Answered step by step
Verified Expert Solution
Question
1 Approved Answer
CASE PROJECTS Case Project 1-1: Qualitative Risk Assessment As a consultant with the Risk Analysis Consulting Co., you have been asked to perform a
CASE PROJECTS Case Project 1-1: Qualitative Risk Assessment As a consultant with the Risk Analysis Consulting Co., you have been asked to perform a qualitative risk assessment for the TRC Chemical Company. TRC Chemical has a large outside sales force, numbering in the hundreds. Most of these employees use their own home computers (70% laptops, 30% desktops) to conduct TRC Chemical business. You have been asked to assess the risks associated with the use of home computers versus company-owned and-managed computers. Case Project 1-2: Quantitative Risk Assessment As a consultant with the Risk Analysis Consulting Co., you have completed a qualitative risk assessment regarding the risks associated with using non- company-owned computers to conduct company business. Your customer, TRC Chemical, is pleased with the results of the qualitative risk assessment and wants to see hard numbers to see whether it can justify the capital and expense burden of equipping the sales force with company-owned computers, based upon risk mitigation alone. In your risk assessment, make best estimates on the value of information and costs associated with purchasing and supporting company-owned computers. Case Project 1-3: Segregation of Duties Matrix As a consultant with the Risk Analysis Consulting Co., you have been asked to help the BBX Internet Stock Trading Company develop a viable segregation of duties for the management of its online software and supporting infrastructure. The activities that BBX is concerned with include: Request and assignment of privileged access at the network, operating system, database, and application layers Setup of new customers Changes to audit alert settings For each of the activities listed above, develop a segregation of duties matrix where different parts of each process are performed by different individuals. Things to consider: Separate the activity of requesting an action from performing the action. Add an activity of confirming correct completion of the action. Include any recordkeeping for the action so that an auditor can examine the action after the fact to see if the action was appropriately carried out.
Step by Step Solution
★★★★★
3.41 Rating (160 Votes )
There are 3 Steps involved in it
Step: 1
Answer Case Project 11 Qualitative Risk Assessment As a consultant with the Risk Analysis Consulting Co I have been asked to perform a qualitative risk assessment for the TRC Chemical Company TRC Chem...
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started
Statistics For Business And Economics
Authors: Paul Newbold, William Carlson, Betty Thorne
8th Edition
0132745658, 978-0132745659
