-
Annamarie Filippone posted a new activity comment 8 years, 1 month ago
Q1. What are key characters of relational database management systems?
-Table: is equivalent to a file, representing a collection of records. Rows and columns are horizontal and vertical sets of data fields.
-Trigger: activate a stored procedure when a table or field is inserted, updated, or deleted.
-Stored Procedure/Function: program…[Read more] -
Annamarie Filippone commented on the post, Week 3 Questions, on the site 8 years, 1 month ago
Q4. Which portion/step of the Procure to Pay process do you see as the most vulnerable to theft, fraud, or failure of some kind? Explain.
I think the beginning portion of the Procure to Pay process (Steps 1-3) is the most vulnerable to fraud or failure, because it is potentially subject to a great deal of human error or collusion. Incorrect…[Read more]
-
Annamarie Filippone posted a new activity comment 8 years, 1 month ago
Q3. Have you ever:
-Been victim of Fraud?
-Had evidence of, suspicions of fraud occurring?
-Been pressured (by an employer) to commit an act that was morally or legally questionable? ExplainLuckily, I have never been the victim of fraud. I try to take actions that reduce the chances of this, such as checking my card statements every month.…[Read more]
-
Annamarie Filippone commented on the post, Weekly Question #7: Complete by March 27, 2017, on the site 8 years, 1 month ago
Q2. In class we discussed several dimensions of Management Assertions. Which do you believe is the most important? Why?
It is difficult to label one dimension as the most important, as all must be included in an effective assertion. But if there’s one I must put focus on, I would choose Accuracy. This means that transactions have been r…[Read more]
-
Annamarie Filippone commented on the post, Week 3 Questions, on the site 8 years, 1 month ago
Q1. The concept of “Assertions” is important to accountants. Who else is it important to? Why?
One group that assertions are important to, besides accountants, would be auditors. As we discussed in class, assertions require the existence of controls, which auditors will test. In addition, assertions would be important to any individuals tha…[Read more]
-
Annamarie Filippone posted a new activity comment 8 years, 1 month ago
Hi Mansi,
In my experience, this is the exact workflow that we followed during our audits. The only difference is that instead of grouping it under 6 steps, my organization just had “Planning”, “Fieldwork and Documentation”, and “Reporting/Issue Tracking”. In our case, the steps “Issue Discovery and Validation” and “Solution Development” fell…[Read more]
-
Annamarie Filippone commented on the post, Week 2 Questions, on the site 8 years, 1 month ago
I agree with you Yu Ming that, while differing in levels of specificity, COBIT and ITIL have the same general purpose: to provide governance guidance. In addition, I like that you laid out the 5 stages in ITIL, as well as the 5 principles and 7 qualities from COBIT. Looking at them like this, I think it’s easier to understand how ITIL can be…[Read more]
-
Annamarie Filippone posted a new activity comment 8 years, 1 month ago
I don’t think it’s in any reading we’ve done for this class so far, but an example RACI chart can be found in ISACA’s Risk IT Framework. As Deepali said, it breaks down the different roles involved (Board, CEO, Business Process Owner, etc.) and determines their level of involvement in key activities by separating them into four categories:
1.…[Read more]
-
Annamarie Filippone commented on the post, Week 2 Questions, on the site 8 years, 1 month ago
Great detail in your answer Priya, especially for the Planning stage. I think a few of those key steps (such as creating customized checklists and researching the industry) can be forgotten or not given enough attention for the sake of time or, as I have occasionally seen, due to heavy reliance on information from previous audits. Not giving this…[Read more]
-
Annamarie Filippone commented on the post, Week 2 Questions, on the site 8 years, 1 month ago
Yes Priya, I believe you and Sean are right by suggesting that COBIT should be implemented first. As you said, this allows the organization to set up its overall governance, which ITIL can then be mapped to. COBIT can shape the ITIL processes by linking them to business requirements and evaluate the success of implementation. I think this approach…[Read more]
-
Annamarie Filippone posted a new activity comment 8 years, 1 month ago
Q4. Why do we need control framework to guide IT auditing?
Control framework helps guide IT audit by providing 5 components to assess effectiveness of procedures and policies:
-Control Environment: sets the tone of the organization and provides the foundation for all other internal control components.
-Risk Assessment: identifies relevant…[Read more] -
Annamarie Filippone commented on the post, Week 2 Questions, on the site 8 years, 1 month ago
Q3. Comparing ITIL and COBIT: list some key similarities and differences based on your understanding?
While COBIT and ITIL both help establish strong IT governance and can both be used by an organization, there are several differences. COBIT is much broader in scope, while ITIL focuses on IT service management. COBIT addresses “What” should be…[Read more]
-
Annamarie Filippone posted a new activity comment 8 years, 1 month ago
Q1. Explain the key IT audit phases. AND Q2. What are the key activities within each phase?
1. Planning
-Determine scope by interviewing customers to understand area under audit and assessing risks that will be reviewed, as well as any existing internal controls.
-Coordinate with the customer to schedule when the audit will take…[Read more] -
Annamarie Filippone commented on the post, Progress Report for Week Ending, March 1, on the site 8 years, 1 month ago
I would say that cooperation from both the C-suite and “front-line” leaders is necessary to establish a strong control environment. While the C-suite can set the tone for the entire organization by including a strong internal control system as a company value, lower level employees will look to the “front-line” leaders to see how this general idea…[Read more]
-
Annamarie Filippone commented on the post, Progress Report for Week Ending, February 9, on the site 8 years, 1 month ago
The risk of inappropriate access/use of PII is one that my organization has also identified, and has created several controls to mitigate. First, any emails that contain PII must be encrypted. Additionally, emails can no longer be sent outside of the organization (so employees can no longer email work data to their personal emails). These controls…[Read more]
-
Annamarie Filippone commented on the post, Happy Birthday SNL // the typists from the Carol Burnett show, on the site 8 years, 1 month ago
I agree that lack of knowledge regarding the importance of security controls was the greatest issue in the video, and that training throughout the organization is one of the best ways to remedy this. I think in addition to the training that all employees must complete, management should receive additional training on how to promote the necessity…[Read more]
-
Annamarie Filippone commented on the post, Happy Birthday SNL // the typists from the Carol Burnett show, on the site 8 years, 1 month ago
These are all great points. I would add that knowledge of technology can help an auditor gain credibility with their customers. If an auditor has no understanding of the technology that they are auditing, they may be seen as an outsider by the customers, which can harm the relationship between the two. This can lead to customers misleading…[Read more]
-
Annamarie Filippone commented on the post, Happy Birthday SNL // the typists from the Carol Burnett show, on the site 8 years, 1 month ago
Question: What issues did you identify from this video.
The biggest issue I identified from this video was the lack of understanding most of the employees had towards the importance of security controls in general. The manager clearly saw training as an annoyance, and not something worth investing time in for the organization. This sort of…[Read more]
-
Annamarie Filippone commented on the post, Happy Birthday SNL // the typists from the Carol Burnett show, on the site 8 years, 1 month ago
Question: What is the purpose of all auditors having some understanding of technology?
For IT Auditors, the need for understanding of technology is rather obvious. Since technology will be the focus of all their audits, it is crucial that they have some knowledge on the technology that they are auditing. But other auditors, such as Operational…[Read more]
-
Annamarie Filippone commented on the post, Happy Birthday SNL // the typists from the Carol Burnett show, on the site 8 years, 1 month ago
Question: How does the control environment affect IT?
A control environment comes from the perceived attitude and actions of upper management regarding the importance of the internal control system within an organization. This attitude will trickle down through the organization and be perpetuated at all levels, so it is crucial that management…[Read more]
- Load More