SlideShare uma empresa Scribd logo

978-1-5386-6589-318$31.00 ©2018 IEEE COSO Framework for .docx

Transferir como DOCX, PDF
P
priestmanmable

978-1-5386-6589-3/18/$31.00 ©2018 IEEE COSO Framework for Warehouse Management Internal Control Evaluation: Enabling Smart Warehouse Systems Ratna Sari Information Systems Department, School of Information Systems, Bina Nusantara University, Jakarta 11480, Indonesia Computer Science Department, BINUS Graduate Program – Doctor of Computer Science, Bina Nusantara University, Jakarta, Indonesia 11480 [email protected] Raymond Kosala Computer Science Department, BINUS Graduate Program – Doctor of Computer Science, Bina Nusantara University, Jakarta, Indonesia 11480 [email protected] Benny Ranti Faculty of Computer Science, Universitas Indonesia, Depok 16424, Indonesia [email protected] Suhono Harso Supangkat Sekolah Teknik Elektro dan Informatika, Institut Teknologi Bandung, Bandung, Indonesia [email protected] Abstract— There are many ways for the company to improve its performance, one of them is optimizing the internal control of the company's activities. Internal control is intended to evaluate company activities and operations. This study took a case study at PT. XYZ related to the evaluation of internal controls in warehouse management using the COSO framework approach. From 5 elements and 17 Principle, study found, there are 2 principles that have not been applied in PT. XYZ; enforced accountability and control over technology. The recommendation given is system improvement as intended the inventory system to be more accurate and reliable to enable smart warehouse systems inside organizations. Keywords: internal control, COSO framework, warehouse management, evaluation I. INTRODUCTION There are many ways for the company to improve its performance, one of them is optimizing the internal control of the company's activities and also implementation of the new system to increase efficiency and effectiveness in all business process activities [4]. Internal control is a process undertaken by company management to assist the achievement of operations, reporting and in accordance with the compliance [9]. The internal optimization is needed because it describes the overall rules and procedures used by management to improve management effectiveness in the business and identify lack of internal control in the business processes that it can make the organization vulnerable and possible risks occurs, eventually all these risks can have an impact on a company's financial performance [2]. In warehouse management, internal controls devoted to optimizing the functions, including the process of finished goods inventory, and it useful to organize the distribution process to the market. According to Rita Makumbi (2013) [6] the function of the warehouse management is one of a service that can help the company's operational functions run smoothly as a store of raw material, unfinished goods, until stock the finished goods.

Educação
1 de 38
978-1-5386-6589-3/18/$31.00 ©2018 IEEE COSO Framework for Warehouse Management Internal Control Evaluation: Enabling Smart Warehouse Systems Ratna Sari Information Systems Department, School of Information Systems, Bina Nusantara University, Jakarta 11480, Indonesia Computer Science Department, BINUS Graduate Program – Doctor of Computer Science, Bina Nusantara University, Jakarta, Indonesia 11480 [email protected] Raymond Kosala Computer Science Department, BINUS
Graduate Program – Doctor of Computer Science, Bina Nusantara University, Jakarta, Indonesia 11480 [email protected] Benny Ranti Faculty of Computer Science, Universitas Indonesia, Depok 16424, Indonesia [email protected] Suhono Harso Supangkat Sekolah Teknik Elektro dan Informatika, Institut Teknologi Bandung, Bandung, Indonesia [email protected] Abstract— There are many ways for the company to improve its performance, one of them is optimizing the internal control of the company's activities. Internal control is intended to evaluate company activities and
operations. This study took a case study at PT. XYZ related to the evaluation of internal controls in warehouse management using the COSO framework approach. From 5 elements and 17 Principle, study found, there are 2 principles that have not been applied in PT. XYZ; enforced accountability and control over technology. The recommendation given is system improvement as intended the inventory system to be more accurate and reliable to enable smart warehouse systems inside organizations. Keywords: internal control, COSO framework, warehouse management, evaluation I. INTRODUCTION There are many ways for the company to improve its performance, one of them is optimizing the internal control of the company's activities and also implementation of the new system to increase efficiency and effectiveness in all
