Question

select one that would BEST prevent the system failure from occurring:

A hacker accessed the Website at Valhalla, Inc. and changed some of the graphics. Confused by these changes, some customers took their business elsewhere.

• A.

Access control software

• B.

Firewall

• C.

Personnel termination control plans

• D.

Personnel selection and hiring control plans

• E.

Continuous data protection

• F.

Rotation of duties and forced vacations

Bob Johnson, the company cashier, was known throughout the company as a workaholic. After three years on the job, Bob suddenly suffered heart problems and was incapacitated for several weeks. While he was out of the office, the treasurer temporarily assumed his duties and discovered that Bob had misappropriated several thousand dollars since he was hired.

• A.

Firewall

• B.

Personnel termination control plans

• C.

Access control software

• D.

Personnel selection and hiring control plans

• E.

Continuous data protection

• F.

Rotation of duties and forced vacations

The PCAOB's Auditing Standard No. 5 (AS5) outlines the process for "An Audit of Internal Control over Financial Reporting (ICFR) That Is Integrated with an Audit of Financial Statements."  Paragraph 24 of this document lists eight entity-level controls. Entity-level controls are comparable to the pervasive controls covered in this chapter. Match one of AS5's entity-level controls with a specific control plan below.

Entity-Level Controls from AS5

A. Access control and monitoring software.

B. Budgetary controls.

C. Report highlighting credit sales, returns, and allowances over the complete and entire reporting period, including 30 days after the close of a financial reporting period.

D. Use of control frameworks such as those provided by COSO and COBIT.

E. A report of all employees not taking required vacation days.

F. Development of a business interruption plan.

G. Program change controls.

H. Supervision.

1. Controls related to the control environment.

2. Controls over management override.

3. The company’s risk assessment process.

4. Centralized processing and controls, including shared service environments.

5. Controls to monitor the results of operations.

6. Controls to monitor other controls, including activities of the internal audit function, the audit committee and self-assessment programs.

Answer 1

1) CORRECT answer is b) Firewall - FIREWALL protect a system from unauthorised access so no hacker in future can make changes and have access to the system.

why other options are incorrect?

a) access control software is incorrect as it just manages flow of employee and guest traffic in the systeM through entry points and security.

c) Personnel termination control plans it is incorrect as it won't stop a hacker from accessing the system from remote access.

d) Personnel selection and hiring control plans again will not completely stop access in system from a hacker. So incorrect

e) Comtinuous data protection will only help in protection of data and will not stop unauthorised access. So incorrect.

f) Rotation of duties and forced vacation will only stop any fraudulent activity if being done by personnel will not prevent unauthorised access. So incorrect.

As per guidelines first question has been answered since no particular question was marked to answer.