Uncategorized

Prepare a one-page, two-column audit program table listing all risks you can think of that are significant to any organization when implementing the SDLC phases. Next to the risks, list relevant IT controls and procedures that should be in place to mitigate the risks listed. Make sure you document at least one IT control for […]

The chapter highlights nine key responsibilities for auditors when involved in a SD&I project. By becoming involved at strategic points during such process, auditors can ensure that the system being developed and implemented is well controlled and auditable. List and explain in your own words the significance of each of these nine responsibilities.

Explain why unauthorized remote access represents a risk to applications. Explain how incomplete, duplicate, and untimely processing can negatively impact applications. List seven common risks associated with EUD application systems. How can EUD applications become incompatible systems?

In today’s environment, the threat of computer viruses is high because of the unlimited number of sources from which they can be introduced. Computer viruses can be copied from a disk, downloaded from an infected Web page, spread among computers connected within a network, etc. Describe the risks or problems that may result from computer

Explain what EDI means. Describe potential implications resulting from risks related to application systems exchanging electronic business information. List and explain five secure coding principles and practices according to OWASP for Web applications. Application controls can be described as techniques used to control the input, processing, and output of information in an application. What do

Application controls can be described as techniques used to control the input, processing, and output of information in an application. What do processing controls refer to? Briefly describe what processing controls ensure. Application controls can be described as techniques used to control the input, processing, and output of information in an application. What do output

Following your recommendation, your organization just created a Change Control Management Board or Committee (Board) to oversee the recently-implemented change control management process. As the Chair of the Board, prepare (using a memorandum format) a document to discuss and present to all members during the first Board meeting. The document should include: (1) description of

Discuss why revising documentation is an important part of change management. Explain the purpose of a change request form. Why should change request procedures be documented? Using an Internet Web browser, search and examine two recent (within the last 5years) situations where the implementation of changes and/or modifications to existing financial application systems have failed.

Policies and procedures related to IS operations are considered essential for every IT environment, why? Data processing controls help ensure that data is validly processed, and that any exceptions noted while processing will be detected and corrected. What are some of the key questions managers ask in order to address unusual events, failures, or errors

The Company you work for is in the process of determining whether to have an information security audit (ISA) performed. Even though the Company is not (yet) required to have an ISA for compliance purposes with laws, rules, and/or regulations, they are very aware of the benefits such audit can provide. However, they also know