Unlock document.
This document is partially blurred.
Unlock all pages and 1 million more documents.
Get Access
1. Multiple Choice
1. E
2. C
3. A
PROBLEMS
1. NETWORK CONTROL
The controls needed to mitigate the risks of unauthorized remote access to the
system include the following:
Chapter 1 Page 2
2. SYSTEM RISKS AND CONTROLS
a) The open environment system at ACME exposes the company to the
following Risks:
b) Controls needed to reduce the above risks include:
Chapter 1 Page 3
3. INTERNAL CONTROL AND FRAUD
Required:
The controls that could have prevented Mary from perpetrating this fraud
include the following:
b) Implementation of a onetime password system would prevent sniffer
Chapter 1 Page 4
c) Hoffman should perform background checks on all employees in financially
sensitive positions. This would have revealed Mary’s master’s degree in
4. INTERNAL CONTROL AND FRAUD
a. The control over output documents (i.e. the MRP, inventory ordering
system, billing, sales order, accounts payable, and the operating manuals)
was very weak. These documents should not be discarded in a manner in
which they can be retrieved and read by anyone. Inadequate operating
b. All documentation manuals should be shredded or placed into an incinerator.
An operating system should have controls to protect it against breaches such
Chapter 1 Page 5
5. INPUT CONTROLS AND NETWORKING
Problem Identification and Explanation Control Procedure and Explanation
Establish access privileges based on
Chapter 1 Page 6
hardware failure.
6. PREVENTIVE CONTROLS
a. The intruder can then withdraw money from the ATM cardholder accounts.
(This actually happened in California; the intruder was a systems
b. Noise on the line may be causing line errors, which can result in data loss.
c. If data is being lost, echo checks and parity checks should also help;
Chapter 1 Page 7
d. If messages are being delayed, an important customer order or other
e. Messages altered by intruders can have a very negative impact on
customer-supplier relations if
orders are being altered. In this case, data encryption is necessary to
7. Operating System Risks and Controls
A. Assigning access privileges (according to functional affiliation) allows
individuals to access data beyond their need to know. An individual may be in
a position to perpetrate a fraud or cover up serious errors.
B. Employees with access to critical systems, data, or key processes should also
have their access privileges revoked immediately upon termination.
Chapter 1 Page 8
C. Personal laptop computers are a common source of corporate network
viruses
D. Upon announcement of leaving Murray’s access privileges should have
8. DATABASE AUTHORIZATION TABLE
a. see table below
DEPARTMENT Personnel Personnel Payroll Payroll
Chapter 1 Page 9
USER Bogey Bacall Bogey Bacall
PASSWORD casa blanca casa blanca
Authority:
b. If the right prevention device is not in effect, then Bacall may insert fictitious
employees and write checks to employees which do not exist and keep
