The Control Environment, Risk Assessment and Management, Control Activities, Outsourcing or Monitoring. Identify the following:

1. Which of the components is affected by the situation and which of the principles of said component is not being met and needs to be improved.
2. Recommend the preventive, detective and corrective control procedures (at least one of each) to be used to mitigate the risks found.
3. Based on the components and principles of COSO, How a company can develop a fraud risk management program that is effective and efficient. Risk Assessment and Information/Communication: Risks and Benefits of Remote Access
4. Your company has recently upgraded its accounting software. The consultant who installed the software has explained that a new option makes the system available through the Internet for staff (remote access capability). Previously, staff only had access to the system when they were physically in the headquarters building. With remote access to the system, they would be able to access the system from anywhere by entering their user name and password. Currently, user name and password specifications are not regulated. For example, passwords are allowed to be as short as three characters and may remain unchanged for up to six months.

Some of the staff expressed interest in being able to access the system from home, especially on weekends, instead of making the drive into town. Additionally, some managers have expressed a desire to be able to access some of the reports when they are away at business meetings.

 As the IT Audit Director, the decision as to whether to implement remote access is in your hands.

 What issues should you consider before deciding whether to allow remote access?

What would be some of the risks in allowing remote access?

 If remote access is allowed, what do you recommend as a password policy to minimize the opportunity for mishandling of remote access?