Magaly Perez

4. Which portion / step of the Procure to Pay process do they see as the most vulnerable to theft, fraud or failure of some kind? Explain

I believe the beginning of the procurement process is the most vulnerable to theft or fraud. From the reading and class discussion, we can see that theft and fraud can happen in multiple ways and that many…[Read more]

Unfortunately, the same thing happened to me as well!
My credit card was somehow obtained by someone in California and they were able to make purchases via internet. Thankfully, Chase was able to freeze my account, as well as refund me the full amount and send me a new credit card that week,

I agree, with you Alex. The more frequent online…[Read more]

2. In class we discussed several dimensions of Management Assertions. Which do you believe is the most important? Why?

I believe accuracy is the most important aspect of an audit review. The main purpose of the work performed by the auditor is obtaining reasonable assurance that the financial statements are correct.
For example, an auditor…[Read more]

The concept of ‘Assertions’ is important to accountants. Who else is it important to? Why?

Management’s assertions are extremely important to accountants, as well as auditors. They assist auditors by allowing them to observe a wide range of issues that are relevant to the validity of financial statements. The auditors test the validity of th…[Read more]

What are key characters of relational database management systems?
The Relational database management system are created for fast storage and recovery of large quantities of data.
Provides data to be stored in tables:
– Keeps data in the form of rows and columns
– Provides multi-user availability that can be controlled by an individual…[Read more]

Yes, Risk and Control assessment are two huge factors of an IT audit. They underline the entire audit process. The selection of controls to test, and the determination of the evidence necessary for a given control. By identifying and testing the internal controls, and selecting controls to test, the auditor is able to evaluate the company’s…[Read more]

Thanks for your input Fred and Alex! I 100% agree with both of you, without the risk assessment aspect of IT Audit process, the whole audit would not have a foundation. The risk are the key concerns for the auditor, as you mentioned Alex, if they can’t identity the risk, then they cannot do their job!

Said, I agree with your comment. They are indeed both complementary, but the use of COBIT first would most definitely make more sense especially since, COBIT does generalize and describes the compliance requirements and auditing, where as ITIL allows the IT management to strengthen its controls to combat any issues they face.

Professor, I never thought to consider what type of IT management positions would prefer ITIL over COBIT and vice versa.

That completely makes sense though. COBIT does generalize and describe the audit and compliance requirement for IT and ITIL supports the operations for IT management.

Paul,

I really enjoyed the way you answered the question regarding which control is the most important. I didn’t think about it in a hypothetical situational based manner.

Great point.

The altering of data inadequately changes the data which contradicts the whole principle of Integrity. Additionally, the constraints on the public’s access to data, undermines the principle of Availability as well.

Great explanation and example Deepali!

Choosing the suitable security controls for an organization’s information systems can have tremendous repercussions on the operations and assets of an organization as well as the wellbeing of persons and the Nation as a whole.

This article explains the growing threat of ransomware, as well as the “5 Things Partners Need to Know about Ransomware. The 5 things being: How Big Is The Problem?, Who Are The Targets?, How To Know If You’ve Been Hit, What To Do In The Event Of A Hit and Partners Can Prepare Their Clients.

Lately, many companies have fallen victim to this e…[Read more]

What are the 3 types of risk mitigating controls? Which is the most important? Why is it the most important?

The three types of risk mitigating controls are:

Preventative: Controls that prevent the loss or harm from occurring.

Detective: Controls that monitor activity to identify occurrences where practices or procedures were not…[Read more]

Why do we need control framework to guide IT auditing?

Control framework helps provide guidance to IT auditors.
The 5 components used to assess the effectiveness of procedures and policies are as follows:

-Control Environment: By establishing a control environment, it ensures the IT auditors dominance, by allowing them to set the tone of…[Read more]

Comparing ITIL and COBIT: list some key similarities and difference based on your understanding

ITIL 5 stages in service:
1. Service Strategy
2. Service Design
3. Service Transition
4. Service Operation
5. Continual Service Improvement

COBIT is based on five principles:
1. Meeting Stakeholder Needs
2. Covering the Enterprise…[Read more]

^preliminary statements*

Explain the key IT audit phases: What are the key activities within each phase?

Planning: The Auditor should understand the environment and infrastructure of the organization or company. By doing so they are able to assess what kind of documentation they need.

Fieldwork and Documentation: The auditor makes an effort to understand what kinds…[Read more]