-
Reasons for major control failure
Loss of crucial info is viewed as a distant, unlikely threat, companies do not understand the control implications of moving from secure to less secure networks, companies do not fully realize that info is a strategic resource, controls are costly and time consuming
-
How to increase computer control and security
Hiring full-time security and control staff, making control problems and solutions a major part of employee training, establishing formal info security policies, building controls into systems, moving sensitive data to a safe and secure environment
-
Threats, Risks and Exposures
Natural and political disasters, software errors and equipment malfunctions, and unintentional acts and intentional acts
-
Natural and Political disasters
Fires, floods, earthquakes, high winds, excessive heat, and war
-
Software errors and equipment malfunctions
Software errors, operating system crashes, hardware failures, power outages and fluctuations, and data transmission errors
-
Unintentional Acts
Accidents, innocent errors, and omissions from trained personnel, human carelessness, and failure to follow established procedures
-
Intentional Acts
Sabotage, which is destroying a system, computer fraud,
-
Preventive controls
Eliminate problems before they occur, by hiring qualified personnel, segregating duties, controlling physical assets
-
Detective controls
Detective controls Uncover problems as they occur, having a second person check all important calculations, preparing bank reconciliations and monthly trial balances
-
Corrective controls
Help solve problems after they are discovered, store backup copies of files off-site, establishing and practice disaster recovery plans, create a computer emergency response team
-
Belief system
Conveys key company values to employees and motivates them to adhere to such ideals
-
Boundary system
Promotes ethical behavior by setting limits beyond which an employee must not pass
|
|