Purchase Solution

Evaluation of computer system security: business v. vendor

Not what you're looking for?

Ask Custom Question

Auditors test the computer controls for effectiveness through inquiry and observation. Auditors also review the computer security programs, risk policies, procedures, and standards on all major systems and facilities. They further check on who is responsible for monitoring, backups, log-ins, passwords, and vulnerabilities. In addition, auditors should check for the risk of errors, risk of fraud, effectiveness of application controls, risk of financial statement misstatements regarding security of data and assets, and relevant components of internal control.

In 1998 and 1999, Y2K was a term that was used to describe an anticipated computer problem that would occur in the year 2000. When reading the year, computers were originally designed to read two numbers instead of four numbers. Many people thought items that were run by computers would be unable to read the year 2000 and would revert back to the year 1900, potentially causing systems to fail. Many industries had to implement disaster recovery or contingency plans in preparation for this failure. As a result, auditors had to be prepared to review those plans.

Auditors must be prepared to test the effectiveness of controls and be able to evaluate a disaster recovery or contingency plan. Read the information provided in the Week 7 Application Form (linked below) about Anthony's Orchard's information system.

Week 7 Application Form
Evaluate the organizational structure and access to system program controls for Anthony's Orchard. Write a 2- to 3-page paper discussing the MDAC system and controls. Consider the following:

How would you delegate duties differently?

Did the organization use enough methods of asset protection and control provided by those methods?

What are the risks associated with the system?

What would you have done differently with system program control to improve asset protection?

Overall, does Anthony's Orchard have an effective disaster recovery/contingency plan? Your 2- to 3-page paper should reflect the application of the resources presented this week, as well as knowledge gained from previous weeks' required or optional readings.

Attachments
Purchase this Solution
Solution Summary

This topic discusses the different types of security, controls, checks, processes, and procedures that are used to ensure a company's data and asset privacy. It considers both the effectiveness of the above as well as how often the tests and reviews are done. Importantly, it also focuses on the responsibilities of the business itself versus the vendor its hired to do these things.

Solution Preview

The security of a company's data, assets, customer information, financial statements, and systems is imperative for a business to run effectively and with a sense of confidence.

You've been learning about this topic, and how it's created, tested, and improved in your class. Your assignment mentions that you should support your work in your paper with specific citations from this past week's Learning Resources, along with any other resources you choose. Be sure to include citations where appropriate as you take the following and develop your paper.

In terms of Anthony's Orchard and MDAC's systems and controls, you're being asked to assess how secure, effective, and appropriate it is as well as how it might be improved.

How would you delegate duties differently?
What first strikes me is that Anthony's Orchard ("AO") chooses to not have any full-time personnel responsible for data processing and systems. It completely relies upon MDAC, a vendor - albeit a reputable one based on its share price, executive team, and Board of Directors organization - to handle everything. While it seems that MDAC is more than capable of managing this, wouldn't it make sense to have at least one person who worked for Anthony's Orchard, maybe a CIO, be the direct point-person and contact for MDAC? Otherwise, although we're given a good amount of information on the teams and their respective responsibilities at MDAC, there's no meaningfully effective line of communication between the company and the vendor. I would certainly think that would ensure optimized communications regarding planned and unplanned events. Otherwise, how do the teams at MDAC know exactly who to partner with at Anthony's Orchard? The vendor contract has stated limitations regarding access which implies that in the event of a disaster, or even an unexpected occurrence, MDAC will ...

Purchase this Solution
Free BrainMass Quizzes
Motivation

This tests some key elements of major motivation theories.

Cost Concepts: Analyzing Costs in Managerial Accounting

This quiz gives students the opportunity to assess their knowledge of cost concepts used in managerial accounting such as opportunity costs, marginal costs, relevant costs and the benefits and relationships that derive from them.

Academic Reading and Writing: Critical Thinking

Importance of Critical Thinking

Transformational Leadership

This quiz covers the topic of transformational leadership. Specifically, this quiz covers the theories proposed by James MacGregor Burns and Bernard Bass. Students familiar with transformational leadership should easily be able to answer the questions detailed below.

Understanding Management

This quiz will help you understand the dimensions of employee diversity as well as how to manage a culturally diverse workforce.

View More Free Quizzes
Related BrainMass Solutions

  • Business Rule Identification from ER Diagrams

    Problems are solved within two sets of constraints: operation constraints and ___________ constraints. A. Economic B. System C. Security D. Access The ER diagrams are not clear I tried my best to interpret them correctly.

  • Trusted Computer Security Evaluation Criteria

    Although there were existing standards including Trusted Computer System Evaluation Criteria (TCSEC) developed by U.S Department of Defense and Information Technology Security Evaluation Criteria (ITSEC) used by European companies, the establishment of

  • 2 questions

    For this part: (As an Individual) Perform a security assessment of a host operating system configuration [use your computer, an online system image or a computer in the lab] I ran a scan with GFI LanGuard on my computer and there are several reports

  • Request for proposal regarding an office move

    Your RFP should contain the following: An Introduction to the project Business profile (Just Use "Engineering Firm") A description of the problem A description of the Vendor responsibility (what you are requiring them to do) Time and Cost estimates

  • Computer security checklist

    A good system of controls reduces the business risk. The control prevents errors from being made initially and the use of control is voluntary and could be easily changed.

  • ISP Security and Strategies to Ensure Security

    2) Outline additional steps a business should take to ensure security. 3) Outline the questions to ask when deciding whether to outsource or to develop e-business applications in-house. 4) ISP Evaluation Exercises Choosing an ISP for a business requires

  • Computer network security: Securing network perimeters

    Information Manipulation - the evaluation of flexible expressions based on all the above factors. Check Point's Stateful Inspection is able to meet all the security requirements defined above.

  • Why should a business use Microsoft XP pro?

    Take Control of Your Security Settings Windows Security Center provides a single, unified view of key settings and tools so that you can easily monitor your PC's security settings in one convenient place.

  • Mitigation of Problems when Risk is Unavoidable

    This eventually was able to be done, but they were without a critical business system for over a week, without an accurate picture of the data in the system. Talk about a business nightmare.

View More Related Solutions