Professional Documents
Culture Documents
ASAP M Tute08 Answers Guide
ASAP M Tute08 Answers Guide
ASAP M Tute08 Answers Guide
BEFORE TUTORIAL 8
1 Read the material indicated below and attempt answers to the questions that
follow.
Material to read:
MyUni>
Data Analytics – Microsoft Power BI Material>
Topic 7 – From dimensional model to stunning report in Power
BI Desktop. pdf
Students are expected to learn basic hands-on skills to carry out these tasks.
Students are expected to attempt tasks in this document before the tute and raise
questions about issues encountered during the tute.
2 Prepare the answers to the following questions from Control and Accounting
Information Systems and Controls for Information Security (Romney &
Steinbart Chapters 10 and 11.
Question 1
One function of the AIS is to provide adequate controls to ensure the safety of
organizational assets, including data. However, many people view control procedures
as “red tape.” They also believe that, instead of producing tangible benefits, business
controls create resentment and loss of company morale. Discuss this position.
Well-designed controls should not be viewed as “red tape” because they can
actually improve both efficiency and effectiveness. The benefits of business
controls are evident if one considers the losses that frequently occur due to the
absence of controls.
Another factor is the obtrusiveness of the controls. When the user sees no clear
need or purpose to a control it can appear to be there only to control them and
little more than that. When the user does not understand their purpose, controls
can often provoke resentment.
Question 2
Explain how the principle of separation of duties is violated in each of the following
situations. Also, suggest one or more procedures to reduce the risk and exposure
highlighted in each example.
iii. An employee of the finishing department walked off with several parts
from the storeroom and recorded the items in the inventory ledger as
having been issued to the assembly department.
PROBLEM: Employees can commit and conceal fraud when they have
access to physical inventory (custody) and to inventory records
(recording).
PROBLEM: The clerk was authorized to accept the return, grant credit,
and had custody of the inventory. It is also possible that the clerk may
The purchase returns area should be kept clean and orderly so that returns
cannot be "hid" among excess returns. Employees should not be allowed
to have gym bags or other personal items that could conceal stolen items in
work areas.
Question 3
What are the advantages and disadvantages of the three types of authentication
credentials (something you know, something you have, and something you are)?
Question 4
Which preventive, detective, and/or corrective controls would best mitigate the
following threats?
Detective: Locking out accounts after 3-5 unsuccessful login attempts; since
this was a “guessing” attack, it may have taken more than a few attempts to
login.
Detective: Having the system notify appropriate security staff about such an
incident.
DURING TUTORIAL 8
• Contribute to the class discussion of the above questions.
Please remember that you’ll enhance your learning by ACTIVELY
PARTICIPATING in the discussions.