business process activities [4]. Internal control is a process undertaken by company management to assist the achievement of operations, reporting and in accordance with the compliance [9]. The internal optimization is needed because it describes the overall rules and procedures used by management to improve management effectiveness in the business and identify lack of internal control in the business processes that it can make the organization vulnerable and possible risks occurs, eventually all these risks can have an impact on a company's financial performance [2]. In warehouse management, internal controls devoted to optimizing the functions, including the process of finished goods inventory, and it useful to organize the distribution process to the market. According to Rita Makumbi (2013) [6] the function of the warehouse management is one of a service that can help the company's operational functions run smoothly as a store of raw material, unfinished goods, until stock the finished goods or inventory. One of the
problem in warehouse management is high production of manufacture, company must pay attention to the process from the beginning of production, to the process of goods delivery, and inventory calculations. One of famous approach for warehouse management control is using COSO framework. COSO framework is one of tools to maintain the effectiveness and efficiency of inventory process in organizations [12]. COSO framework also known as integrated framework that can help company to:(1) warehouse operation process more effective and efficient; (2) accountable and reliable of inventory stock calculation; (3) compliances with government law and regulations [8]. This research took case study from PT. XYZ as one of company who implemented the warehouse management. Based on observing in PT. XYZ, we found that company still difficulty to balance the production and inventory storage in warehouse which impact to lack of inventory
control. II. LITERATURE REVIEW Early definition of internal control is the plan of organization to coordinate methods and measure all the element in process business safe, accurate, reliable, encourage the prescribed managerial policies [10]. Another definition of internal control is philosophy of risk alignment, risk management, ethics, policies, resources, tasks and responsibilities according to organizational capacity to manage risk [12]. In warehousing planning and control, company produces various product, company needs good control over its inventory which two main objectives such as (1) warehouse inventory planning and control; (2) reliable inventory report to support financial statements [11] Related to COSO framework, basic concepts of internal control are:(a) internal control is an integrated process and a tool that can be used to achieve organization goals; (b)
Internal control is not only limited to policies and procedures but should include all levels within the organization; (c) Internal control can only provide a reasonable guarantee, not an absolute guarantee, because there are limitations that can obstruct the absoluteness of the internal control itself; (d) Internal Control will ultimately result in achievement of goals in categories of financial statements, compliance, operational activities [13]. Using COSO framework for evaluating the internal control helps company to calculate the probability of risk which can occur adversely [2]. However COSO can maintain and support the company to maintain risk which known can give positive feedback nor negative [12]. COSO framework is consist of five: (1) Control environment; (2) Risk assessment; (3) Control activities; (4) Information & Communication; (5) Monitoring activities [7].
Figure 1. The COSO Cube [3] Table 1. Component of Internal Control in COSO [1] III. METHODOLOGY With COSO framework approach this research starting with process business analysis as preliminary measurement and basic analysis in PT. XYZ then continue with internal control evaluation as follow: Figure 2. The Research Flow for Warehouse Management Evaluation in PT. XYZ For detail performed as follows: 1) Meeting related to explaining flow of evaluation process. 2) Conducting interviews with stakeholders such as IS team leader operations, IS analyst, supervisor factory logistics, team leader factory logistics, warehouse staff,
forklift drivers, internal control, and IPG (Information Protection & Governance) to observe and also learn detail about how the business process run, systems used and also the company's internal control procedures. 3) Documents checking related to the process of the finished goods inventory. 4) Doing directly observations in order to learn and understand more clearly about the working procedures associated with the process of finished goods inventory. IV. ANALYSIS AND RESULT A. FINDINGS Based on the results of research and interviews as part of internal control evaluation, here are the results: Based on the result above, total of 17 principles from COSO framework known as 2 principles is in red area for medium and high risk area, 6 principles is in yellow area which “not fully adapted” for medium and high risk area and green area for total 9 principles from low and high risk area.
