MGTD60 Final.docx

11 Pages
159 Views
Unlock Document

Department
Financial Accounting
Course
MGAD10H3
Professor
P.Yien/ K.Jackson
Semester
Summer

Description
Chapter Six IS Network and Telecommunications Risks Network Components  Computers and terminals  Telecommunications channels – physical and wireless  Telecommunications processors  Routers and switching devices Network Types  Local versus wide area networks  Internet, intranet, extranet  Virtual private networks (VPN)  Client/server networks Network Configuration Types  Star-shaped – centralized  Ring – decentralized  Bus - decentralized Network Protocols and Software  Open Systems Interconnect (OSI) model – a standard architecture for networking that allows different computers to communicate across networks  Network and telecommuncations software – network OS, networks management software, middleware, web browsers, e-mail software IS Network and Telecommunications Risks  Social Engineering  Physical Infrastructure Threats – the elements, natural disasters, power supply, intentional human attacks  Programmed Threats – viruses, worms, Trojan horses, hoaxes, blended threats  Denial of Service Attacks  Software Vulnerabilities IS Network and Telecommunications Security  Network security administration  Authentication  Encryption – secret key and public key  Firewalls – packet filtering and stateful inspection  Intrusion Detection Systems  Penetration Testing – war dialing, port scanning, sniffers, password crackers Auditing Network Security  Risk assessment and best practices  Benchmark tools  IT audit programs for network security Chapter Seven E-Business Models  EDI (Electronic Data Exchange) – Inventory Level  Web pages  The online environment  Distributed e-business and intranets  Supply chain linkage  Collaborative business E-Business Protocols, Software, and Hardware  TCP/IP  IP addresses  Client/server architectures The Languages of E-Business  HTML  XML  XBRL  ebXML Privacy  Privacy vs confidentiality  Privacy and security trade-offs  Privacy policies  Internet tracking tools Information System Security and Availability  General network and telecommunications risks and controls  Encryption – SSL, SET, S-HTTP  Securing electronic payments  Securing the web server  System availability and reliability Transaction Integrity and Business Policies  The integrity of transactions – complete, accurate, timely, authorized  Repudiation – origin and reception non-repudiation  Digital signatures and digital certificates  Electronic audit trails Specialized E-Business Applications  Electronic Data Interchange (EDI) – VAN vs web-based  Collaborative Commerce  E-Mail Security and Privacy – spamming, spoofing, and e-mail policies and controls Managing Third Party Providers  Third-party services – ISP’s, ASP’s, certificate authorities, and electronic payment providers  Independent evaluations of third parties Third Party Assurance Services  CPA Trust engagements  TRUSTe  BBB Online  Veri-Sign Chapter Eight Using Computer Assisted Audit Tools and Techniques (CAATs) Two Categories of CAATTs  1) Computer Assisted Audit Tools  2) Computer Assisted Audit Techniques Computer Assisted Audit Tools  Productivity Tools  Generalized Audit Software Tools Productivity Tools Include:  E-workpapers  Groupware  Time and billing software  Reference libraries  Document management Generalized Audit Software Tools Include:  ACL  Audit expert systems  Utility and statistical software ACL  Widely used for data extraction and analysis  Allows for virtual 100% testing of client data Computer Assisted Audit Techniques (CAATs) CAATs to Validate Audit Techniques  Test desks  Integrated test facility  Parallel simulation CAATs to Verify Data Integrity  Data extraction and analysis  Fraud detection  Continuous auditing techniques 10 Steps to Using CAATs  1. Set key audit objectives  2. Identify CAATs to be used  3. Identify which data files are needed  4. Determine which format you need  5. Request files from client in preferred format  6. Import data into ACL  7. Use CAATs to verify the data import process  8. Perform other CAATs  9. Investigate and reconcile exceptions  10. Document results in workpapers CAATs to Detect Fraud Digital analysis  Benford’s Law for a series of naturally occurring numbers  Deals with expected frequency of first digits  Exponential distribution  Requires large sample size Chapter Nine Conducting the IT Audit Audit Standards  CICA  CSAE (Canadian Standard on Assurance Engagements)  CSAE 3416 – See Assigned Reading  5025  AICPA  Statements of Auditing Standards (SASs)  Statement on Standards for Attestation Engagements (SSAE)  SSAE 16  ISACA  IS Audit Standards, Guidelines, and Procedures  CobiT  IFAC —International Auditing Standards (IASE) The IT Audit Lifecycle  Planning  Risk Assessment  Prepare Audit Program  Gather Evidence  Form Conclusions  Deliver Audit Opinion  Follow Up Planning  Scope and control objectives  Materiality  Outsourcing  Gain an understanding of the client and client’s industry, business risks Risk Assessment  Shift is to risk-based audit approach  “What can go wrong”  High risk areas require more a
More Less

Related notes for MGAD10H3

Log In


OR

Join OneClass

Access over 10 million pages of study
documents for 1.3 million courses.

Sign up

Join to view


OR

By registering, I agree to the Terms and Privacy Policies
Already have an account?
Just a few more details

So we can recommend you notes for your school.

Reset Password

Please enter below the email address you registered with and we will send you a link to reset your password.

Add your courses

Get notes from the top students in your class.


Submit