Study Guides (248,019)
Canada (121,233)
York University (10,190)
Accounting (98)
ACTG 4620 (4)

Final Exam Notes - Chapter 3, 5-7.docx

9 Pages
Unlock Document

ACTG 4620
David Chan

General controls internal controls that apply to a multitude of systems Internal control instruction, procedure or tool to mitigate an inherent risk Not an essential business activity or procedure for a transaction Chapter 3: IT Governance and General Controls General Controls Organization controls o IT & IT strategy o IT governance o Board of directors o IT steering committee o Segregation of duties o Code of business conduct o Management of consultants Software change control o Application software change control o System software change control o Change control policies and procedures o Naming conventions o Library control o Separate environments for development, testing and production o Software testing o Change approval o Change monitoring o Procedures to deal with emergency changes to ensure adequate testing, documentation and approval Access controls o Physical o Logical o Applies to infrastructure, software, people, information and procedures Systems development and acquisition controls o Systems development methodology o Approval at checkpoints o Documentation standards o TESTING Disaster prevention controls o Data backup o Software backup o Hardware and network redundancy o Backup testing o Fire and water resistant data centers o Locating data centers away from hazardous or high crime area o Preventive maintenance schedule and monitoring o Hardware performance monitoring Incident and disaster recovery controls o Incident response procedures o Disaster recovery plan o Disaster recovery testing Computer operations controls o Controls over IT purchases o Processing schedule o Hardware and software deployment procedures o Network and hardware operation proceudres o Network documentation o Server and network configuration o Network transmission controls o Service level agreement o Capacity planning IT performance measurement controls o Cost benefit analysis o Business case methodology o Cross charging IT cost to avoid waste of resources o Establish key performance indicators o IT score card reporting Intellectual property controls Chapter 5: eBusiness eBusiness Infrastructure Web server, application server, authentication server and database server all require protection with firewalls and rigorous o/s configuration o Inner servers after web server need more protection Trained and controlled webmaster Workstation Router Server Internet Routers need to be tightly configured Contracts with ISP s/b detailed, reviewed regularly, and monitored DNS has to be protected from hacker attempts to redirect traffic IP address subscription s/b optimized to avoid running out of addresses while not paying for unnecessary addresses For audit purposes MAC address is better b/c it doesnt change and is hardcoded in the ROM Privacy Principles Identifying Limiting Limiting use, Accountability Consent disclosure and purpose collection retention Individual Challenging Accuracy Safeguards Openness access compliance Ontario Electronic Commerce Act Human-machine interfaces = offer & acceptance Digital signatures Onus on merchant to impl
More Less

Related notes for ACTG 4620

Log In


Join OneClass

Access over 10 million pages of study
documents for 1.3 million courses.

Sign up

Join to view


By registering, I agree to the Terms and Privacy Policies
Already have an account?
Just a few more details

So we can recommend you notes for your school.

Reset Password

Please enter below the email address you registered with and we will send you a link to reset your password.

Add your courses

Get notes from the top students in your class.