Professional Documents
Culture Documents
4. COBIT 5 control processes address the importance of ensuring that systems and
information are available for use whenever needed and provides additional control
over processing integrity.
a. Discuss briefly two (2) objectives and one (1) key control of system
availability for each objective
b. Discuss any three (3) output controls that can help to provide additional
controls over processing integrity.
c. Given the following threats, you are required to propose one (1) data entry
control that would best prevent each of this threat:
i. A clerk entered an invoice received from a vendor who is not on an
authorized supplier list
ii. A payroll clerk accidentally entered an employee’s hours worked for
the weeks 380 instead of 38
iii. After processing sales transaction, the inventory report showed a
negative quantity on hand for several items.
iv. A customer order for an important part did not include the customer’s
address. Consequently, the order was not shipped on time and the
customer called to complain.
v. A visitor to the company’s web site entered 400 characters into the
five-digit zip code field, causing the server to crash.
5. Control activities are the policies and procedure used to ensure that appropriate
actions are taken to deal with the organization’s identified risks. Preventive controls
are designed to avoid errors or fraud in transactions processing before they occur.
a. Discuss four (4) preventive control activities with examples that can reduce
the occurrence of fraud and error.
b. Detective controls play a critical role by providing evidence that the
preventive controls are functioning as intended. Elaborate the differences
between supervision and independent verification, in reducing fraud and
error in transaction processing.
8. How does a virtual private network (VPN) provide the same functionality of a
privately owned secure network
10.What is the different between using check digit verification and using validity check
to test the accuracy of an account number entered on a transaction record?