select one that would BEST prevent the system failure from occurring:

A hacker accessed the Website at Valhalla, Inc. and changed some of the graphics. Confused by these changes, some customers took their business elsewhere.

• A.

Access control software

• B.

Firewall

• C.

Personnel termination control plans

• D.

Personnel selection and hiring control plans

• E.

Continuous data protection

• F.

Rotation of duties and forced vacations

Bob Johnson, the company cashier, was known throughout the company as a workaholic. After three years on the job, Bob suddenly suffered heart problems and was incapacitated for several weeks. While he was out of the office, the treasurer temporarily assumed his duties and discovered that Bob had misappropriated several thousand dollars since he was hired.

• A.

Firewall

• B.

Personnel termination control plans

• C.

Access control software

• D.

Personnel selection and hiring control plans

• E.

Continuous data protection

• F.

Rotation of duties and forced vacations

The PCAOB's Auditing Standard No. 5 (AS5) outlines the process for "An Audit of Internal Control over Financial Reporting (ICFR) That Is Integrated with an Audit of Financial Statements." Paragraph 24 of this document lists eight entity-level controls. Entity-level controls are comparable to the pervasive controls covered in this chapter. Match one of AS5's entity-level controls with a specific control plan below.

Entity-Level Controls from AS5

A. Access control and monitoring software.

B. Budgetary controls.

C. Report highlighting credit sales, returns, and allowances over the complete and entire reporting period, including 30 days after the close of a financial reporting period.

D. Use of control frameworks such as those provided by COSO and COBIT.

E. A report of all employees not taking required vacation days.

F. Development of a business interruption plan.

G. Program change controls.

H. Supervision.

1. Controls related to the control environment.

2. Controls over management override.

3. The companys risk assessment process.

4. Centralized processing and controls, including shared service environments.

5. Controls to monitor the results of operations.

6. Controls to monitor other controls, including activities of the internal audit function, the audit committee and self-assessment programs.