Risk and controls in IT are divided into five categories in the Trust Services Principles. Match the risk below with corresponding example of such risk:

A. An example of a risk that can cause interruptions to the system would be a virus that causes the system to slow down or fail. Internal controls can be implemented to limit the chances of failure and thereby help improve availability of the system to process information and support ongoing business.

B. An example is the theft of credit card numbers when orders are placed through the company website. Internal controls should be implemented to limit the chance of personal information being misused.

C. Examples of information of concern could be banking information and price lists. Most companies do not wish to allow price lists to be available to competitors.

D. An example of unauthorized physical access would be a person breaking into the computer room and dam- aging computer equipment. An example of logical access would be an unauthorized hacker stealing data such as credit card numbers. Internal controls must be designed and implemented to limit both types of unauthorized access.

E. The person keying hours worked into the payroll software might accidentally type an incorrect number of hours. Controls should be implemented to reduce erroneous, incomplete, or unauthorized transactions or data.

Security.

Processing integrity.

Online privacy.

Availability.

Confidentiality.