Deepali Kochhar

We can explain this with three parameters that are:

Confidentiality: Rights(Ownership)
Integrity: Accuracy
Availability: Completeness

So in my opinion all three of them are most important.

Q 3. Have you ever:
– Been victim of Fraud?
– Had evidence of, suspicions of fraud occurring?
– Been pressured (e.g. by an employer) to commit an act that was morally or legally questionable?
Explain

I have never been a victim of fraud. I always try to take preventive measure to keep my important information safe. For example, I alway…[Read more]

You made a good point Annamarie. Requirement determination is most vulnerable to theft. I would like to quote an example from the GBI case study discussed in the class.

If there is an error in the requirement determination for different parts which are needed to make a cycle due to which some parts are missed, it can lead to delay in…[Read more]

Q 1. The concept of ‘Assertions’ is important to accountants. Who else is it important to? Why?

Assertion can be important criteria in Material requirements.

Material correctness requirements define the logic of calculation, evaluation, and reporting of certain financial statement items within external reporting. Implementation of the…[Read more]

Just to add to your point Jaspreet, it also helps in doing Gap Analysis of what is and what has to be done.

Priya,

I think adoption of both is necessary depending on the need of the organisation. They both fulfill different needs and therefore we cannot prioritize the implementation of one after the other. Together they both will serve different segments in an organisation. If an organisation wants to align its IT processes, they will adopt COBIT and…[Read more]

Said,

Both Parties will not work on action plan. The auditor job will be to give the recommendation. It is the responsibility of the customer to work on the action plans based on the recommendation and findings of the audit.

IT Processes includes a series of steps that ensures that IT Services are provided in focused manner.
It includes:
Service Strategy
Service Design
Service Transition
Service Operation
Continual Service Improvement

Whereas IT Service level management is responsible to negotiate service level agreements with the customers in order to design…[Read more]

Annamarie explained it in a great way. RACI is a responsibility assignment matrix and it describes the participation of various roles in completing task and deliverable.

Q 2. How you would apply the FIPS security categorizations to decide if each of the information security risk mitigations (“safeguards”) described in the FGDC guidelines is needed?

FIPS applies security categorization in 2 ways:

1. SECURITY CATEGORIZATION APPLIED TO INFORMATION TYPES:

Establishing an appropriate security category of an…[Read more]

IDENTITY THEFT

Regulators Slam Wells Fargo for Identity Theft

For years’ wells Fargo employees subscribed the bank’s customers to products they didn’t request and this has now triggered a fine of $185 million in fines.
The bank allowed its employees to access customer’s personal information to subscribe them for products such as credit…[Read more]

I agree with you sean. Control framework will direct the IT Audit towards the control environment of the organisation.
Just to add to your point control framework defines RACI (responible, accountable, consulted and informed) chart which can help in identifying whether the authorized person are being correctly associated with the processes or…[Read more]

Q4. Why do we need control framework to guide IT auditing?

• Control framework define the base criteria for IT Auditing to look into the processes and processes so as to make assessment of their efficiency and effectiveness.
• Helps in determining that whether they are being measured for effectiveness
• Control framework defines Respo…[Read more]

Q3. Comparing ITIL and COBIT: list some key similarities and difference based on your understanding

DIFFERENCES:

• COBIT is used for mapping IT PROCESS whereas ITIL is used for mapping IT SERVICE LEVEL MANAGEMENT
• ITIL talks about “HOW” to carry processes such as delivery and support whereas COBIT talks about “WHAT” should be achieved su…[Read more]

Q1. Explain the key IT audit phases. What are the key activities within each phase?
Key IT Audit phases are:
• Audit subject
o Identify the area to be audited
• Audit Objective
o Identify the purpose of audit
o Example: Program source code change occur in well-defined and controlled environment
• Audit scope
o Identify what…[Read more]