For the red area, we conducted deeply investigation as high level evaluation for give the best recommendation. We found incorrect procedure during the process of inventory cycle in warehouse, due to goods receipt in warehouse is not loaded to the shelf directly and it put to wrong shelf. The impact, a lot of expired inventory due to incorrect process in goods issue. The inventory are stored in a multilevel shelf. During the good issue and shipment for delivery, it was taken randomly. Another issued for the red area is control activities for control over technology. PT. XYZ not only use warehouse management but also already used one of the systems like robot machine systems for put the inventory during the goods receipt. The process starts when shipping case sent by the conveyor and the systems will create into one pallet by robot machine then the next step is data will be stored in the robot database, but once in while systems went down, there is no back up so the process will be stopped or create manually. The effect for this case is lack of control for goods receipt. B. RECOMMENDATION After we found the fact findings about internal control evaluation for warehouse management in PT. XYZ, the recommendation is as follow: • Conducting customization through warehouse
management system at PT. XYZ. • Change business processes related to system requirements. The recommendation above expected, will support and improved the process in PT. XYZ such as:(1) Eliminate the manual process; (2) Provide reliable information about location of inventory stored and retrieved; (3) Trackable inventory; (4) Provide real-time information related to inventory in the warehouse. The recommendation of design architecture for warehouse management customization is using Three-Tier Architecture. While the warehouse management will integrated with robot machine and the application will store into one single application server. This design purpose with benefit: (1) optimized the server for storage, data process and retrieving database; (2) Reduce data duplication [5]. Figure 3. Three-Tier Architecture [5]
The business process changes purposed as follow: Robot Machine Systems Warehouse Management Systems DATABASE Interface Process Integration Mobile Scanner (Goods Issue) Inventory Barcode Create Automatic Inventory Stock Calculation Recommendation for Goods Issue Movement (First In First Out Method Adoption) Figure 4. System Design System design from figure 4, describes about additional interface process integration as bridging between warehouse
management systems and robot machine systems which all data from the systems will save into single database. Otherwise the process will improve since the inventory movement will follow with FEFO (First Expired First Out), like picture describe in figure 5. Table 2. Coso Matrix Performance in PT. XYZ In the figure 5 shown the inventory movement while systems automatically will scan and check the criteria. If the criteria of the product proper the next step systems will input into inventory systems and robot systems will take the product into the pallet specifically based on criteria and create delivery notes, afterwards the inventory staff will put into shelf storing. For the next process, PT. XYZ move the process of inventory into FEFO System (First Expired First Out): the systems will create the delivery note (inventory
selection based on expired date) and show which the inventory should out and help the inventory staff find the correct inventory. V. CONCLUSION COSO framework not only providing better internal control but also measurement of compliance risk due to reviewing the organization operational as well. COSO framework can support the risk mitigation, which can give recommendation and also solution to the company. Through 5 elements and 17 principles, it will help company reach the objective nor goal of effectiveness and efficiency company operation. Another opinion COSO framework is likely common audit that enables controls not the business operations but also all personnel inside of company. REFERENCES [1] COSO Framework. (2016). Retrieved from http://www.bussvc.wisc.edu/intcntrls/cosoframework.h tml
[2] Diane J. Janvrin, E. A. (2012). The Updated COSO Internal Control— Integrated Framework: Recommendations and Opportunities for Future Research. JOURNAL OF INFORMATION SYSTEMS, 189-213. [3] J. Stephen McNally, C. (2013, June 2013). The 2013 COSO Framework & SOX Compliance : ONE APPROACH TO AN EFFECTIVE TRANSITION. Retrieved from https://www.coso.org/documents/COSO%20McNallyT ransition%20Article- Final%20COSO%20Version%20Proof_5-31-13.pdf [4] Jokipii, A. (2009). Determinants and consequences of internal control in firms: a contingency theory based analysis. Springer Science-Business Media, 115-144 [5] Kambalyal, C. (2010). Three Tier Architecture. Retrieved from http://channukambalyal.tripod.com/NTierArchitecture. pdf
[6] Makumbi, R. (2013). Introduction to Warehousing Principles and Practices. Lambert Academic Publishing. Figure 5 – The Process of Inventory Movement [7] Martin, K., Sanders, E., & Scalan, G. (2014). The Potential Impact of COSO Internal Control Integrated Framework Revision on Internal Audit Structured SOX Work Program . Elsivier - Research in Accounting Regulations. [8] Mary B. Curtis, F. H. (2000). The components of a comprehensive framework of internal control. The CPA Journal, 64-66. [9] Miles E.A. Everson, S. E. (2013). Internal Control — Integrated Framework. NY: Committee of Sponsoring Organizations of the Treadway Commission. [10] Procedure, A. I. (2008). Codification of auditing
standards and procedures . University of Mississippi Library. Accounting Collection. [11] Ravee, J. M. (2009). Pengantar Akuntansi-Adaptasi Indonesia . Jakarta: Salemba Empat. [12] Thomas V. Scannell, S. C. (2013). Supply Chain Risk Management within the Context of COSO’s Enterprise Risk Management Framework. Journal of Business Administration Research, 15-28, Vol. 2, No. 1. [13] Tsay, B.-Y. (2010). Designing an Internal Control Assessment Program Using COSO's Guidance on Monitoring. New York: The CPA Journal. My group is empathy, we did group assignment on empathy, of a young and a older man getting help with shoveling of snow. I Need a example from the media to write about for this assignment and plus adding what we sounds and making the research paper I sent it below. “Introduction.” Instead, type the title of your paper on the first page of the text. This should match exactly with the title on the title page. Introduce the reader to the purpose of the project You are telling a story (i.e., People tend to help others who are similar to themselves. This is a form of discrimination. We are
interested in whether we can change this by focusing on (empathy) State the specific social group your team is focused on. What are the problems this group faces (i.e., what type of discrimination or societal problem)? Use an example from the media. This is your chance to “hook” the reader. Mention the two IVs you will focus on (group membership and theory of helping behavior) and the DV outcome you are interested in (helping behavior). ‐‐--‐-‐-----‐---‐--------- the attached urvey sheet do not need to be filled out, it is just something that the introduction will be about and plus an article from a online site. You can pick something that is going on about empathy someone helping a older person because of his age Maybe and younger guy --------------- It's like writing a paragraph about what happened with the younger and the older guy getting help, the empathy had for maybe the younger or the older guy. Because they both had to leave for work and they needed help will it be better to help the younger person or the older person which one would you have empathy for the most . And if you can find something online about someone receiving empathy for helping a person, let me know if you find something. Managing and Using Information Systems: A Strategic Approach – Sixth Edition Keri Pearlson, Carol Saunders, and Dennis Galletta © Copyright 2016 John Wiley & Sons, Inc.
