1. |
Management is legally responsible for establishing and maintaining an adequate system of control. Discuss the implications of this obligation, and discuss how management discharges its responsibility. |
2. |
“If it weren’t for the potential of computer abuse, the emphasis on controlling computer systems would decline significantly in importance.” Do you agree? Why or why not? |
3. |
Provide five examples of potential conflict between the control goals of ensuring effectiveness of operations and of ensuring efficient employment of resources. |
4. |
“If we thoroughly check the background of every job candidate we want to hire, we’d never get to hire anyone in this tight job market! It just takes too long.” Do you agree? Why or why not? |
5. |
Discuss the efficiency and effectiveness of the mass-transit system in a large city. |
6. |
What, if anything, is wrong with the following control hierarchy? Discuss fully. |
7. |
“In small companies with few employees, it is virtually impossible to implement the segregation of duties control plan.” Do you agree? Why or why not? |
8. |
“No matter how sophisticated a system of internal control is, its success ultimately requires that you place your trust in certain key personnel.” Do you agree? Why or why not? |
9. |
Debate the following point. “Business continuity planning is really an IT issue.” |
10. |
“Contracting for a standby hot site is too cost-prohibitive except in the rarest of circumstances. Therefore, the vast majority of companies should think in terms of providing for a cold site at most.” Do you agree? Why or why not? |
11. |
“We use an ASP [Application Service Provider, see Technology Insight 7.1] to outsource all our systems processing. That’s good enough to ensure segregation of duties because we don’t even know who our systems staff is!” Do you agree? Why or why not? |
12. |
“The ‘monitor operations’ activity in IT process 10 must be performed by an independent function such as a CPA or a security firm.” Do you agree? Why or why not? |
13. |
Your boss was heard to say, “If we implemented every control plan discussed in this chapter, we’d never get any work done around here.” Do you agree? Why or why not? |
- 2271 reads