Hello,

Please complete my assignment. My homework is related to my Accounting Information Systems class. I am struggling with it. Must type about one page. I will upload presentation for you, so that you can read ppt and answer these questions clearly.

Chapter 12 (Monitoring and Auditing AIS) Questions 1. What are the main reasons for using a VPN? 6. What is the main purpose of using firewalls? 7. Are there differences among hubs, switches, and routers? Chapter 12 Monitoring and Auditing AIS Copyright 2014 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. Learning Objectives LO#1 Understand the risks involved with computer hardware and software. LO#2 Understand and apply computer-assisted audit techniques. LO#3 Explain continuous auditing in AIS. 12-2 LO# 1 Computer hardware and Software Operating System (OS) (the most important system software) Database Systems Local Networks (LANs) Wide Area Networks (WANs) Virtual Private Networks (VPNs) Wireless Networks Remote Access 12-3 LO# 1 Operating System (OS) To ensure the integrity of the system To control the flow of multiprogramming and tasks of scheduling in the computer To allocate computer resources to users and applications To manage the interfaces with the computer 12-4 LO# 1 Operating System (OS) (Contd.) Five fundamental control objectives: Protect itself from users Protect users from each other Protect users from themselves Be protected from itself Be protected from its environment Operating system security should be included as part of IT governance in establishing proper policies and procedures for IT controls. 12-5 LO# 1 Database Systems A database is a shared collection of logically related data which meets the information needs of a firm. A data warehouse is a centralized collection of firm-wide data for a relatively long period of time. Operational databases is for daily operations and often includes data for the current fiscal year only. Data mining is the process of searching for patterns in the data in a data warehouse and data analyzing these patterns for decision making. (OLAP) Data governance is the convergence of data quality, data management, data policies, business process management, and risk management surrounding the handling of data in a firm. 12-6 LO# 1 LANs A local area network (LAN): a group of computers, printers, and other devices connected to the same network that covers a limited geographic range. LAN devices include hubs and switches. --hubs (broadcasts through multiple ports) --switches (provides a path for each pair of connections) --Switches provide a significant improvement over hubs 12-7 LO# 1 WANs Wide area networks (WANs) link different sites together, transmit information across geographically and cover a broad geographic area. --to provide remote access to employees or customers --to link two or more sites within the firm --to provide corporate access to the Internet routers and firewalls 12-8 LO# 1 WANs (Contd.) Routers: connects different LANs, software-based intelligent devices, examines the Internet Protocol (IP) address Firewalls: a security system comprised of hardware and software that is built using routers, servers, and a variety of software; allows individuals on the corporate network to send/receive a data packet from the Internet. Virtual Private Network (VPN) 12-9 LO# 1 Wireless Networks A Wireless Network is comprised of two fundamental architectural components: access points and stations. An access point logically connects stations to a firm's network. A station is a wireless endpoint device equipped with a wireless Network Interface Card (NIC). 12-10 LO# 1 Wireless Networks (Contd.) Benefits of using wireless technology: --Mobility --Rapid deployment --Flexibility and Scalability --Confidentiality --Integrity --Availability --Access Control --Eavesdropping --Man-in-the-Middle --Masquerading --Message Modification --Message Replay --Misappropriation --Traffic Analysis --Rogue Access Point 12-11 Security Controls in Wireless Networks LO# 1 Management Controls--management of risk and information system security Operational Controls--protecting a firm's premise and facilities, preventing and detecting physical security breaches, and providing security training to employees, contractors, or third party users Technical Controls--primarily implemented and executed through mechanisms contained in computing related equipments 12-12 LO# 2 Computer-assisted Audit Techniques (CAATs) CAATs are imperative tools for auditors to conduct an audit in accordance with heightened auditing standards. Generally Accepted Auditing Standards (GAAS) are broad guidelines regarding an auditor's professional responsibilities Information Systems Auditing Standards (ISASs) provides guidelines for conducting an IS/IT audit (issued by ISACA) According to the Institute of Internal Auditors' (IIA) professional practice standard section 1220.A2, internal auditors must consider the use of computer-assisted, technology-based audit tools and other data analysis techniques when conducting internal audits. 