Professional Documents
Culture Documents
CRUZ
BSA II B
BA10
Problems
1. PHASES OF AN AUDIT: COMPENSATING GENERAL CONTROLS
What compensating controls are most likely in place?
A compensating control helps organization minimize the risk by identifying
how the requirements affect its framework. It is an activity that is
conducted wherever there is lack of segregation of duties. This would
likely to occur during improper internal controls, the internal control
provided a comprehensive strategy for achieving Proper segregation of
duties so that no employee will controls all phases of a transaction. Thus
this will avoid any possible error that will occur during the planning phase
of a financial audit.
c. Discuss some options open to the company that may reduce their
operating cost and provide the security the auditors seeks.
The physical location for a computer server should be located away
from human made and natural disaster.
The organization must implement effective fire suppression system
like automatic and manual fire alarms, fire extinguishers, building
should be sound construction to withstand water damage that fire
suppression equipment cause. And last is there should be a fire exit
that is clearly mark and illuminated during a fire.
To achieve a higher level of security, closed circuit cameras and
video recording system should monitor access.
7. DISASTER RECOVERY PLAN
a. Describe the internal control weaknesses present at Hexagon.
The architects retained the wooden shingled exterior and the exposed
wooden beams throughout the interior.
The data processing center, which contained the servers and
networked terminals, was situated in a large open area with high
ceilings and skylights.
The center was made accessible to the rest of the staff.
b. List the components that should be included in a disaster recovery plan for a
company like hexagon.
Providing second site back up provides a duplicate data processing
facilities following a disaster
Internally provided backup this permit firms to develop standardized
hardware and software configurations, which ensure functional
compatibility among their data processing centers and minimize
cutover problems in the event of compatibility.
Recovery operations center fully equipped backup data center that
many companies share.
Empty shell an arrangement wherein the company buys or lease a
building that will serve as a data center.
d. What factors, other than those included in the plan itself, should a
company considers when formulating a disaster recovery plan?
o Creating a disaster recovery team, recovering from a disaster
depends on timely corrective action. Failure to perform essential
task prolong the recovery period, so to avoid this serious omission
or duplication of effort , Hexagon needs to create a disaster
recovery team, individual task responsibility must be clearly defined
and communicated to the personnel involve.