-
Paul Linkchorst commented on the post, Week 3 Questions, on the site 8 years ago
Hi Sean,
That is a really unfortunate experience. From a standpoint of controlling risks, in hindsight do you think there was anything that you could have done to mitigate the risk of almost losing a truck? Other than insurance and doing research on the company, there isn’t much I can think of that could prevent that fraud from occurring s…[Read more]
-
Paul Linkchorst commented on the post, Weekly Question #7: Complete by March 27, 2017, on the site 8 years ago
Hi Fred,
I would agree that the primary purpose of management’s assertions is targeted toward to stockholders and other stakeholders of the company. While it is important for management itself to have accurate financial statements to make decisions off of, it is even more important for investors and other stakeholders like creditors. If I w…[Read more]
-
Paul Linkchorst commented on the post, Week 3 Questions, on the site 8 years ago
Hi Annamarie,
You brought up a good point that fraud can be as simple as charging more time then was actually worked. In the case of the interns charging more time, do you think at the time they realized they were committing fraud? Also, what do you think their motives were for committing time theft?
-
Paul Linkchorst commented on the post, Weekly Question #7: Complete by March 27, 2017, on the site 8 years ago
Said,
Exactly. This is why from a financial audit standpoint that the procurement process is considered a high risk area which means it’s a big area of focus. From a IT auditor standpoint, we need to test to make sure the procure to pay applications are set up properly to segregate the duties within this process. Likewise, if this area i…[Read more]
-
Paul Linkchorst posted a new activity comment 8 years ago
Question 3: List risks associated with database management systems (DBMS)
• Unauthorized users to the database
• Malware
• Unmanaged Sensitive Data
• Privilege Abuse
• Misconfiguration of database systemA list of database security threats can be found here:
https://www.imperva.com/docs/gated/WP_TopTen_Database_Threats.pdf -
Paul Linkchorst commented on the post, Week 3 Questions, on the site 8 years ago
Question 2: Key benefits of relational databases vs traditional file system?
One of the major benefits from a relational database vs a traditional file system is the ability to manipulate data and scalability. This is due to the fact that data is formatted into tables which allows the data to be reassembled and accessed without having to modify…[Read more]
-
Paul Linkchorst posted a new activity comment 8 years ago
Question 1: What are key characters of relational database management systems?
Relational database management systems are offer greater benefits than a traditional management system. Instead of a hierarchical database that uses a tree like structure, a relational database utilizes tables to store data. The name relational comes from the fact…[Read more]
-
Paul Linkchorst posted a new activity comment 8 years ago
Question 4. Which portion / step of the Procure to Pay process do they see as the most vulnerable to theft, fraud or failure of some kind? Explain
Based on my knowledge and experiences, I would say that the start of the procurement process is the most vulnerable to theft or fraud. As we learned in the reading assignments, fraud can take form…[Read more]
-
Paul Linkchorst commented on the post, Week 3 Questions, on the site 8 years ago
Question 3. Have you ever:
– Been victim of Fraud?
– Had evidence of, suspicions of fraud occurring?
– Been pressured (e.g. by an employer) to commit an act that was morally or legally questionable?
ExplainI fortunately have not been a victim of fraud and have not had many experiences where I was pressured to commit an act that was moral…[Read more]
-
Paul Linkchorst posted a new activity comment 8 years ago
Question 1. The concept of ‘Assertions’ is important to accountants. Who else is it important to? Why?
Management’s assertions are not only important to accountants, it is also important to auditors and financial statement users. From the auditor standpoint, assertions are important because it is those dimensions of management’s asserti…[Read more]
-
Paul Linkchorst commented on the post, Week 2 Questions, on the site 8 years ago
Professor Yao,
You mentioned that IT auditors are now adopting a risk based approach when developing audit strategies. While this a way to reduce unnecessary testing, in my external IT audit experience, I have seen this be used a fodder for our clients. Clients have questioned seniors and managers as to why certain applications are in scope…[Read more]
-
Paul Linkchorst commented on the post, Week 2 Questions, on the site 8 years ago
Professor Yao,
The control testing would be performed in the “fieldwork” phase. In this section it is not only important to perform the tests of controls, but also document the steps one went about testing.
-
Paul Linkchorst commented on the post, Week 2 Questions, on the site 8 years ago
Hi Jaspreet,
I would agree that the IT team will be the one’s to implement the changes. In my experience, I have worked with IT teams who are control conscience while other IT departments could care less. Regardless of this, these IT teams have the technical knowledge to implements controls into the IT systems and the IT auditors are the…[Read more]
-
Paul Linkchorst commented on the post, Week 2 Questions, on the site 8 years ago
I wasn’t sure at first if my analogy actually reflected the importance of frameworks for the IT Auditors but I would be glad to share it with the class.
-
Paul Linkchorst posted a new activity comment 8 years ago
EU Enacts New Law To Improve Critical Infrastructure Cyber Security
According to the article found on Security Magazine’s website, the European Union has enacted a new law named the EU Network and Information Security (NIS) directive. This law is one of the first of its kind for the EU and aims to improve cyber security around critical i…[Read more]
-
Paul Linkchorst posted a new activity comment 8 years ago
Q4: Why do we need control framework to guide IT auditing?
I believe one of the major reasons why IT auditors need control frameworks is to establish some sort of baseline to audit from. One can take COSO for example. As others have mentioned, COSO is comprised of 5 sections which include the control environment, risk assessment, control…[Read more]
-
Paul Linkchorst posted a new activity comment 8 years ago
Q3: Comparing ITIL and COBIT: list some key similarities and difference based on your understanding
ITIL and COBIT are two frameworks that are used to manage IT and IT governance. ITIL was developed by the U.K. government and defines the best practices of how to plan, design, and implement effective service management capabilities. If one…[Read more]
-
Paul Linkchorst posted a new activity comment 8 years ago
Q1: Explain the key IT audit phases
1. Planning
2. Fieldwork and Documentation
3. Issue Discovery and Validation
4. Solution Development
5. Report drafting and issuance
6. Issue TrackingQ2: What are the key activities within each phase?
• Planning: Involves determining the objectives and scope of the audit. Key activities included i…[Read more] -
Paul Linkchorst commented on the post, Week 2: Questions, on the site 8 years ago
Sure thing Daniel. I think it really depends on the type of audit that is being performed. From your standard Internal Audit, which is to say that Internal Audit is performing a non-compliance audit for their own understanding of a process, that would usually take like 2-3 months depending on the size of the department and complexity of the…[Read more]
-
Paul Linkchorst posted a new activity comment 8 years ago
What are the 3 types of risk mitigating controls? Which is the most important? Why is it the most important?
The three types of risk mitigating controls are preventative controls, detective controls, and corrective controls. Preventative controls are, as the name implies, controls to prevent any problems or errors from occurring. Examples of…[Read more]
- Load More