Jaspreet K. Badesha

1. As customers we experience various company’s order to cash process (OTC) whenever we buy something.  Which company do you believe has a ‘great’ OTC process?   Why? Amazon. You are required to login, find your product, place your order, pick a payment process, a shipping address and billing address and the delivery date. The order is in proce…[Read more]

List common control issues associated with operating systems and remediation strategy/plan.

Common controls we find with OS systems are listed below:

– Weak Password – requiring users to create more complex and strong passwords to prevent hacking.
– Lack of protection from network traffic – install a firewall and antivirus to prevent thre…[Read more]

Why is so important to protect operating systems?
An operating system is a program that manages all application and application programs on your computer. All major computer platforms both hardware and software require an operating system. Since these operating systems are the base of so many other applications we need to ensure their integrity,…[Read more]

1. The concept of ‘Assertions’ is important to accountants.  Who else is it important to?  Why?
The concept of assertions is important to Auditors in addition to accountants. “Auditors are required by ISAs to obtain sufficient & appropriate audit evidence in respect of all material financial statement assertions. The use of assertions therefor…[Read more]

4. Which portion / step of the Procure to Pay process do they see as the most vulnerable to theft, fraud or failure of some kind?  Explain
Payment processing in my opinion is the most vulnerable to theft, fraud or failure of some kind. When payments are being processed they can have payment information stolen and then used for fraud. Once the i…[Read more]

Apologies, this is supposed to be an answer not a reply.

4. Which portion / step of the Procure to Pay process do they see as the most vulnerable to theft, fraud or failure of some kind?  Explain
Payment processing in my opinion is the most vulnerable to theft, fraud or failure of some kind. When payments are being processed they can have payment information stolen and then used for fraud. Once the i…[Read more]

1. In class we discussed several dimensions of Management Assertions.  Which do you believe is the most important?  Why?
Assertion is a confident and forceful statement of fact or belief, the different kinds of assertion dimensions are listed below:
1. Occurrence
2. Existence
3. Timing (Cut of…[Read more]

3. Have you ever:
– Been victim of Fraud?
– Had evidence of, suspicions of fraud occurring?
– Been pressured (e.g. by an employer) to commit an act that was morally or legally questionable?
 Explain
1. I have not personally been a victim of fraud; however, my father has been a victim of credit card fraud a few times. The first we were travel…[Read more]

Very nice points, especially in mentioning that data must be available at all times .. this poses a risk when placing measures in place to ensure that the system is secure.

This is a great comparison. Certain organizations may be able to organize their data in a filing system, it just depends on the policies they have in place.The biggest difference I feel like in your points is establishing relationships between data. I feel like this point is key when discussing relational databases as the retrieval of related…[Read more]

Nice responses Annamarie, in additional I feel like privilege abuse among employees is also another risk. If you do not have proper controls and security settings in place employees who may not require access to the data will be able to access it and use it in an unprofessional manner.

3) List risks associated with database management systems (DBMS)
– Performance issues are difficult to predict
– Data integrity is difficult to ensure with shared databases
– Mainly privilege abuse
– Poor audit trail
– Failed or incomplete backups
– Weak authentication
– Not requiring passwords for databases or weak passwords
– Weak…[Read more]

2) Key benefits of relational databases vs traditional file system?
Key benefits of relation databases vs traditional file system are that you can:
– search for multiple different data sets at once (or across different data sets)
– relational databases are computer based and much faster in terms of pulling information
– you can update many…[Read more]

1) What are key characters of relational database management systems?

A relational data base management system is a program that lets you create, update and administer a relational database. Compared to a manual database this is more flexible, compact and faster. It reduces the probability of inconsistent data.
– Data is displayed in tables,…[Read more]

Very good points. I feel like following pre-set frameworks is easy, efficient, and cost effective. These frameworks almost ensure that you are in compliance within your industry and company.

I agree. In addition I feel like it works together like IT governance. The tone is set at the top… COBIT is like the board and determines why we need to implement certain controls where the general IT team would be the how and know technically what needs to get implemented. In essence one is the policy maker while the other is the enforcer.

I agree, nice creativity on the pizza analogy and mentioning that the control framework is like setting a baseline to make it easier for auditors to know what they are measuring. It is additionally helps the firm maintain compliance in an easy and effective manner.

I agree. In my research and easy way to identify the differences simply are one is telling the ‘Why’, why these controls are important and need to be placed, where the other is telling us ‘how’. Once is being used at an executive or leadership level where the other can be used at a lower level of the person implementing the controls.

Explain the key IT audit phases.
What are the key activities within each phase?
1. Audit Planning
a. Developing an overall strategy for the audit
b. Developing a scope and objectives
2. Obtaining understanding of the client and its environment
a. This is to help establish what the company is currently like
b. This includes…[Read more]