-
Jianhui Chen commented on the post, Weekly Question #8: Complete by November 2, 2017, on the site 8 years ago
I think Best buy has a great OTC process, according to my recent purchase of a laptop. When I chose the laptop model, I asked the sale representative whether the laptop is available today. And the sale checked their inventory system and told me there is no inventory in this location, so I order one and the laptop will ship to my address in two…[Read more]
-
Jianhui Chen created the site Jianhui Chen 8 years, 1 month ago
-
Jianhui Chen wrote a new post on the site Jianhui Chen 8 years, 1 month ago
Jianhui Chen
Master in Information System, Fox School of Business, Temple University
E-mail: Jianhui.Chen@temple.edu
Thank you for looking at my E-Portofolio! My name is Jianhui Chen, I g […]
-
Jianhui Chen created the site Jianhui Chen 8 years, 1 month ago
-
Jianhui Chen changed their profile picture 8 years, 1 month ago
-
Jianhui Chen's profile was updated 8 years, 1 month ago
-
Jianhui Chen commented on the post, Week 3 Questions, on the site 8 years, 1 month ago
Q1. Assertion is important to auditors, because a letter containing the management assertions from the senior management of a client is necessary for an auditor to proceed with audit activities.
http://www.accountingtools.com/questions-and-answers/what-are-management-assertions-in-auditing.html
-
Jianhui Chen posted a new activity comment 8 years, 1 month ago
Q2.
Dimensions of management assertions: occurrence, existence, timing, completeness, accuracy, valuation, rights, summarization, and classification. I think “accuracy” is the most important, if the information and data are not accurate, other dimensions such as valuation, summarization would not be accurate as well. -
Jianhui Chen posted a new activity comment 8 years, 1 month ago
What is an information risk profile?
An information risk profile records different categories of risks depends on its types, amounts, and priority, and the organization will classify the acceptable and the unacceptable.
How it used?
The information risk profile provides important insights and guidelines associated with information risk…[Read more]
-
Jianhui Chen posted a new activity comment 8 years, 1 month ago
Why do we need control framework to guide IT auditing?
A control framework is a data structure that organizes and categorizes an organization’s internal controls. A good-established control framework can help the organization create business value and minimize risk. COSO framework, the most commonly used control framework in the world,…[Read more]
-
Jianhui Chen posted a new activity comment 8 years, 1 month ago
COBIT is stand for Control Objective over information and related technology. Its main function is to help the organization to map their IT process to ISACA best practices standard.
ITIL is regarded as information technology library. It is a set of framework for managing IT service level. ITIL is much more easier to implement, as implementation…[Read more] -
Jianhui Chen posted a new activity comment 8 years, 1 month ago
1 St phase: Audit objective:
identify the purpose.2nd phase: Audit Scope:
Identify which specific part of the organization needs to be audited3rd phase: Preaudit planning
identify the what technical skills and resources needed.
identify the sources of information for audit.
Identify the locations or facilities for audit.
develop a…[Read more] -
Jianhui Chen posted a new activity comment 8 years, 1 month ago
“Companies more concerned with private data than with hackers”
As information security has became a priority, business concerned more on the loss of private data(47%) than the disruption of hackers(26%). The employee misuse the new technology(7%) has become a new and growing threat.
Nowadays employer focus more on the employee’s data…[Read more]
-
Jianhui Chen posted a new activity comment 8 years, 1 month ago
What are the 3 types of risk mitigating controls? Which is the most important? Why is the most important?
1. Preventive controls: it prevent the problem from occurring. For example, the gas station will launch a policy that not allowed anyone smoke.
2. Detective controls: I think the camera security is a good example, but most the time, it…[Read more] -
Jianhui Chen posted a new activity comment 8 years, 1 month ago
Q1: The experience I share is about my intern at a textile and laces manufacturer company in China this summer. The company’s business is to sell the textile product such as laces and lace trims to laces product trading company, and finished clothes manufacturers.
Business Process:
1. The existing or potential customers will request the i…[Read more] -
Jianhui Chen posted a new activity comment 8 years, 1 month ago
Q3
The top management of the company establishes of kind of policies, rules affects the way to solution problem, and respond to crisis etc. A good internal control environment and system can enhance the development of the company. but in some state owned company in China, they didn’t have good control environment, bureaucratism plays important…[Read more] -
Jianhui Chen posted a new activity comment 8 years, 1 month ago
Q4:
Example of profitability-driven: the textiles manufacturers, they would try to increase the profit margin by keeping the revenue and reducing the cost, and they still follow the regulations.
the difference is that complacence-driven control with set of standards and policies needed to be considered.
but -
Jianhui Chen posted a new activity comment 8 years, 1 month ago
Q 2:
Sox act is in sufficient action. As to prevent such event like Enron bankruptcy, and regain the investors’ confidence on the information the public companies provided, US congress passed the Act. it protect the investors from high possibility of fraud risks, cause of the act require public companies’s financial disclosures and keep them…[Read more] -
Jianhui Chen posted a new activity comment 8 years, 1 month ago
I believe that information security is both a technical problem and a business problem.
Information security is kind of IT issues. In term of risks, all the enterprise risk is related to IT. There is about 6 kind of enterprise risk, and they all have an IT component to IT. Like operational risks (the financial industry in the Basel II…[Read more]