1. Determine if the ITGC listed is a preventive or a detective and corrective control. ITGC...
Fantastic news! We've Found the answer you've been seeking!
Question:
Transcribed Image Text:
1. Determine if the ITGC listed is a preventive or a detective and corrective control. ITGC Changes to the IT application are tested by business and (or) IT users, as appropriate, prior to the move into production. The programs in the test environment (including tools to move the programs into the test environment) are accessible only by a limited number of authorized, appropriate people who don't have development responsibilities. The date and time stamp of the programs in the test environment are compared with the earliest user acceptance testing approval date and time prior to the move of the programs to the production environment to determine that no changes were made to the programs after testing. After changes are implemented, management periodically reviews changes to the IT application to validate that they were tested and approved prior to being moved to production. Changes to key configurations are logged and the log is reviewed by knowledgeable people who cannot change the configurations being monitored Password settings are appropriate for the environment and level of risk. Passwords and other key security settings are verified quarterly for appropriate settings as defined by the policy. Access rights no longer needed by users who are leaving the entity's employ or who have changed job responsibilities are ended timely based on notification from HR or the user's supervisor or manager. Logs of the activities of people with access that created segregation- of-duties concerns are reviewed by knowledgeable people who do not have such access, or the changes are matched to approvals. Preventive or detective and corrective ITGC Changes to the data made by users other than the IT application or IT application users are logged and compared with the requests and approvals for those changes by people without the access to make such changes. Programs and data are written to backup media at least weekly and stored in a physical location separate from the production equipment. IT personnel monitor the execution of the job schedule and take actions appropriate for the issues that arise. 2. For each identified ITGC risk, indicate if the risk is an access, change or operations risk and which ITGCS would mitigate the risk. ITGC risk Any unauthorized access to data, including data master files Direct data changes made by IT personnel, even with authorization Failure to make requested changes to IT programs or systems Hardware or software issues result in the loss of data or inability to accurately process data Inadequate user authentication and security settings, including password management Issues with IT programs that cannot process through to completion are not addressed or are addressed incorrectly. including Inappropriate manual intervention Preventive or detective and corrective Type of risk (access, change, operations) ITGC to mitigate the risk ITGC risk Personnel with access beyond what is necessary Reliance on faulty IT programs or systems Type of risk (access, change, operations) ITGC to mitigate the risk 1. Determine if the ITGC listed is a preventive or a detective and corrective control. ITGC Changes to the IT application are tested by business and (or) IT users, as appropriate, prior to the move into production. The programs in the test environment (including tools to move the programs into the test environment) are accessible only by a limited number of authorized, appropriate people who don't have development responsibilities. The date and time stamp of the programs in the test environment are compared with the earliest user acceptance testing approval date and time prior to the move of the programs to the production environment to determine that no changes were made to the programs after testing. After changes are implemented, management periodically reviews changes to the IT application to validate that they were tested and approved prior to being moved to production. Changes to key configurations are logged and the log is reviewed by knowledgeable people who cannot change the configurations being monitored Password settings are appropriate for the environment and level of risk. Passwords and other key security settings are verified quarterly for appropriate settings as defined by the policy. Access rights no longer needed by users who are leaving the entity's employ or who have changed job responsibilities are ended timely based on notification from HR or the user's supervisor or manager. Logs of the activities of people with access that created segregation- of-duties concerns are reviewed by knowledgeable people who do not have such access, or the changes are matched to approvals. Preventive or detective and corrective ITGC Changes to the data made by users other than the IT application or IT application users are logged and compared with the requests and approvals for those changes by people without the access to make such changes. Programs and data are written to backup media at least weekly and stored in a physical location separate from the production equipment. IT personnel monitor the execution of the job schedule and take actions appropriate for the issues that arise. 2. For each identified ITGC risk, indicate if the risk is an access, change or operations risk and which ITGCS would mitigate the risk. ITGC risk Any unauthorized access to data, including data master files Direct data changes made by IT personnel, even with authorization Failure to make requested changes to IT programs or systems Hardware or software issues result in the loss of data or inability to accurately process data Inadequate user authentication and security settings, including password management Issues with IT programs that cannot process through to completion are not addressed or are addressed incorrectly. including Inappropriate manual intervention Preventive or detective and corrective Type of risk (access, change, operations) ITGC to mitigate the risk ITGC risk Personnel with access beyond what is necessary Reliance on faulty IT programs or systems Type of risk (access, change, operations) ITGC to mitigate the risk
Expert Answer:
Answer rating: 100% (QA)
Answer First the necessary response 1 manage the process of transformation 2 ... View the full answer
Related Book For
Auditing and Assurance Services
ISBN: 978-0077862343
6th edition
Authors: Timothy Louwers, Robert Ramsay, David Sinason, Jerry Straws
Posted Date:
Students also viewed these general management questions
-
A risk management program must be implemented and periodically monitored to be effective. This step requires the preparation of a risk management policy statement. The cooperation of other...
