Question

In: Accounting

discuss about further into COBIT and the 3 types on controls: preventative, detective and corrective.

discuss about further into COBIT and the 3 types on controls: preventative, detective and corrective.

Solutions

Expert Solution

COBIT:

COBIT stands for Control Objectives for Information and Related Technology.

It is a set of best practices for Information Technology management developed by ISACA (Information Systems Audit & Control Association).

It provides good practices in Governance, and management to address the critical business issues.

It is a set of Globally accepted principles, practices,analytical tools and models that can be customized for enterprises of all sizes, industries and geographies.

It helps enterprises to create optimal value from the information and technology.

Objectives:

1) Increased Value creation from use of IT

2) User satisfaction with IT engagement and services

3) Reduced IT related risks and compliance with laws, regulations and contractual requirements

4) Development of more business focused IT Solutions and services

5) Increased enterprise wide involvement in IT related activities.

3 types of controls:

1) Preventive Controls:

The inputs which are designed to prevent an error, omission or malicious act from occurring.

Example: Use of passwords

2) Detective Controls:

The inputs which are designed to detect errors, omissions or malicious acts that occur and report the occurrence.

Example: Cash Counts and Bank Reconciliation

3) Corrective Controls:

The inputs which are designed to reduce the impact or correct an error once it has been detected.

Example: Investigate Budget Variance


Related Solutions

For each of these classes, there are four types of controls: Preventive (Deterrent) Detective Corrective (Recovery)...
For each of these classes, there are four types of controls: Preventive (Deterrent) Detective Corrective (Recovery) Compensating Please assign the correct Class of Security Control and Type of Control that match with the Security Control Listed below. It might be possible that multiple control classes or Control types could be an answer. It could also be None. Security Control Control Class: A-Administration) T-Technical P Physical) Control Type P – Preventive D – Detective CR –Corrective CM-Compensating Security Awareness Training Firewall...
Describe the difference between preventative and detective controls and discuss the strengths and weaknesses of each.
Describe the difference between preventative and detective controls and discuss the strengths and weaknesses of each.
What preventative and detective controls can be put in place to prevent scandals like the Wells...
What preventative and detective controls can be put in place to prevent scandals like the Wells Fargo scandal from happening again?
discuss on COSO and COBIT frameworks for Internal controls
discuss on COSO and COBIT frameworks for Internal controls
How would you define the differences between preventative, detective, and responsive controls? What are some examples...
How would you define the differences between preventative, detective, and responsive controls? What are some examples of each? Can these different controls overlap or are they independent of each other working as security layers and risk control?
Question: Which preventive, detective, and/or corrective controls would best mitigate the following threats? An employee’s laptop...
Question: Which preventive, detective, and/or corrective controls would best mitigate the following threats? An employee’s laptop was stolen at the airport. The laptop contained personal information about the company’s customers that could potentially be used to commit identity theft. A salesperson successfully logged into the payroll system by guessing the payroll supervisor’s password. A criminal remotely accessed a sensitive database using the authentication credentials (user ID and strong password) of an IT manager. At the time the attack occurred, the...
Which preventive, detective, and/or corrective controls would best mitigate the follow- ing threats? An employee’s laptop...
Which preventive, detective, and/or corrective controls would best mitigate the follow- ing threats? An employee’s laptop was stolen at the airport. The laptop contained personal in- formation about the company’s customers that could potentially be used to commit identity theft. A salesperson successfully logged into the payroll system by guessing the payroll supervisor’s password. Acriminalremotelyaccessedasensitivedatabaseusingtheauthenticationcredentials (user ID and strong password) of an IT manager. At the time the attack occurred, the IT manager was logged into the system at his...
In Chapter 7, we discussed the differences between preventive, detective, and corrective controls. Chapters 8-10 offer...
In Chapter 7, we discussed the differences between preventive, detective, and corrective controls. Chapters 8-10 offer specific types of controls within those categories over information security, confidentiality, privacy, processing integrity, and availability. Think about controls that you have encountered in your own life (personal, professional, within organizational memberships, etc.). Note that at the time, you may or may not have realized that the answer to “why is this done?” was that a control was being implemented: a control over operations,...
A number of controls further define treatment of risk discuss these controls
A number of controls further define treatment of risk discuss these controls
We can classify a company's control procedures into three major types: preventive controls, detective controls, and...
We can classify a company's control procedures into three major types: preventive controls, detective controls, and corrective controls. What is the difference between prventive controls, detective controls and corrective controls?
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT