-
Abhay V Kshirsagar commented on the post, Week 3 Questions, on the site 8 years, 1 month ago
Interesting point, Brou. I thought “completeness” was the most important one because what if, for example, significant liabilities were never recorded by an organization.
-
Abhay V Kshirsagar posted a new activity comment 8 years, 1 month ago
Priya,
Interesting point. I didn’t really think about “favoritism” when it comes to selecting vendor. It actually made me think to segregation of duties and different access controls that are needed to mitigate such risks.
-
Abhay V Kshirsagar posted a new activity comment 8 years, 1 month ago
In class we discussed several dimensions of Management Assertions. Which do you believe is the most important? Why?
Assertions important for the class that we discussed are:
> Occurrence/Existence (timing)
> Completeness (are events recorded)
> Accuracy/Valuation (accuracy means if it is correct? valuation means if its measured…[Read more] -
Abhay V Kshirsagar posted a new activity comment 8 years, 1 month ago
Brou,
Good way to put it: “when the cost of managing the risk outweigh the cost of handling the loss.” I would just like to add that, In the real world, attaining zero risk is impossible. But after risk avoidance controls are in place, the residual risk shouldbe acceptable. There are different degrees of risk that consequently require degrees of safety.
-
Abhay V Kshirsagar posted a new activity comment 8 years, 1 month ago
What is an information risk profile? How is it used? Why is it critical to the success of an organization’s risk management strategies and activities?
The information risk profile of an organization is produced in collaboration with various stakeholders in the organization. The list of stakeholders can include, business leaders, internal and e…[Read more]
-
Abhay V Kshirsagar posted a new activity comment 8 years, 1 month ago
Great post! I would like to provide a small example in a business scenario. For example in the case of Amazon, They have tables for
Customer information,
Orders,
Items,
Reviews,
Payment,
Supplier,A customer can have many orders (one to many)
An order can have only one customer (many to one)
-
Abhay V Kshirsagar commented on the post, Week 3 Questions, on the site 8 years, 1 month ago
Priya,
Good job on putting light on the availability point. An example that I can think of is if the data is destroyed in a database containing user login information for a company, that will restrict them to entering into the system.
-
Abhay V Kshirsagar commented on the post, Week 3 Questions, on the site 8 years, 1 month ago
Yu Ming,
Great post. For the primary key, I think the best example I can think of is the social security number, which is unique to every individual; in case you are accepting the SSNs from the user in the form.
-
Abhay V Kshirsagar commented on the post, Week 3 Questions, on the site 8 years, 1 month ago
Wenlin,
I strongly agree with you about the failed/incomplete backups point. I too believe that an organization needs to have right controls (corrective, preventive) to restore the system if such a situation arises.
-
Abhay V Kshirsagar posted a new activity comment 8 years, 1 month ago
List risks associated with database management systems (DBMS)
First and the most important risk that I can think of is destruction of data. If the organization doesn’t have any corrective controls or preventive controls in place, a human error, which is inevitable, could cause this.
Other risks include misuse of data due to poor access…[Read more] -
Abhay V Kshirsagar posted a new activity comment 8 years, 1 month ago
Key benefits of relational databases vs traditional file system?
The traditional database is designed around a single table containing the data and it fails to support “big data,” like data gathered from various enterprise applications.
RDBMS incorporates multiple tables with methods for the tables to work together. If you need to store and…[Read more]
-
Abhay V Kshirsagar posted a new activity comment 8 years, 1 month ago
What are key characters of relational database management systems?
RDBMS is a type of a system that organizes the data in related rows and columns.
> Users can query the data and receive widest range of output.
> The input, storage, alteration and deletion of data is done through SQL.
> Primary key (unique ID) is used to identify data in…[Read more] -
Abhay V Kshirsagar commented on the post, Week 3 Questions, on the site 8 years, 1 month ago
Daniel,
I strongly agree with your point. There are various ways to describe one matter, which can be misunderstood and quickly snowball the process into a huge mess. Human error is inevitable and thus if occurs in the first step, can lead to problems in the research phase, which can lead to a wrong vendor selection in the next phase.
-
Abhay V Kshirsagar commented on the post, Week 2 Questions, on the site 8 years, 1 month ago
Yes, even I think customer input is important. Customers can give you vital information, like, what areas do they think are more crucial and are needed to be audited more carefully.
-
Abhay V Kshirsagar commented on the post, Week 2 Questions, on the site 8 years, 1 month ago
Jaspreet,
Good point. I would also like to add that the existing controls can sometimes be a starting point for the auditor as well. Sometimes these controls also tell auditors what a specific company wants to achieve through implementing controls.
-
Abhay V Kshirsagar posted a new activity comment 8 years, 1 month ago
Binu,
Very interesting article. It didn’t really ever strike me that even 911 service is exposed to an attack like TDOS. It surely pose a big threat to the critical infrastructure of the country (if i may). And, I strongly agree: With time and evolution taking place in technology and the environment, systems should be updated as well.
-
Abhay V Kshirsagar posted a new activity comment 8 years, 1 month ago
Yu Ming,
Thank you for the link. A RACI chart or a RACI matrix prevents conflicts between team members. Team members are also not confused about responsibility as RACI clearly indicates what needs to be done and who must do it.
Studied this in my Project Management class in MIS.
-
Abhay V Kshirsagar commented on the post, Week 2 Questions, on the site 8 years, 1 month ago
Priya,
I liked that you detailed the stages. I tried to detail them as much as I could and I missed the industry specific expectations point, which I think is a crucial point. Thanks!
-
Abhay V Kshirsagar posted a new activity comment 8 years, 1 month ago
There are three types of risk controls:
1) Preventive ControlsPreventive Controls are designed to keep errors or irregularities from occurring in the first place. Example, installing firewalls, segregation of employee responsibilities, etc.
2) Detective Controls
Detective controls are designed to search for errors or irregularities…[Read more]
-
Abhay V Kshirsagar posted a new activity comment 8 years, 1 month ago
Why do we need control framework to guide IT auditing?
An organization needs control framework to have practices and procedures that are establish to generate business value and minimize risk; compliance with government requirements or industry guidelines. A structured and well documented process that allows managers to show that they have…[Read more]
- Load More