Fill This Form To Receive Instant Help

Help in Homework
trustpilot ratings
google ratings


Homework answers / question archive / Florida Atlantic University ACG 6625 ACG 6625 Solutions to Chapter 2 Homework 1)How is pre-SOX IT governance different from post-SOX IT governance?       2

Florida Atlantic University ACG 6625 ACG 6625 Solutions to Chapter 2 Homework 1)How is pre-SOX IT governance different from post-SOX IT governance?       2

Accounting

Florida Atlantic University

ACG 6625

ACG 6625 Solutions to Chapter 2 Homework

1)How is pre-SOX IT governance different from post-SOX IT governance?

 

 

 

2. A bank in California has thirteen branches spread throughout northern California, each with its own minicomputer where its data are stored. Another bank has 10 branches spread throughout California, with its data stored on a mainframe in San Francisco. Which system do you think is more vulnerable to unauthorized access? Excessive losses from disaster?

 

 

3. Who should determine and prioritize the critical applications? How is this done? How frequently is it done?

 

4. Why is it easier for programmers to perpetrate a fraud than operators?

 

 

P2.                  Internal Control

 

During its preliminary review of the financial statements of Barton, Inc., Simon and Associates, CPA discovered a lack of proper segregation of duties between the programming and operating functions in Barton’s data center. They discovered that some new systems development programmers also filled in as operators on occasion. Simon and Associates extended the internal control review and test of controls and concluded in its final report that sufficient compensating general controls provided reasonable assurance that the internal control objectives were being met.

 

Required:

 

What compensating controls are most likely in place?

 

 

 

 

P3.                          Physical Security

 

Big Apple Financials, Inc., is a financial services firm located in New York City. The company keeps client investment and account information on a server at its Brooklyn data center. This information includes the total value of the portfolio, type of investments made, the income structure of each client, and associated tax liabilities. The company has recently upgraded its Web site to allow clients to access their investment information.

The company’s data center is in the basement of a rented building. Company management believes that the location is secure enough to protect their data from

 

physical threats. The servers are housed in a room that has smoke detectors and associated sprinklers. It is enclosed, with no windows, and has temperature-controlled air conditioning. The company’s auditors, however, have expressed concern that some of the measures at the current location are inadequate and that newer alternatives should be explored. Management has expressed counter concerns about the high cost of purchasing new equipment and relocating its data center.

 

 

Required:

 

  1. Why are Big Apple’s auditors stressing the need to have a better physical environment for the server?
  2. Describe six control features that contribute to the physical security of the computer center.
  3. Big Apple management is concerned about the cost of relocating the data center. Discuss some options open to them that could reduce their operating costs and provide the security the auditor’s seek.

 

 

P4.                          Disaster Recovery Plans

 

The headquarters of Hill Crest Corporation, a private company with $15.5 million in annual sales, is located in California. Hill Crest provides for its 150 clients an online legal software service that includes data storage and administrative activities for law offices. The company has grown rapidly since its inception 3 years ago, and its data processing department has expanded to accommodate this growth. Because Hill Crest’s president and sales personnel

 

spend a great deal of time out of the office soliciting new clients, the planning of the IT facilities has been left to the data processing professionals.

Hill Crest recently moved its headquarters into a remodeled warehouse on the outskirts of the city. While remodeling the warehouse, the architects retained much of the original structure, including the wooden-shingled exterior and exposed wooden beams throughout the interior. The minicomputer distributive processing hardware is situated in a large open area with high ceilings and skylights. The openness makes the data processing area accessible to the rest of the staff and encourages a team approach to problem solving. Before occupying the new facility, city inspectors declared the building safe; that is, it had adequate fire extinguishers, sufficient exits, and so on.

In an effort to provide further protection for its large database of client information, Hill Crest instituted a tape backup procedure that automatically backs up the database every Sunday evening, avoiding interruption in the daily operations and procedures. All tapes are then labeled and carefully stored on shelves reserved for this purpose in the data processing department. The departmental operator’s manual has instructions on how to use these tapes to restore the database, should the need arise. A list of home phone numbers of the individuals in the data processing department is available in case of an emergency. Hill Crest has recently increased its liability insurance for data loss from $50,000 to $100,000.

This past Saturday, the Hill Crest headquarters building was completely ruined by fire, and the company must now inform its clients that all of their information has been destroyed.

 

 

Required:

 

  1. Describe the computer security weaknesses present at Hill Crest Corporation that made it possible for a disastrous data loss.
  2. List the components that should have been included in the disaster recovery plan at Hill Crest Corporation to ensure computer recovery within 72 hours.
  3. What factors, other than those included in the plan itself?

 

 

 

 

P10.                                                                  Distributed Processing System

 

The internal audit department of a manufacturing company conducted a routine examination of the company’s distributed computer facilities. The auditor’s report was critical of the lack of coordination in the purchase of PC systems and software that individual departments use. Several different hardware platforms, operating systems, spreadsheet packages, database systems, and networking applications were in use.

In response to the internal audit report, and without consulting with department users regarding their current and future system needs, Marten, the Vice President of Information Services, issued a memorandum to all employees stating the following new policies:

  1. The Micromanager Spreadsheet package has been selected to be the standard for the company, and all employees must switch to it within the month.
  2. All future PC purchases must be Megasoft compatible.
  3. All departments must convert to the Megasoft Entree database package.
  4. The office of the Vice President of Information Services must approve all new hardware and software purchases.

 

Several managers of other operating departments have complained about Marten’s memorandum. Apparently, before issuing this memo, Marten had not consulted with any of the users regarding their current and future software needs.

Required

 

  1. When setting systems standards in a distributed processing environment, discuss the pertinent factors about:
  1. Computer hardware and software considerations.
  2. Controls considerations.
  1. Discuss the benefits of having standardized hardware and software across distributed departments in the firm.
  2. Discuss the concerns that the memorandum is likely to create for distributed users in the company.

 

 

 

P12.                       Service Provider Audit

 

The Harvey Manufacturing Company is undergoing its annual financial statement audit. Last year the company purchased a SaaS application from Excel Systems (a cloud service provider) to run mission critical financial transactions. The SaaS application runs on an IaaS server, which Excel Systems outsourced to another service provider.

Required:

 

Explain how the Harvey Manufacturing auditors will assess the relevant internal controls related to these mission critical transactions.

 

Option 1

Low Cost Option
Download this past answer in few clicks

4.83 USD

PURCHASE SOLUTION

Already member?


Option 2

Custom new solution created by our subject matter experts

GET A QUOTE