-
Paul Linkchorst posted a new activity comment 7 years, 10 months ago
Paul,
You bring up a really good point that all information security is a business problem but not always a technical problem. You provided the example of a non-technical problem that can affect information security being how a natural disaster can affect a data center. Another example could be that a disgruntled worker who remains working…[Read more]
-
Paul Linkchorst posted a new activity comment 7 years, 10 months ago
Laly,
Exactly. While physical copies of information might not be as easily accessible, they are still controlled as well with physical security. For large organizations, you have security monitoring who enters and exits the buildings as well as file rooms where the entrance to the room is locked by each department. Not only that, many…[Read more]
-
Paul Linkchorst posted a new activity comment 7 years, 10 months ago
Hi Wenting,
I think you bring up some valid points as to how a data breach can be a problem with all the PII of students on the server. To go with that, restricting access to worker students is a huge issue too. For those say working in admissions, you need to make sure that access to PII is restricted from those student workers. Likewise, if…[Read more]
-
Paul Linkchorst commented on the post, Week 1 Questions, on the site 7 years, 10 months ago
Hi Jaspreet,
You bring up a good point how budget has a big impact on the control environment, especially in regards to IT controls. As Binu has stated, you can always outsource IT services to reduce the costs of setting up a properly controlled IT environment. However, I think now more than ever it is important to make business’s management…[Read more]
-
Paul Linkchorst commented on the post, Weekly Question #7: Complete by March 27, 2017, on the site 7 years, 10 months ago
Hi Deepali,
I would strongly agree that there are many benefits of how auditors can use technology. One of the points that you made was the use of data analysis tools when performing an audit. One of the tools that is more popular is that of ACL which I fortunately have had the experience of using. One quick example of how an auditor can use…[Read more]
-
Paul Linkchorst commented on the post, Weekly Question #7: Complete by March 27, 2017, on the site 7 years, 10 months ago
Binu,
I would agree with Wen Ting. While it might not be a big risk, data integrity is not an issue that organizations want to overlook. That is why in many applications, controls are implemented such as edit checks which can essentially check reasonableness when entering data. For example, a computer system might not allow you to attempt to…[Read more]
-
Paul Linkchorst commented on the post, Week 1 Questions, on the site 7 years, 10 months ago
What issues did you identify from this video?
In the video there are some obvious issues in regards to IT controls. Employees were using easy passwords, leaving passwords out for everyone to see, not physically securing computers and much more. However, it seems the main issues is lack of basic knowledge in information security within that…[Read more]
-
Paul Linkchorst commented on the post, Weekly Question #7: Complete by March 27, 2017, on the site 7 years, 10 months ago
What is the purpose of all auditors having some understanding of technology?
In my opinion, auditors need to have some understanding of technology since more or less, technology is the center of an organization. Decisions are made, financials are kept, and business functions are performed using technology most of the time. Therefore,…[Read more]
-
Paul Linkchorst commented on the post, Weekly Question #7: Complete by March 27, 2017, on the site 7 years, 10 months ago
How does the control environment affect IT?
The control environment has a big impact on the way IT is structured. Since IT is aligned with a businesses’ main functions and management, it makes perfect sense for those controls to being integrated into its information systems. One example of a control is utilizing an approved vendor list w…[Read more]
-
Paul Linkchorst commented on the post, Week 1 Questions, on the site 7 years, 10 months ago
What are some current system-related risks that you have experienced in your organization?
Working as an external IT auditor, one of the system-related risks was that of having confidential client information lost or stolen. As an intern, it was stressed to us that securing client information was to be one of the most important tasks that…[Read more]
-
Paul Linkchorst commented on the post, Weekly Question #7: Complete by March 27, 2017, on the site 7 years, 10 months ago
Just to add my experiences to the conversation. Internal Auditors will generally have a higher knowledge of “How” management might make changes to a control since they usually work for the company and have a great amount of knowledge of the organization and its business. On the flip side, external auditors, whether financial or IT, will more…[Read more]
-
Paul Linkchorst commented on the post, Week 2: Questions, on the site 7 years, 10 months ago
Priya,
In my experiences this seems to be the most frustrating thing about being an auditor. I’ve seen multiple methods to combat this which includes assigning a designated auditee to feed all the documentation requests through to providing an example of last years requested documentation. It frustrates both the auditor and the auditee if…[Read more]
-
Paul Linkchorst commented on the post, Week 2: Questions, on the site 7 years, 10 months ago
Hi Laly,
I have never thought about the impact of competition or economics and its affects on an internal control environment. In the perfect world without competition or strict financial goals, I am sure most organizations will pay heavy attention to controls that particularly affect the reliability of the financial statements and protected…[Read more]
-
Paul Linkchorst posted a new activity comment 7 years, 10 months ago
Hi Abhay,
I have a couple of experiences where management had shown resistance to either new controls or testing certain controls. Since auditors are not the control designers, they are not the ones implementing it or forcing employees to practice new controls. However, since auditors are the ones testing the controls there could be…[Read more]
-
Paul Linkchorst posted a new activity comment 7 years, 10 months ago
Priya,
I have had a very similar experience as you. While I was only an intern for a year performing Internal Audit work, I did participate in some scheduling and audit planning. To take this one step further, I am going to identify how the audit process worked once the opening meeting has been held. It will be interesting to see if my…[Read more]
-
Paul Linkchorst posted a new activity comment 7 years, 10 months ago
Hi Priya,
I have had a very similar experience as you. While I was only an intern for a year performing Internal Audit work, I did participate in some scheduling and audit planning. To take this one step further, I am going to identify how the audit process worked once the opening meeting has been held. It will be interesting to see if my…[Read more]
-
Paul Linkchorst commented on the post, Progress Report for Week Ending, March 15, on the site 7 years, 10 months ago
Hi Sean,
I think the example you have given provides a clear example of what a profitability-driven control is. While it not might 100% relate to your example, I think alot of times companies implement these profitability-driven controls within their information systems. While a gas station might have a control where the price of the gasoline…[Read more]
-
Paul Linkchorst posted a new activity comment 7 years, 10 months ago
Question 2
Is information security a technical problem, a business problem that the entire organization must frame and solve, or both? Explain the nature of the problem in the context(s) you chose.
In my opinion, information security is both a technical and business problem that an organization has to frame and solve. Information security,…[Read more]
-
Paul Linkchorst posted a new activity comment 7 years, 10 months ago
Question 2:
In your own words, how would you define a control environment?Based on my internship experiences as both an Internal and IT Auditor, I would define a control environment as the attitude of those throughout an organization towards how its members “control” or gain confidence that business processes are working properly and rel…[Read more]