|1.||Discuss why the control matrix is custom-tailored for each process.|
|2.||Explain why input controls are so important for controlling an online system.|
Review the controls included in the Visa Top Ten and Best Practice Lists in Technology Excerpt 9.1 on page 294. Classify each item in the two lists according to the following
a. Preventive, detective, or corrective controls.
b. Control environment, pervasive controls, or process controls.
“The mere fact that event data appear on a prenumbered document is no proof of the validity of the event. Someone intent on defrauding a system, by introducing a fictitious event,
probably would be clever enough to get access to the prenumbered documents or would replicate those documents so as to make the event appear genuine.”
a. Assume for a moment that the comment is true. Present (and explain) a “statement of relationship” between the intended control plan of using prenumbered documents and the information process control goal of event “validity.”
b. Do you agree with this comment? Why or why not?
|5.||Describe a situation in your daily activities, working or not, where you have experienced or employed controls described in this chapter.|
When we record our exams into the spreadsheet used for our gradebook, we employ the following procedures:
a. For each exam, manually add up the grade for each exam and record on the front page.
b. Manually calculate the average grade for all of the exams.
c. Input the score for each part of each exam into the spreadsheet.
d. Compare the exam total on the front page of the exam to the total prepared by the computer.
e. After all the exams have been entered, compare the average grade calculated by the computer with that calculated manually. Describe how this process employs controls introduced in this chapter.
|7.||“My top management is demanding Web access to reports that would contain very sensitive data. They want to be able to call them up while they travel to get up-to-the-minute information about the company. Our auditors advise us not to make this data available over the Web because of security concerns. But if top management doesn’t get what they want, I may lose my job! What can I do?” What would you advise this manager to do?|