-
Jaspreet K. Badesha commented on the post, Week 2 Questions, on the site 8 years, 1 month ago
Why do we need control framework to guide IT auditing?
We need control framework to guide IT auditing to help conform to compliance within the industry. Since basic control frameworks already exist it makes it easier and cost effective for a company to implement something similar and then build from it. They are set to help with efficiency and…[Read more] -
Jaspreet K. Badesha commented on the post, Week 2 Questions, on the site 8 years, 1 month ago
The differences between the frameworks are that COBIT is described as the ‘Why’ where ITIL is described as the ‘How’. However, they are best when used together rather than one vs another. Per research on https://nhlearningsolutions.com/Blog/TabId/145/ArtMID/16483/ArticleID/1514/COBIT-vs-ITIL.aspx
They are similar in the sense that when used to…[Read more]
-
Jaspreet K. Badesha commented on the post, Week 1 Questions, on the site 8 years, 1 month ago
I agree, a ruined reputation is worse of all.
-
Jaspreet K. Badesha commented on the post, Week 1 Questions, on the site 8 years, 1 month ago
I agree, overall the lack of information security or understanding of security policy in the company was scary. Storing passwords in obvious places, storing highly sensitive data on flash drives in an unencrypted manner or simply not securing ‘highly secure’ areas shows the lack of policy enforcement.
-
Jaspreet K. Badesha commented on the post, Week 1 Questions, on the site 8 years, 1 month ago
I agree. In addition all auditors regardless of the field they’re in should possess some technical skills so they can at a minimum operate the systems which they are auditing.
-
Jaspreet K. Badesha commented on the post, Progress Report for Week Ending, March 1, on the site 8 years, 1 month ago
Question # 2 ) How does the control environment affect IT?
A control environment affects IT in many ways. It helps establish rules and IT governance therefore enforcing policies and helping maintain data integrity. If the control environment isn’t fond of IT or doesn’t see the importance of it the organization will likely have a smaller bud…[Read more] -
Jaspreet K. Badesha commented on the post, Progress Report for Week Ending, March 1, on the site 8 years, 1 month ago
Question # 3) What is the purpose of all auditors having some understanding of technology?
All business functions and processes use technology in way or another to perform tasks. When an auditor goes into a company to perform an audit they are required to analyze business functions. Therefore, to access these systems they require basic…[Read more] -
Jaspreet K. Badesha commented on the post, Progress Report for Week Ending, March 1, on the site 8 years, 1 month ago
Questions #1 ) What are some current system-related risks that you have experienced in your organization?
Current system related risks I have experienced in my organization are in certain roles you are given access to so much important data and there are no controls in place to moving that data onto an external device or requiring to encrypt that…[Read more] -
Jaspreet K. Badesha posted a new activity comment 8 years, 1 month ago
Question #4 ) What issues did you identify from this video?
The You-Tube video we watched identified several issues within the company. The overall issue in this video was the lack of knowledge for the importance of security within an organization. One specific issue was a lack of physical security, the employees shared passwords or stored them…[Read more] -
Jaspreet K. Badesha posted a new activity comment 8 years, 1 month ago
I agree, compliance driven controls are more controls to keep information safe and profitability driven controls are put in place so the company has the ability to make as much profit as possible by following certain rules. For example, a hospital has to protect its patient information and educate their staff on certain policies such as HIPPA.…[Read more]
-
Jaspreet K. Badesha posted a new activity comment 8 years, 1 month ago
I agree, these laws are a sufficient reaction to the high profile control failures. These laws help place internal controls into companies to help protect their investors and to make the market a safer place. This makes senior management accountable for what goes on in their company. Without these laws it would make it unsafe for not only…[Read more]
-
Jaspreet K. Badesha posted a new activity comment 8 years, 1 month ago
I think it can go up to the C suite or the Board. I believe if the boards attitude influences the C Suite and then downwards. Therefore, i believe it starts all the way at the top.
-
Jaspreet K. Badesha posted a new activity comment 8 years, 1 month ago
1)
I am apart of the IT development process, an internal process, in which I help develop a set of requirements for new applications and other items and then carry it through the development process with other members such as a developer and QA. This process flows through many functions of the business.2. The idea comes through sales or…[Read more]
-
Jaspreet K. Badesha posted a new activity comment 8 years, 1 month ago
I agree, a control environment is the tone of a company. This includes the firm’s attitude, susceptibility to change or problems, its leadership, etc.