All auditors and most accountants should have a solid understanding of IT systems, including hardware, communication networks, software, databases and other infrastructure elements, in order to assess basic IT risks and controls.

Generally, IT controls can be grouped into 2 major areas; IT general controls and application controls. Application (such as Accounts Receivable, Accounts Payable, Payroll, Inventory, etc) controls can be further broken down into 3 major areas: input, processing and output controls. IT general controls are controls activities performed within the IT organization or the technology that IT supports in order for the applications to function. This grouping concept is similar to the entity-wide vs process-level controls discussed in prior weeks.

Both IT General Controls and Application Controls, are as follows:

1. The lack of availability to an organization's IT system can have significant impact; thus, organizations typically have an IT Disaster Recovery plan (IT general control) for such situations.

Give a real life example of a situation where a company has had such an "IT disaster" and discuss the following:

• a. General description of the IT disaster, including scope of the problem, impact to its operations and corrective actions.
• b. What are the key obstacle(s) or challenge(s) for a company to have an effective IT Disaster b.Recovery Plan?

2. Choose at least two (2) other major or significant IT risks to discuss, including the following elements:

• a. Specific nature of the IT risk , whether it's an application or general IT control and a discussion of its likelihood and significance of the risk.
• b. Is this IT risk more a technical or human issue or both? Please provide reasoning.
• c. Discuss whether future technological advances will enhance or reduce this risk.
• d. Discuss the type of control(s) that could/should be implemented to mitigate such risk.