SECURITY AND ACCESS
System development approach involves the creation of new software solutions or modification of the origin software solutions. Notably, this process is associated with various risks among them is that it may result in a system that is poorly designed, more so, the system may contain undetected flaws that might impact the operations of a company negatively such as material misstatements of financial data. On the other hand, the program is involved in both designing and maintenance of the system thus, he or she is in a position to execute program fraud that might cause loss of finances or have other unprecedented negative impacts. At the same time, the documentation for the system might end up becoming outdated or inadequate, which would hamper the daily operation while simultaneously messing up with system audibility.
System development approach has its strengths, such as coming up with more effective software solutions. However, the approach is associated with various weaknesses. Notably, system development approach
Problem 6
A.
The possible damage when an intruder acquires a person ATM card information such as the identifying code and personal identification number is the risk of utilizing such information to perpetuate theft by forging another card and utilizing it to withdraw other people’s money from the ATM. The preventive control for such a situation would be to advise the card holder to keep the cards safe an avoid giving them out. At the same time, to report the loss of cards immediately.
B
Garbled messages resulting from noise in the transmission line might result in various damages. First, the receiver of the message can misinterpret a garbled message which would result in a loss financial or other unprecedented results. At the same time, garbled messages may cause delays in the normal operation of a company in the case where the information cannot be understood due to unexpected characters on a message. The preventive control for such a situation is for the receiver to ensure that she is extremely careful to notice odd messages and to double check with the sender in case of any doubts.
c.
In the case of loss of data due to occasional noise, the possible damage may be that the noise is as a result of interference caused by intruders in an attempt to manipulate the data by removing it from the system. The possible damage due to loss of data may be theft, deletion of financial records, and other important information that could translate into a loss of finances. However, the preventive control for loss and garbled data would be to have various establish more than one transmission line of sending data so that data sent can be compared to various transmission lines.
In the case where an intruder intentionally delays messages, the damage may translate into high losses in terms of money. More so, the other damage may is that delayed messages could mean that various activities are not completed or done on time or as expected. Also, a delay in messages reduces the efficiency of an organization or entity. However, the preventive control of this should be the use of multiple transmission lines to send the same message as it would be difficult for an intruder to delay messages on all the transmission lines.
e.
In the case where the intruder alters messages before the receiver obtains them, this means that the data is being manipulated. Consequently, the aim of the intruder could cause damage, which could include theft, deletion of data, and manipulation of data for various reasons. Markedly, it’s necessary to establish various transmission mediums to that data is sent via various transmission lines and compared to each other at the end.
Problem 10
Generalized Audit Software (GAS) is a computer-assisted auditing technique tool. More so, there are various versions of GAS and can be developed or purchased. Most importantly, the tool is useful for cross-examination of system files for users to retrieve variable information. GAS is beneficial due to its ability to improve efficiency through automation of an auditing process that was originally done manually. Secondly, Gas reduces the risk of testing an entire population and thus reduces the tendency of auditors on sampling. At the same time, it adds value as it provides largely detailed insights regarding the underlying records. Nonetheless, the process is known to increase the range of testing that is available for the auditors. Gas may be used in various ways, which include performing routine procedural audits for companies. Secondly, it can be used
Audit purpose facilitated means enhancing auditing through the use of various computer analyzing tools that allows one to search for irregularities in a given data. More so, an accountant and an auditor work are facilitated by these tools allowing him or her to come up with more analytical results. Notably, ITF testing is one type of CAATTs, and there are procedural steps that are followed when using it. First, ITF transactions have to be created mainly to test the logic branches within the applications. Secondly, in the normal operations, there is a merger of the test transactions to the input streams of regular transactions which are processed next to the dummy accounts. Finally, data is processed, and the auditor checks to compare the processing results to predetermined result to verify that control and process function are as expected.
There are various steps followed for the Embedded Audit Module (EAM). First, the auditor has specified to the embedded audit module system the materiality threshold and parameters of the transactions that are set for capture. The transaction is greater than or equal to set thresholds have to be copied in the audit files. On the other hand, transaction goes below the set threshold are ignored by the Embedded audit module system. Secondly, the auditor chooses one subset for the substantive test from the set comprising of the selected transactions. Lastly, the transactions that are selected by the embedded audit module are reviewed for authorization, accuracy, and completeness of correct posting in the account and processing.
To use parallel stimulation, there are various steps involved. First, the auditor gains an understanding concerning the application that is under review. After that current and complete documentation of an application is need to build an accurate stimulation. Secondly, the auditor identifies the controls and processes within the application, which are critical for the audit. This makes up the processes that are to be stimulated.
Problem 5
Identify and explain the data security and integrity problems that could occur
The potential integrity and data problems are, for instance, unauthorized access or entry to the company’s database and information systems, financial fraud can occur due to change in reports, virus programs may infect the server. Thus, appropriate procedures aimed at securing the integrity and data are essential to manage and protect the data belong to the company.
Problem explanation and identification
Unauthorized access by intruders to the company’s database and server
Control procure and explanation
The company has to establish a privilege for monitoring access right for the server
The system should be customized to require a username and a password before one is allowed to log on to the server.
Problem explanation and identification
Financial fraud reporting
Control procure and explanation
The company has to ensure that there is a backup data which can be used to verify the credibility of data.
Problem explanation and identification
Virus program can be installed into the server
Control procure and explanation
The server has to be monitored
The server has to be secured with a username and password not accessible to everyone.