Victoria A. Johnson

Daniel, you make some excellent points. Not having proper knowledge of access points was very concerning for me.

Great summary Paul. It is crucial to protect your operating systems. Without an operating system, interacting with peripherals or secondary, non-essential input and output devices on a computer would be much more complicated.

Why is so important to protect operating systems?

It is important to protect operating systems because the operating system is the first level of software which allows your computer to perform useful work. The operating system organizes hardware and software of the computer in order to ensure integrity, confidentially and availability.…[Read more]

Very detailed summary Daniel. DBMS is considered the more efficient option because reading line by line is not required and specific control mechanisms are already in place.

I agree with your answer, Mansi.

Great post Vu. Framework is also acts as a starting point for auditors to perform audits and develop audit controls.

Thorough explanation of key IT phases Paul.

Why do we need control framework to guide IT auditing?

A control framework is a data structure that organizes and categorizes an organization’s internal controls, which are practices and procedures established to create business value and minimize risk. The purpose of a control framework to guide IT auditing is to help monitor efficiency and e…[Read more]

Great post Paul. I agree with what you said. And to add onto what you said, it’s important for auditors to have knowledge of audit language and questions to effectively convey to their client the importance of why an audit is being conducted and how this audit will assist the organization in mitigating risk.

What is the purpose of all auditors having some understanding of technology?

The purpose of all auditors having some understanding of technology is because without this understanding auditors would not be able to identify any inconsistencies in technology and controls. Identifying inconsistencies will help mitigate any risk to an organization.…[Read more]

How is independence maintained when working for the company as an internal auditor?

Independence can be maintained for internal auditors by allowing auditors to be strategic in their own way while at the same time improving their audit procedures through collaboration without damaging their independence.

To maintain the necessary…[Read more]

What are the key components of SAP change management controls you would expect the auditor to review? Why?

The key components of SAP change management controls to be reviewed by an auditor would the following:

• Change management policies and procedures
• Change management approval
• Development of polic…[Read more]

Nice post Sean! I agree that being involved in change management decisions will definitely make employees feel more involved and a part of something. Change requires employees to do there job differently so open communication and involvement is definitely crucial in helping the transition of change for employees.

Next week we have the privilege of having real world auditors join us for our discussions. What questions would you like to ask the Auditors to answer for us?

1. What is the biggest challenge that the company or audit department has gone through?
2. What is your advice for a graduate student with very little experience in auditing when it…[Read more]

I agree with your point Tiesha and I believe that this task could be passed along to accounting personnel. Master records typically involve material, customer and vendor master records which essentially all deal with the monies and finance transactions that come in and out of the business. Accounting personnel should be responsible for the quality…[Read more]

Which is more of a risk to a company: inaccurate data or excessive repetitive data? Explain

Inaccurate data is more a risk to a company than repetitive data. One risk associated with inaccurate data is inventory entered erroneously thus causing the inventory in stock to be less than the demand for customer needs. Because of this, the company is…[Read more]

What is segregation of duties and why is it a commonly used control? Give an example of two (e.g. IT) roles that should be segregated?

Segregation of duties means that no one person should be responsible for doing everything. It is a commonly used control because it prevent errors or fraud from occurring.

Two roles that should be…[Read more]

Great post Vu. I agree that users need to be protected from whatever device they are using to access the SAP database.

Consider the list of financial and accounting controls. Rank them. Which to you believe is the most important, the least. Why?

Considering the list of financial and accounting controls, I believe one of the most important controls is authorization control.

Authorization controls are important from a financial standpoint because it is a…[Read more]

Jianhui,

Wells Fargo is a great example of of what happens when security protocols are not effectively in place. This lack of security was carried out for for too long even though high level management “believed” they had a handled on the situation. When situations like these are left unchecked and not handled promptly, it only creates more of…[Read more]