In: Accounting
select one that would BEST prevent the system failure from occurring:
A hacker accessed the Website at Valhalla, Inc. and changed some of the graphics. Confused by these changes, some customers took their business elsewhere.
Access control software
Firewall
Personnel termination control plans
Personnel selection and hiring control plans
Continuous data protection
Rotation of duties and forced vacations
Bob Johnson, the company cashier, was known throughout the company as a workaholic. After three years on the job, Bob suddenly suffered heart problems and was incapacitated for several weeks. While he was out of the office, the treasurer temporarily assumed his duties and discovered that Bob had misappropriated several thousand dollars since he was hired.
Firewall
Personnel termination control plans
Access control software
Personnel selection and hiring control plans
Continuous data protection
Rotation of duties and forced vacations
The PCAOB's Auditing Standard No. 5 (AS5) outlines the process for "An Audit of Internal Control over Financial Reporting (ICFR) That Is Integrated with an Audit of Financial Statements." Paragraph 24 of this document lists eight entity-level controls. Entity-level controls are comparable to the pervasive controls covered in this chapter. Match one of AS5's entity-level controls with a specific control plan below.
Entity-Level Controls from AS5
A. Access control and monitoring software. |
B. Budgetary controls. |
C. Report highlighting credit sales, returns, and allowances over the complete and entire reporting period, including 30 days after the close of a financial reporting period. |
D. Use of control frameworks such as those provided by COSO and COBIT. |
E. A report of all employees not taking required vacation days. |
F. Development of a business interruption plan. |
G. Program change controls. |
H. Supervision. |
1. Controls related to the control environment. |
2. Controls over management override. |
3. The company’s risk assessment process. |
4. Centralized processing and controls, including shared service environments. |
5. Controls to monitor the results of operations. |
6. Controls to monitor other controls, including activities of the internal audit function, the audit committee and self-assessment programs. |
1) CORRECT answer is b) Firewall - FIREWALL protect a system
from unauthorised access so no hacker in future can make changes
and have access to the system.
why other options are incorrect?
a) access control software is incorrect as it just manages flow of employee and guest traffic in the systeM through entry points and security.
c) Personnel termination control plans it is incorrect as it won't stop a hacker from accessing the system from remote access.
d) Personnel selection and hiring control plans again will not completely stop access in system from a hacker. So incorrect
e) Comtinuous data protection will only help in protection of data and will not stop unauthorised access. So incorrect.
f) Rotation of duties and forced vacation will only stop any
fraudulent activity if being done by personnel will not prevent
unauthorised access. So incorrect.
As per guidelines first question has been answered since no
particular question was marked to answer.