-
In many industrial production processes, measurements are made periodically on critical characteristics to ensure that the process is operating properly. Observations vary from item to item being...
-
A password may become known to other users in a variety of ways. Is there a simple method for detecting that such an event has occurred? Explain your answer.
-
A strain relaxation test and a creep test are being conducted on a mouse Achilles tendon. If a strain of \epsi 0 = 60% is applied in the strain relaxation test and a stress of \ sigma 0 = 1 MPa is...
-
Barney Googal owns a garage and is contemplating purchasing a tire retreading machine for $12,820. After estimating costs and revenues, Barney projects a net cash inflow from the retreading machine...
-
What is the difference between the public interest and public choice theory of regulation?
-
List the differences among market order, limit order, and stop order.
-
Wilco Corporation has the following account balances at December 31, 2010. Prepare Wilco's December 31, 2010, stockholders' equitysection. Common stock, $5 par value Treasury stock Retained earnings...
-
Example 1: Jolly Travel Agency specializes in flights between Toronto and Jamaica. It books passengers on Milton Air. Jolly's fixed costs are $21,000 per month. Milton Air charges passengers $1,200...
-
Realist, Inc. (Realist), was a Delaware corporation with its principal place of business in Wisconsin. In March 1988, Royal Business Group, Inc. (Royal), a New Hampshire corporation, acquired 8...
-
Discuss the strategies that are useful in developing a portfolio. What role does cash play in a well-constructed portfolio? Are you happy with your portfolio? If not, what steps do you need to take...
-
What basic set of factors must a firm consider when selecting a location for a production facility?
-
What basic factors must be addressed when managing international service operations?
-
How do each of the basic business strategies (differentiation, cost leadership, and focus) relate to operations management?
-
How are a firms strategy and operations management interrelated?
-
Why is it important for organizations to control productivity?
-
Based on the Dec 1, 2008 Selected Ground Handling Charges, Canada document from Air Canada, what would the additional charges be for shipment b. above (300 kg package from Montreal to Regina)? Assume...
-
Drainee purchases direct materials each month. Its payment history shows that 65% is paid in the month of purchase with the remaining balance paid the month after purchase. Prepare a cash payment...
-
What are some of the ratios that can be used in preliminary analytical procedures?
-
Orange is a public entity whose shares are traded on a national exchange. A Public Company Accounting Oversight Board inspection revealed a deficiency in audits conducted by Oranges auditor, LeGrow....
-
Which of the following statements best describes auditors responsibility for detecting a clients noncompliance with a law or regulation? a. The responsibility for detecting noncompliance exactly...
-
What are the differences between a firms physical assets and its intellectual assets?
-
In the Kessler International survey, what percentage of employees steal from their employers? a. 42% b. 51% c. 56% d. 79% e. None of the above
-
Consult your university course catalog(s) and put together a list of courses outside the ac- counting curriculum that you believe would help create a well-rounded forensic education.
Study smarter with the SolutionInn App