- What is a compensating control? When would you use one? Why? Can you give an example?
- If you had to rank the importance of the basic IT controls, how would you do it? Which is most important, which least?
- What is segregation of duties and how does it play into basic administrative controls? Give an example of two IT roles that should be segregated?
- What do you consider to be the most important personnel hiring controls for an organization?
- How are budgets handled (ie created monitored,re-forecast, etc.) in your organization?
Your Neighborhood Grocer Case
Consider the following questions about the YNG case. Ignore the questions at the end of the case.
- YNG has grown through acquisition resulting in a mess of systems. Why did this happen and what controls can Larry put into place to ensure that it doesn’t continue into the future?
- Business application procurement seems to be a big problem. IT buys stuff the businesses’ don’t want and many of the business’ purchases have been outright failures. Why? What controls can Larry put into place to ensure that it doesn’t continue into the future?
- The most recent IT Audit will produce a finding about the sorry state of access control in the company. What controls should Larry be ready to recommend to reduce the impact of this finding?