Week 6 - Cybersecurity

Question 1

Define AIS controls

Answer 1

The measures and procedures put in place to safeguard organisations financial information and digital assets

Question 2

What are the primary goals of AIS controls

Answer 2

• Protect organisations from financial fraud
• Ensure organisations comply with regulations established for processing and using financial data

Question 3

What are the objectives of implementing internal controls in an organisation

Answer 3

• Safeguard assets
• Provide accurate and reliable financial information
• Promote and improve operational efficiency
• Maintain records to report them accurately

Question 4

What are general controls

Answer 4

These are concerned with an oganisations’ operational efficiency

Question 5

What are application controls

Answer 5

Concerned with safeguarding organizations’ accuracy, validity, completeness and authorization of transactions

Question 6

What does general controls consist of

Answer 6

• Access controls
• Segregation of duties
• Change management controls
• Backup and recovery procedures

Question 7

What do application controls consist of

Answer 7

• Input controls
• Processing controls
• Output controls

Question 8

Who/what can identify the important AIS control frameworks

Answer 8

• Committee of Sponsoring Organizations of the Treadway Commission (COSO)
• Control Objectives for Information and Related Technologies (COBIT)
• Enterprise Risk Management (ERM)
• International Organization for Standardization (ISO)

Question 9

What is COSO

Answer 9

A set of guidelines that help organizations to relevant establish internal controls, improve governance and prevent fraud

Question 10

What are the components of COSO

Answer 10

• Control environment
• Risk assessment
• Control activities
• Information and communication
• Montioring activities

Question 11

What is ERM

Answer 11

Process used by BOD to use strategy, identify events that may affect the entity, assess, manage risk

Question 12

What is COBIT

Answer 12

A framework that helps organizations to monitor and improve IT governance

Question 13

What are the 5 principles of COBIT

Answer 13

1. Meeting stakeholder needs
2. Covering the enterprise end to end
3. Applying a single integrated framework
4. Enabling a holistic approach
5. Seperating governance from management

Question 14

What is the 5 governance model of COBIT

Answer 14

1. EDM - Evaluate, direct, monitor
2. APO - Align, plan, organize
3. BAI - Build, acquire, implement
4. DSS - Deliver, service, support
5. MEA - Monitor, evaluate, assess

Question 15

What is ISO

Answer 15

An independant, non-governmental organization that develops international standards for products, services, systems and process

Question 16

What are the ISO standards relevant to AIS

Answer 16

• ISO 27001: Information security management
• ISO 20000: IT service management
• ISO 22301: Business continuity management
• ISO 31000: Risk management