[The following information applies to the questions displayed below.] Risks and Controls in an IT Environment The nature of the client's IT system will affect the risks that management must confront in designing controls for the system. In assessing the risks of material misstatement, the auditors should identify these risks and evaluate the effectiveness of the related controls in mitigating those risks. Auditors assess the risks of material misstatements by using all the audit evidence obtained on the client and its environment, including its internal control. When assessing the risks of material misstatement, the auditors should identify these risks and evaluate the effectiveness of the related controls in mitigating those risks in an IT environment. Use your cursor to match each example of a typical risk with the control that may be used to mitigate the risk in an IT environment. Introduction of unauthorized data or programs Physical and user controls Unauthorized changes Destruction of infrastructure or data Controls over access and backup copies Program and user controls Destruction of data Unauthorized access to data or programs Firewalls and password systems Physical controls over terminals and testing of user programs and applications Reset