Uncategorized

Differentiate between the two roles IT auditors can take on in a SD&I project. What methodology or technique is used to bring users and project team members together to create a detail design? Throughout the system development and implementation project, the IT auditor will make control recommendations to management resulting from identified findings. Explain why […]

As the internal IT auditor, you recommend that planning for the new system development should be consistent with the SDLC framework. IT personnel have identified the following as major activities to be completed within the upcoming system development. – Ensure Help desk is in place to provide support – Integration of security access controls within

Summarize the common phases in the traditional system development life cycle (SDLC) approach. Differentiate between the various system test events. Describe what aspects of the system are covered during each event A company is developing a new system. List advantages and disadvantages for each of the System Development approaches discussed in the chapter.

Prepare a one-page, two-column audit program table listing all risks you can think of that are significant to any organization when implementing the SDLC phases. Next to the risks, list relevant IT controls and procedures that should be in place to mitigate the risks listed. Make sure you document at least one IT control for

The chapter highlights nine key responsibilities for auditors when involved in a SD&I project. By becoming involved at strategic points during such process, auditors can ensure that the system being developed and implemented is well controlled and auditable. List and explain in your own words the significance of each of these nine responsibilities.

Explain why unauthorized remote access represents a risk to applications. Explain how incomplete, duplicate, and untimely processing can negatively impact applications. List seven common risks associated with EUD application systems. How can EUD applications become incompatible systems?

In today’s environment, the threat of computer viruses is high because of the unlimited number of sources from which they can be introduced. Computer viruses can be copied from a disk, downloaded from an infected Web page, spread among computers connected within a network, etc. Describe the risks or problems that may result from computer

Explain what EDI means. Describe potential implications resulting from risks related to application systems exchanging electronic business information. List and explain five secure coding principles and practices according to OWASP for Web applications. Application controls can be described as techniques used to control the input, processing, and output of information in an application. What do

Application controls can be described as techniques used to control the input, processing, and output of information in an application. What do processing controls refer to? Briefly describe what processing controls ensure. Application controls can be described as techniques used to control the input, processing, and output of information in an application. What do output

Following your recommendation, your organization just created a Change Control Management Board or Committee (Board) to oversee the recently-implemented change control management process. As the Chair of the Board, prepare (using a memorandum format) a document to discuss and present to all members during the first Board meeting. The document should include: (1) description of