a.Why should an organisation use both authentication and authorisation? In your answer, provide an example of each. (3 marks)

b.For each of the following identified threats, recommend one (1) preventative control which could be implemented to best mitigate the identified threat. Explain why you have chosen each of these controls. (3 marks)

1.Jane had worked in account payable and Lock 'Em Out Pty Ltd for eight (8) years and was quite familiar with the system. She had been there longer than her supervisor and he relied on her experience on a day to day basis. Jane often asked the supervisor to authorise transactions, as such Jane had an idea of his password. As the supervisor was particularly busy with end of month reporting, Jane did not want to bother him, so she tried entering his password and found it was correct.

2.Julia received an email with some holiday pictures from someone she had travelled with overseas. When she opened the photos, her work laptop was infected with a keystroke logger.

3.Alex was conducting some routine maintenance to the company's website and discovered an external actor had hacked into the company's website. He could not remember who he should contact to deal with this situation and consequently spent over 40 minutes placing phone calls to numerous personnel until he located the right person.

c.You are a practicing accountant with Young & Young Pty Ltd, a regional accounting firm offering a range of services to local clients. Your client Bear & Bull Pty Ltd (B&B) are a retail technology business selling hardware and software to individuals and businesses. B&B had an incident some years ago, where an employee was stealing mobile phones and selling them to his friends. Henry, a director and owner of B&B, discovered this and promptly fired the employee. Consequently B&B have spent considerable time and money in developing, implementing, and refining their internal controls over several key accounting areas. Recently Henry discovered anomalies in accounts receivable and some gift cards were missing from inventory. It looks to be a potential case of fraud involving misappropriate by at least two staff. Henry was annoyed and indicated, "we spent considerable money four years ago updating internal controls to ensure issues like this did not occur. What's the point in going to all that expense, if employees get around it anyway?

How would you respond to Henry's concerns? Consider the following points in your response:

1.Why are internal controls important even though they do not always work? (1mark)

2.What are two (2) key area's B&B should consider in strengthening their internal controls? Why are these important? (2 marks)

3. How could they improve the effectiveness of controls over these key area's mentioned in (iii)? (1 mark)