accessed through the Pixlwizz website, the marketplace allows

gamers to cloud play but also download the latest games direct to their PC / Laptop. It has now

been confirmed that 100 million gamer accounts were accessed this morning. It is unusual for

there to be more than 800,000 players online at any point in a given day, the maximum number of

players we have had is 2 million and this was just after the new release of Jakob Plunge. It seems

that the hackers, tried to force the gamers to update their personal details, prompting them to

provide their credit card details.

Access to gamer accounts was suspended immediately after the Head of IT Security suspected

that there had been a data breach.

Our customer relations department is currently drafting an email that will be sent to each of the

gamers who accounts were accessed. It will warn them that their personal data may have been

accessed including their full name, postal address, email, date of birth and credit card number. The

email will also advise them to seek advice from their bank if they had input their three digit

validation number into the fake website. Pixlwizz do not keep a record of the validation number, so

it cannot be obtained by breaching gamer accounts.

The Board debated how to respond and have decided to email all users to warn them that there

have been some “IT problems” and advise them that Pixlwizz’s website which they gain access to

game play and downloads through would never ask for personal information such as credit card

validation numbers.

Date post:	18-Dec-2021
Category:	Documents
Upload:	others
View:	19 times
Download:	1 times

CIMA Strategic Case Study Core Activity E: Pixlwizz

Documents