Explain the risks, controls and control classification that arise in the following cases.

An organisation's top salesman uses a consumer-grade instant messaging (IM) client (e.g., AOL Instant Messaging). Such IM clients bypass anti-virus and spam software, don't have auditing and logging capabilities, and allow users to choose their IM names.

A financial analyst's laptop was stolen from his car. The laptop contained the names and social security numbers of 27,500 current and former employees.

To keep track of the passwords used to access various computer systems, employees create Word documents listing their passwords and store the document with the name "passwords.doc."

Backup disks that included information on 3.9 million credit card customers were lost in transit to a credit bureau. Data included names, tax file numbers, account numbers, and payment histories.

An individual sold his mobile phone on eBay. The mobile phone contained hundreds of confidential business-related e-mails.

Source: Gelinas / Dull / Wheeler. Accounting Information. CENGAGE Learning, 2012.

In the table below:

(a)Identify five (5) risks present in the previously listed activities. (1.5 mark each= 7.5 marks)

(b)Recommend a control for each of the risks you identified. (1.5 mark each = 7.5 marks)

(c)Classify each of the control activities as preventive, detective, or corrective.(1 mark each = 5 marks)