Fundamental component of internal control

Discussion1

It was only June 29th, 2007 when the first iPhone came out, but it feels like we have been living with these devices and their apps for much longer. Smartphones have created a new way of living. We are always connected, have instant access to information, instant directions to any location, and much more. The mobile experience is now expected, and enterprises have to adapt and provide these experiences to their customers, employees, and partners.  

  • How has mobile application development impacted the use of tablets and smartphones?  Explain
  • Why is understanding mobile application users important to mobile app development?
  • Why are mobile apps an expected part of enterprise development and marketing?

To participate in the Discussion, respond to the Discussion prompt by Day 3. Then, read a selection of your colleagues’ postings. Finally, respond to at least two classmates by Day 5 in one or more of the following ways:

  • Complete the Week #4 Discussion by the assigned due date.  Late assignments will not be accepted. 
  • This is not a graded assignment.
  • You must apply and use the basic citation styles of APA.
  • Do not claim credit for the words, ideas, and concepts of others.
  • Use in-text citation and list the reference of your supporting source following APA’s style and formatting
  • Do not copy and paste information or concepts from the Internet and claim that is your work.  It will be considered Plagiarism and you will receive a zero for your work.
  • Use this link to access the Discussion Board
  • This activity is not graded

Discussion 2

A fundamental component of internal control is the separation of duties for high-risk transactions. The underlying separation of duties concept is that no individual should be able to execute a high-risk transaction, conceal errors, or commit fraud in the normal course of their duties.

You can apply separation of duties at either a transactional or an organizational level. For example, payroll has access to employee financial records, but only payroll managers can approve raises.

Answer the following question(s):

  1. How do you define a high-risk transaction?
  2. If you were a security professional in a company, what are four roles (two sets of two related roles) you would separate and why? Provide examples not mentioned in the description for this discussion.

LAB QUESTION

  1. Using your favorite search engine, locate and read the following scholarly, peer-reviewed research article referencing separation of duties policies.

    Lu, J., Li, R., Lu, Z., & Jin, Y. (2009, December 31). Dynamic Enforcement of Separation-of-Duty Policies. Paper presented at the International Conference on Multimedia Information Networking and Security. http://dx.doi.org/10.1109/MINES.2009.102

Write a brief summary of the article. In your summary, focus on the need for a Separation of Duties policy and its key elements.

  • Review the following scenario for the fictional Bankwise Credit Union:
  • The organization is a local credit union that has multiple branches and locations throughout the region.
  • Online banking and use of the internet are the bank’s strengths, given its limited human resources.
  • The customer service department is the organization’s most critical business function.
  • The organization wants to be in compliance with the Gramm-Leach-Bliley Act (GLBA) and IT security best practices regarding its employees.
  • The organization wants to monitor and control use of the Internet by implementing content filtering.
  • The organization wants to eliminate personal use of organization-owned IT assets and systems.
  • The organization wants to monitor and control use of the e-mail system by implementing e-mail security controls.
  • The organization wants to implement this policy for all the IT assets it owns and to incorporate this policy review into its annual security awareness training.
  • The organization wants to define a policy framework, including a security management policy defining the separation of duties for information systems security.

Create a security management policy with defined separation of duties for the Bankwise Credit Union.

  1. Policy Statement
    (Define your policy verbiage.)
  2. Purpose/Objectives
    (Define the policy’s purpose as well as its objectives.)
  3. Scope
    (Define whom this policy covers and its scope. What elements, IT assets, or organization-owned assets are within this policy’s scope?)
  4. Standards
    (Does the policy statement point to any hardware, software, or configuration standards? If so, list them here and explain the relationship of this policy to these standards.)
  5.   Procedures
    (Explain how you intend to implement this policy for the entire organization.)
  6. Guidelines
    (Explain any roadblocks or implementation issues that you must overcome in this section and how you will surmount them per defined guidelines. Any disputes or gaps in the definition and separation of duties responsibility may need to be addressed in this section.)
  • Locate and read the following research article:

Ballesteros, S., Pan, L., Batten, L., & Li, G. (2015). Segregation-of-Duties Conflicts in the Insider Threat Landscape: An Overview and Case Study. Paper presented at the Second International Conference on Education Reform and Modern Management. https://doi.org/10.2991/ermm-15.2015.96

Discuss how a separation of duties policy would help to resolve the issues at Bankwise Credit Union, as discussed in this case study. Assume your audience is the CEO and Board of Bankwise Credit Union.

Get a 10 % discount on an order above $ 100
Use the following coupon code :
ACE16