Explore BrainMass
Share

Evaluation of computer system security: business v. vendor

This content was STOLEN from BrainMass.com - View the original, and get the already-completed solution here!

Auditors test the computer controls for effectiveness through inquiry and observation. Auditors also review the computer security programs, risk policies, procedures, and standards on all major systems and facilities. They further check on who is responsible for monitoring, backups, log-ins, passwords, and vulnerabilities. In addition, auditors should check for the risk of errors, risk of fraud, effectiveness of application controls, risk of financial statement misstatements regarding security of data and assets, and relevant components of internal control.

In 1998 and 1999, Y2K was a term that was used to describe an anticipated computer problem that would occur in the year 2000. When reading the year, computers were originally designed to read two numbers instead of four numbers. Many people thought items that were run by computers would be unable to read the year 2000 and would revert back to the year 1900, potentially causing systems to fail. Many industries had to implement disaster recovery or contingency plans in preparation for this failure. As a result, auditors had to be prepared to review those plans.

Auditors must be prepared to test the effectiveness of controls and be able to evaluate a disaster recovery or contingency plan. Read the information provided in the Week 7 Application Form (linked below) about Anthony's Orchard's information system.

Week 7 Application Form
Evaluate the organizational structure and access to system program controls for Anthony's Orchard. Write a 2- to 3-page paper discussing the MDAC system and controls. Consider the following:

How would you delegate duties differently?

Did the organization use enough methods of asset protection and control provided by those methods?

What are the risks associated with the system?

What would you have done differently with system program control to improve asset protection?

Overall, does Anthony's Orchard have an effective disaster recovery/contingency plan? Your 2- to 3-page paper should reflect the application of the resources presented this week, as well as knowledge gained from previous weeks' required or optional readings.

© BrainMass Inc. brainmass.com October 17, 2018, 1:17 pm ad1c9bdddf
https://brainmass.com/business/types-of-audits/evaluation-computer-system-security-business-vendor-609208

Attachments

Solution Preview

The security of a company's data, assets, customer information, financial statements, and systems is imperative for a business to run effectively and with a sense of confidence.

You've been learning about this topic, and how it's created, tested, and improved in your class. Your assignment mentions that you should support your work in your paper with specific citations from this past week's Learning Resources, along with any other resources you choose. Be sure to include citations where appropriate as you take the following and develop your paper.

In terms of Anthony's Orchard and MDAC's systems and controls, you're being asked to assess how secure, effective, and appropriate it is as well as how it might be improved.

How would you delegate duties differently?
What first strikes me is that Anthony's Orchard ("AO") chooses to not have any full-time personnel responsible for data processing and systems. It completely relies upon MDAC, a vendor - albeit a reputable one based on its share price, executive team, and Board of Directors organization - to handle everything. While it seems that MDAC is more than capable of managing this, wouldn't it make sense to have at least one person who worked for Anthony's Orchard, maybe a CIO, be the direct point-person and contact for MDAC? Otherwise, although we're given a good amount of information on the teams and their respective responsibilities at MDAC, there's no meaningfully effective line of communication between the company and the vendor. I would certainly think that would ensure optimized communications regarding planned and unplanned events. Otherwise, how do the teams at MDAC know exactly who to partner with at Anthony's Orchard? The vendor contract has stated limitations regarding access which implies that in the event of a disaster, or even an unexpected occurrence, MDAC will ...

Solution Summary

This topic discusses the different types of security, controls, checks, processes, and procedures that are used to ensure a company's data and asset privacy. It considers both the effectiveness of the above as well as how often the tests and reviews are done. Importantly, it also focuses on the responsibilities of the business itself versus the vendor its hired to do these things.

$2.19
Similar Posting

Security, Privacy, and Other AIS Issues

Security, Privacy, and Other AIS Issues
You've been hired by a growing organization to perform systems consulting work. The CEO has concerns about systems security and the impact of privacy considerations on the organization's AIS. She is also interested in learning more about new and emerging AIS technologies that the organization should consider. You have been asked to provide a report on these areas. Your report will be used as a basis for planning and developing improvements to the AIS.
Prepare a 1,750-2,150-word paper to deliver your findings to the CEO. In your paper, include the following:
a. A disaster recovery/contingency plan that includes the following:
1) Identification and analysis of procedures to detect vulnerabilities and security threats
2) Identification and analysis of risks and risk mitigation measures, including plans for
a) Systems and data recovery
b) Off-site data storage
c) Business continuity
b. An analysis of the impacts of privacy considerations on AIS (i.e., HIPAA)
c. Identification and evaluation of new and emerging AIS technologies and processes, including the following:
1) A summary of the advantages and disadvantages of the changes brought on by using e-business technologies (B2B, B2C, XBRL) in accounting systems
2) A comparison of similarities and differences between batch and real-time transaction processing
3) An explanation of accounting electronic data interchange (EDI) processes
4) An analysis of the potential use of XBRL in the organization
3. Respond to the Discussion Questions posted by your instructor. Post to the

View Full Posting Details