- Fashion and Beauty»
Swarovski Security Controls
Swarovski, an Austrian owned private Company founded in 1895, is the largest producer of cut crystals and gemstones. It has a diverse variety of products from watches, bracelets, necklaces, rings, earrings to goblets, photo frames, ceramics, vases, and figurines, which all integrate their crystals in them and can bring a sense of tangible please on a daily basis.
Swarovski has been employing auditors (Internal and external auditor) to do the following:
- Plan, execute and report operational and financial audit assignments
- Influence the control culture across the entire organization by promoting good practices, sharing knowledge and supporting special projects such as, risk and control specialist
- Develop effective approaches and solutions to monitor and reinforce the control environment across the company
Objective of Controls
- Input data is accurate, complete, authorized, and correct.
- Data is processed as intended in an acceptable time period.
- Data stored is accurate and complete.
- Output is accurate and complete.
- A record is maintained to track the process of data from input to storage and to eventual output.
Information/Documents that exist in Swarovski Company
Swarovski has membership policies that record all personal data about any new member that joins into their customer program known as Swarovski Crystal Society (SCS). Below is the information about Swarovski and we will identify in which level of security they belong to.
SCS saves obligatory data about members such as title, name, address, email-address, bank details and purchase history. The central customer database is managed under data protection law and the required security measures in terms of collecting and manipulating raw data to convert them into a meaningful data.
Internal Use Only
Swarovski may also disclose the personal Data of a SCS member to all participating stores, whether operated by Swarovski or any sales partner or other authorized specialist dealer. Swarovski guarantees the protection and correct handling of all personal data of the SCS member, and only discloses the personal data for the purpose of running the SCS program and for the purpose of a seamless and better service of the SCS member.
The Member acknowledges that Swarovski may merge or enrich any of the members’ personal data given in the past or the future to Swarovski or any of the Swarovski Group Companies in order to serve the SCS better. Members may contact Swarovski at any time as stated above in order to update, correct, complete or delete their saved personal data.
The SCS program entitles the SCS members for exclusive benefits. Swarovski will communicate membership exclusive benefits on a regular basis via a communication channel at Swarovski’s sole discretion. The list of benefits is always available in any participating store or online.
Swarovski accounting information is used by internal and external users.
Top secret - Internal Users
- Management: for analyzing the organization's performance and position and taking appropriate measures to improve the company results.
- Employees: for assessing company's profitability and its consequence on their future remuneration and job security.
- Owners: for analyzing the viability and profitability of their investment and determining any future course of action.
Public - External Users
- Creditors: for determining the credit worthiness of the organization. Terms of credit are set by creditors according to the assessment of their customers' financial health. Creditors include suppliers as well as lenders of finance such as banks.
- Tax Authorities: for determining the credibility of the tax returns filed on behalf of the company.
- Customers: for assessing the financial position of its suppliers which is necessary for them to maintain a stable source of supply in the long term.
Data integrity refers to the accuracy and consistency of data stored in a database. Data integrity maintains information exactly as it was inputted into the database and is auditable to affirm its reliability. Data Integrity helps measure the rate of detected errors.
When Swarovski records its data into their database, they make sure to maintain the accuracy of the data entered by applying proper computer login and password, access controls file locks, computer backups for audit trails and disaster planning. Not all of the employees have access to master data files, except the owners, since any employee can try to violate their system, change any price value of any product. So we need to perform a detective control to analyze if any value has been changed. If any salesman/saleswoman or any other third party individual tries to steal confidential information about any future plans to improve the business that only the owner should have access to, this can prove to be very dangerous to the company’s profit and status.
At Swarovski, all employees have a specific work. For example, one is responsible only for checking availability of product in stock; another is responsible to create billing reports and so on. If an employee tries to access unauthorized sections of the system by typing incorrect passwords, this is recorded into the audit trail. Hence, we can easily detect any fraudulent act.
Swarovski is equipped with security cameras to track down any third party individual entering the premises. They have specific locks in their database room where not anyone can get access to. Also, they have physical controls over cash, checks, signature plates, and inventory in order to prevent errors before proceeding to next step. Their system has data validation set ups that makes sure that the user has entered accurate data into the database in order to prevent any future mistakes when using those data. Their system is also protected against viruses and any hacking attempts using firewalls that make sure that their data remains safe.
Corrective controls are actions taken to reverse the effects of errors detected in the previous step. Corrective control provides solutions to all problems detected and corrects the problem identified. Modifications in their system are a must if they find their system to be no more up to the standard and are not reliable to prevent errors.
At the management level, an internal user, any employee analyses the profitability trend of the company and can relate that the company’s profit is going down. They shift to a contingency plan so as to correct what is not working as in the past.
Back up of data is vital to the company as there can be:
- Computer crashes that will make the company suffer from severe data loss.
- Virus infection that can corrupt their database and files and disable the system.
- Hard drive failure can cause severe months or years of irreplaceable data files.
- Theft of data: Computers are always prone to thieves or hackers. So, it is very important to secure all data from sudden loss. Administrators and managers have to back up data in case of malicious data access. Therefore, saving the data in some other location than Swarovski system is the right decision. Use of a Virtual Private Network (VPN) over which all data will be saved and employees can get access to information through any device because it is online and not physically on the same local area network.
All controls only provide a reasonable assurance that control objectives will be fulfilled. The corrective controls ensure correctness after detection of errors or irregularities; however, it does not guarantee the detection of all irregularities.
Were you aware of this before?
© 2017 Ashish Dadgaa