please refer to the picture with the steps

For each of these steps I would like you to identify two risks two things that could go wrong and for each risk that you identify come up with an internal control that could either help prevent or detect if it happens be very specific what would be appropriate application controls or general controls? Steps in the Sales Process Figure 8-1: Steps in the Sales Process Lead Order Generation Fulfillment Invoice Qualify Lead Sales Order Cash Collection Opportunity QuotationIT Application Controls Figure 11-1: Types of Information Technology Application Controls (ITAC) Input Controls Ensure that all data input into the system is accurate, complete, and authorized Sequence checks prevent missing transactions Drop-down menus to only allow valid items Authorization and approval rights for transactions based on user roles Override capabilities restricted to only certain users Edit checks to ensure accurate, valid, and complete input o Standardized input screens 0 Checks for duplicate entry of data Processing Controls - Ensure 0 Automated tracking of changes made to data that associates the that valid input data is change with a specific user; enables the audit trail PTOCESSEd accurately and 0 Automated checks of data from feeder systems, a process known completely as an interface control 0 Automated tracking of overrides made during processes 0 Checks to ensure that automated calculations produce expected results Output Controls Ensure that 0 Distribution of sensitive reports only to appropriate personnel output is complete, accurate, 0 Adherence to record retention periods and distributed to the 0 Analysis of error reports and corrective action to rectify issues appropriate personnel 0 All successful transactions posted to subsidiary ledger and summarized in the GL Program Change Controls Figure 11-5: Examples of Program Change Controls Program changes are only initiated with a valid IT or business justification. An IT manager or management in the business area requesting the change approves the program change prior to development in the DEV instance. Application programmers should only make changes in the DEV instance. Once work is completed, application programmers should move the program changes to the QA instance. Depending on the type of program change, functional users and/or IT staff test to make sure the application responds suitably in the QA environment. These staff members are separate from developers. Prior to moving changes to PRD, an impact analysis is performed to determine the potential effect of the proposed change to other systems and modules as well as to users. Program changes moved to PRD are scheduled during downtime, and users are notified in advance when the changes will occur. After testing and sign-off in the QA instance is complete, an IT employeeseparate from the employee who developed the changemoves the change to PRD. Programmers should not have direct access to the PRD instance and should not make changes directly into PRD. Documentation exists to show proper approvals and procedures in the program change control process. Source ISA CA Logical Access Controls Figure 11-6: Examples of Logical Access Controls Documentation exists to show proper approvals and procedures to grant logical access. Use of privileged access in applications such as SYSADMIN is limited only to appropriate personnel Procedures are put into place to notify IT security personnel when employees change roles and responsibilities or are terminated. Access privileges of such individuals are immediately changed to reflect their new status. Roles and responsibilities related to IT security are assigned to appropriate personnel. Data encryption, firewalls, network segmentation, and other measures are put in place to keep hackers, cyber criminals, and other outsiders from accessing the ERP system and database. Effective password management policies, such as periodically changing passwords and requiring passwords that are not easily guessed, are in place and enforced. Dual-factor authentication is enforced when logging onto the network. Default passwords are effectively replaced upon first login to the ERP system. Direct access to the ERP database is closed and programmatically prevented. Effective use of HTFPS for remote access is enforced. Source ISA CA Data Center Controls Figure 11-7: Data Center Controls Build on the right spot Employ redundancy by storing Use an uninterruptible power copies of data in multiple locations supply (UPS) Use Surveillance cameras Back up critical data Use emergency backup generators Limit entry points and avoid Use fire detection and suppression Use fiber optic cables windows Use biometrics for access Destroy hard drives when retiring Have a disaster recovery plan them Employ 24/7 security and Shred paper Maintain service-level agreements use perimeter fencing with customers Keep a roster of those who Use proper air conditioning and Have a data recovery plan are allowed access to the have redundant utilities data center Sam ISA CA