Said Ouedraogo

Loi,

This is an interesting question that we can’t respond. He has his reasons that justify his actions. But if we encourage that kind of behavior we might end up in a chaotic world.

Cybersecurity Expert Saket Modi Will Make You Afraid To Own A Smartphone

Saket Modi, cofounder of Lucideus Tech, asked an audience at the 2016 FORBES Under 30 Summit in Boston. “How many of you think you are smart enough to use your smartphone?” He asked for a volunteer to briefly hand over a smartphone and quickly got one, which is pro…[Read more]

Suppose an organization is only able to filter and selectively block either: a) network traffic coming into its intranet from the internet (incoming) or b) network traffic going out to the internet (outbound). With respect to each of the 3 information system security objectives (i.e. confidentiality, integrity, and availability), if you could…[Read more]

Alex,

I couldn’t agree more that security goes with complexity. How do we balance user convenience and security? In Sean case, I think those controls are necessary because of the nature of his job. The military handles sensitive information and Top Secret project, it makes then sense for them to implement complex security systems.

Yu Ming,

In fact, changes can be made after the period had been closed. Generally, only the business manager has this privilege. When this person made change to a closed period, he/she has to provide backup documentation detailing why he/she has made changes.

Binu,

I strongly agree with you. It’s all about who has access to what and when. Where I work, I am in charge of doing monthly reconciliations. I reconcile what we have in the system (IBM Cognos), deposit logs, and receipt book. The process is simple. The front desk receives the check from the customer, issues a receipt to the customer and…[Read more]

Sean,

You are absolutely right about that. However, I think businesses should also focus on their security protocols in programs like SAP because the biggest threat of a company is its employees. In fact, employees can take advantages of the system if the company has not the right security protocols. When you think about it, majority of…[Read more]

Exactly Sean! Plus, the auditors can go back to closed period to review postings. In that way, they don’t have to wait until the end of the year. Where I work, I have to combine all accounts in a single doc after each closing. It allows auditors to review the accounts and see if there are any discrepancies.

1. What is the relevance of only being able to have one posting period open at a time for real time postings? What does this prevent from happening?

I think the main reason is to avoid fraud/error and facilitate accounts reconciliation at the end of the month or year. Each organization follows a specific fiscal year variant. For example,…[Read more]

What controls can be implemented to mitigate the risks associated with outsourcing?

First of all, the company should research all vendors and choose the one that fit the best to the company. Then, the company should require the vendor to meet security standards and monitor the vendor with effective auditing. It can also review and approve…[Read more]

What are the benefits and risks of out-sourcing?

Benefits:

Expertise
Risk-sharing
Reduce costs
Focus on core competencies

Risks:

Confidentiality
Integrity
Availability

“Three Steps for Disaster Planning Toward a Smooth Recovery”

According to the Federal Emergency Management Agency (FEMA), 40% of companies that experience a disaster never re-open. The primary goal in disaster recovery is to limit business disruption and restore critical services as soon after a disaster as possible.
When creating or…[Read more]

Paul,

This is another level of criminality. I watched a movie were some was killed with a remote medical device, I thought that it was just fiction. But this article is showing that it something that can really happen, And it also shows that hackers are not only about money and information, now they want to hurt people physically. If J&J don’t…[Read more]

Annemarie,

You are absolutely right, culture can be seen as a risk when doing business internationally. I would like to add to your holiday example something similar. Some countries have different business days than the US; their business days go from Sunday to Thursday. In this specific case, it is important to implement controls in the…[Read more]

Brou,

I think it is better to hire IT people with a basic understanding of accounting and finance because training is costly and time consuming. Businesses want to be productive. Why would they waste time and money in training if they can hire someone with the qualifications they are looking for?

Are the terms Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) synonyms or are they different? If they are different, what are the differences?

A disaster recovery plan (DRP) is a documented process or set of procedures to recover and protect a business IT infrastructure in the event of a disaster. In other words, it provides…[Read more]

Magaly,

You’re absolutely right. As they are the one generating all the controls, they need to understand how the ERP system work. It is just common sense. You can’t protect a system if you don’t know how it works.

In fact, it depends on the IT position. For an IT Auditor, I would say that it’s mandatory to have a financial background. One role of the IT Auditor is to find how people can use IT to commit financial frauds. How would he/she able to do that if he/she has no financial background?

Sean,

You are right, but I think the IT personnel should have a deep understanding of the business function they are assisting. Understanding, the business function will allow them to present more specific solutions.

Brou,

I think the IT personnel should be familiar with every main business function. As you said, the “IT department [use data] to design and implement solutions that can enable the business to operate effectively and efficiently”. How would the IT personnel be able to design and implement solutions if he/she is not familiar with the business…[Read more]