12-13 LO# 2 Use CAATs in Auditing Systems Test of details of transactions and balances Analytical review procedures Compliance tests of IT general and application controls Operating system and network vulnerability assessments Application security testing and source code security scans Penetration Testing Two approaches: Auditing around the computer (the black-box approach) Auditing through the computer (the white-box approach) 12-14 LO# 2 Auditing around the computer (the black-box approach) First calculating expected results from the transactions entered into the system Then comparing these calculations to the processing or output results The advantage of this approach is that the systems will not be interrupted for auditing purposes. The black-box approach could be adequate when automated systems applications are relatively simple. 12-15 LO# 2 Auditing through the computer (the white-box approach) The white-box approach requires auditors to understand the internal logic of the system/application being tested. The auditing through the computer approach embraces a variety of techniques: test data technique, parallel simulation, integrated test facility (ITF), and embedded audit module. 12-16 LO# 2 Generalized Audit Software (GAS) Frequently used to perform substantive tests and is used for testing of controls through transactionaldata analysis. Directly read and access data from various database platforms provides auditors an independent means to gain access to data for analysis and the ability to use highlevel, problem-solving software to invoke functions to be performed on data files. --Audit Control Language (ACL) --Interactive Date Extraction and Analysis (IDEA) 12-17 LO# 3 Continuous Audit 12-18 LO# 3 Fraud Schemes and Corresponding Proposed Alarms under Continuous Audits 12-19 LO# 3 Implementation of Continuous Auditing Extensible Markup Language (XML) Extensible Business Reporting Language (XBRL) Database management systems Transaction logging and query tools Data warehouses Data mining or computer-assisted audit techniques (CAATs) 12-20 LO# 3 Implementation of Continuous Auditing (Contd.) Non-technical barriers and technical challenges exist A general template that a steering team or the internal audit function can use: --Evaluate the overall benefit and cost --Develop a strategy --Plan and design how to implement continuous auditing --Implement continuous auditing --Performance monitoring 12-21 Chapter 12 Monitoring and Auditing AIS Copyright 2014 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. Learning Objectives LO#1 Understand the risks involved with computer hardware and software. LO#2 Understand and apply computer-assisted audit techniques. LO#3 Explain continuous auditing in AIS. 12-2 LO# 1 Computer hardware and Software Operating System (OS) (the most important system software) Database Systems Local Networks (LANs) Wide Area Networks (WANs) Virtual Private Networks (VPNs) Wireless Networks Remote Access 12-3 LO# 1 Operating System (OS) To ensure the integrity of the system To control the flow of multiprogramming and tasks of scheduling in the computer To allocate computer resources to users and applications To manage the interfaces with the computer 12-4 LO# 1 Operating System (OS) (Contd.) Five fundamental control objectives: Protect itself from users Protect users from each other Protect users from themselves Be protected from itself Be protected from its environment Operating system security should be included as part of IT governance in establishing proper policies and procedures for IT controls. 12-5 LO# 1 Database Systems A database is a shared collection of logically related data which meets the information needs of a firm. A data warehouse is a centralized collection of firm-wide data for a relatively long period of time. Operational databases is for daily operations and often includes data for the current fiscal year only. Data mining is the process of searching for patterns in the data in a data warehouse and data analyzing these patterns for decision making. (OLAP) Data governance is the convergence of data quality, data management, data policies, business process management, and risk management surrounding the handling of data in a firm. 12-6 LO# 1 LANs A local area network (LAN): a group of computers, printers, and other devices connected to the same network that covers a limited geographic range. LAN devices include hubs and switches. --hubs (broadcasts through multiple ports) --switches (provides a path for each pair of connections) --Switches provide a significant improvement over hubs 12-7 LO# 1 WANs Wide area networks (WANs) link different sites together, transmit information across geographically and cover a broad geographic area. --to provide remote access to employees or customers --to link two or more sites within the firm --to provide corporate access to the Internet routers and firewalls 12-8 LO# 1 WANs (Contd.) Routers: connects different LANs, software-based intelligent devices, examines the Internet Protocol (IP) address Firewalls: a security system comprised of hardware and software that is built using routers, servers, and a variety of software; allows individuals on the corporate network to send/receive a data packet from the Internet. Virtual Private Network (VPN) 12-9 LO# 1 Wireless Networks A Wireless Network is comprised of two fundamental architectural components: access points and stations. An access point logically connects stations to a firm's network. A station is a wireless endpoint device equipped with a wireless Network Interface Card (NIC). 12-10 LO# 1 Wireless Networks (Contd.) Benefits of using wireless technology: --Mobility --Rapid deployment --Flexibility and Scalability --Confidentiality --Integrity --Availability --Access Control --Eavesdropping --Man-in-the-Middle --Masquerading --Message Modification --Message Replay --Misappropriation --Traffic Analysis --Rogue Access Point 12-11 Security Controls in Wireless Networks LO# 1 Management Controls--management of risk and information system security Operational Controls--protecting a firm's premise and facilities, preventing and detecting physical security breaches, and providing security training to employees, contractors, or third party users Technical Controls--primarily implemented and executed through mechanisms contained in computing related equipments 12-12 LO# 2 Computer-assisted Audit Techniques (CAATs) CAATs are imperative tools for auditors to conduct an audit in accordance with heightened auditing standards. Generally Accepted Auditing Standards (GAAS) are broad guidelines regarding an auditor's professional responsibilities Information Systems Auditing Standards (ISASs) provides guidelines for conducting an IS/IT audit (issued by ISACA) According to the Institute of Internal Auditors' (IIA) professional practice standard section 1220.A2, internal auditors must consider the use of computer-assisted, technology-based audit tools and other data analysis techniques when conducting internal audits. 12-13 LO# 2 Use CAATs in Auditing Systems Test of details of transactions and balances Analytical review procedures Compliance tests of IT general and application controls Operating system and network vulnerability assessments Application security testing and source code security scans Penetration Testing Two approaches: Auditing around the computer (the black-box approach) Auditing through the computer (the white-box approach) 12-14 LO# 2 Auditing around the computer (the black-box approach) First calculating expected results from the transactions entered into the system Then comparing these calculations to the processing or output results The advantage of this approach is that the systems will not be interrupted for auditing purposes. The black-box approach could be adequate when automated systems applications are relatively simple. 12-15 LO# 2 Auditing through the computer (the white-box approach) The white-box approach requires auditors to understand the internal logic of the system/application being tested. The auditing through the computer approach embraces a variety of techniques: test data technique, parallel simulation, integrated test facility (ITF), and embedded audit module. 12-16 LO# 2 Generalized Audit Software (GAS) Frequently used to perform substantive tests and is used for testing of controls through transactionaldata analysis. Directly read and access data from various database platforms provides auditors an independent means to gain access to data for analysis and the ability to use highlevel, problem-solving software to invoke functions to be performed on data files. --Audit Control Language (ACL) --Interactive Date Extraction and Analysis (IDEA) 12-17 LO# 3 Continuous Audit 12-18 LO# 3 Fraud Schemes and Corresponding Proposed Alarms under Continuous Audits 12-19 LO# 3 Implementation of Continuous Auditing Extensible Markup Language (XML) Extensible Business Reporting Language (XBRL) Database management systems Transaction logging and query tools Data warehouses Data mining or computer-assisted audit techniques (CAATs) 12-20 LO# 3 Implementation of Continuous Auditing (Contd.) Non-technical barriers and technical challenges exist A general template that a steering team or the internal audit function can use: --Evaluate the overall benefit and cost --Develop a strategy --Plan and design how to implement continuous auditing --Implement continuous auditing --Performance monitoring 12-21