978-1133934400 Chapter 16 Solution Manual Part 2

1. Multiple Choice

1. E

2. C

3. A

PROBLEMS

1. NETWORK CONTROL

The controls needed to mitigate the risks of unauthorized remote access to the

system include the following:

Chapter 1 Page 2

2. SYSTEM RISKS AND CONTROLS

a) The open environment system at ACME exposes the company to the

following Risks:

b) Controls needed to reduce the above risks include:

Chapter 1 Page 3

3. INTERNAL CONTROL AND FRAUD

Required:

The controls that could have prevented Mary from perpetrating this fraud

include the following:

b) Implementation of a onetime password system would prevent sniffer

Chapter 1 Page 4

c) Hoffman should perform background checks on all employees in financially

sensitive positions. This would have revealed Mary’s master’s degree in

4. INTERNAL CONTROL AND FRAUD

a. The control over output documents (i.e. the MRP, inventory ordering

system, billing, sales order, accounts payable, and the operating manuals)

was very weak. These documents should not be discarded in a manner in

which they can be retrieved and read by anyone. Inadequate operating

b. All documentation manuals should be shredded or placed into an incinerator.

An operating system should have controls to protect it against breaches such

Chapter 1 Page 5

5. INPUT CONTROLS AND NETWORKING

Problem Identification and Explanation Control Procedure and Explanation

Establish access privileges based on

Chapter 1 Page 6

hardware failure.

6. PREVENTIVE CONTROLS

a. The intruder can then withdraw money from the ATM cardholder accounts.

(This actually happened in California; the intruder was a systems

b. Noise on the line may be causing line errors, which can result in data loss.

c. If data is being lost, echo checks and parity checks should also help;

Chapter 1 Page 7

d. If messages are being delayed, an important customer order or other

e. Messages altered by intruders can have a very negative impact on

customer-supplier relations if

orders are being altered. In this case, data encryption is necessary to

7. Operating System Risks and Controls

A. Assigning access privileges (according to functional affiliation) allows

individuals to access data beyond their need to know. An individual may be in

a position to perpetrate a fraud or cover up serious errors.

B. Employees with access to critical systems, data, or key processes should also

have their access privileges revoked immediately upon termination.

Chapter 1 Page 8

C. Personal laptop computers are a common source of corporate network

viruses

D. Upon announcement of leaving Murray’s access privileges should have

8. DATABASE AUTHORIZATION TABLE

a. see table below

DEPARTMENT Personnel Personnel Payroll Payroll

Chapter 1 Page 9

USER Bogey Bacall Bogey Bacall

PASSWORD casa blanca casa blanca

Authority:

b. If the right prevention device is not in effect, then Bacall may insert fictitious

employees and write checks to employees which do not exist and keep