Chapter 9 Governance of the Information Systems Organization 2 Learning Objectives Understand how governance structures define how decisions are made Describe governance based on organization structure, decision rights, and control Discuss examples and strategies for implementation. © 2016 John Wiley & Sons, Inc. 3 Intel’s Transformation Huge performance improvements between 2013 and 2014 Was it due to a spending increase? Intel’s evolution 1992: Centralized IT 2003: Protect Era – lockdown (SOX & virus)
2009: Protect to Enable Era (BYOD pressure) © 2016 John Wiley & Sons, Inc. 4 No, it was due to a spending decrease, not an increase. They focused on protecting to enable, not just locking down 4 Intel Reached Level 3: Developing programs and delivering services Contributing business value Transforming the firm Previously: categorized problems as “business” or “IT” Now: Integrated solutions are the only way © 2016 John Wiley & Sons, Inc. 5 IT Governance Governance (in business) is all about making decisions that Define expectations, Grant authority, or Ensure performance. Empowerment and monitoring will help align behavior with business goals. Empowerment: granting the right to make decisions.
Monitoring: evaluating performance. © 2016 John Wiley & Sons, Inc. 6 A decision right is an important organizational design variable since it indicates who in the organization has the responsibility to initiate, supply information for, approve, implement, and control various types of decisions. 6 IT Governance IT governance focuses on how decision rights can be distributed differently to facilitate three possible modes of decision making: centralized, decentralized, or hybrid Organizational structure plays a major role. © 2016 John Wiley & Sons, Inc. 7 Four Perspectives Traditional – Centralized vs decentralized Accountability and allocation of decision rights
Ecosystem Control structures from legislation © 2016 John Wiley & Sons, Inc. 8 Centralized vs. Decentralized Organizational Structures Centralized – bring together all staff, hardware, software, data, and processing into a single location. Decentralized – the components in the centralized structure are scattered in different locations to address local business needs. Federalism – a hybrid of centralized and decentralized structures. © 2016 John Wiley & Sons, Inc. 9 9 Organizational continuum
10 Federalism Most companies would like to achieve the advantages of both centralization and decentralization. Leads to federalism Distributes, power, hardware, software, data and personnel Between a central IS group and IS in business units A hybrid approach Some decisions centralized; some decentralized © 2016 John Wiley & Sons, Inc. 11 11 Federal IT © 2016 John Wiley & Sons, Inc. 12 12 Recent Global Survey
Percent of firms reporting that they are: Centralized: 70.6% Decentralized: 13.5% Federated: 12.7% © 2016 John Wiley & Sons, Inc. 13 Figure 9.4 IT Accountability and Decision Rights MismatchesAccountabilityLowHighDecision RightsHighTechnocentric Gap Danger of overspending on IT creating an oversupply IT assets may not be utilized to meet business demand Business group frustration with IT group Strategic Norm (Level 3 balance) IT is viewed as competent IT is viewed as strategic to businessLowSupport Norm (Level 1 balance) Works for organizations where IT is viewed as a support function Focus is on business efficiencyBusiness Gap Cost considerations dominate IT decision IT assets may not utilize internal competencies to meet business demand IT group frustration with business group © 2016 John Wiley & Sons, Inc. 14
Figure 9.5 Five major categories of IT decisions.CategoryDescriptionExamples of Affected IS ActivitiesIT PrinciplesHow to determine IT assets that are neededParticipating in setting strategic directionIT ArchitectureHow to structure IT assetsEstablishing architecture and standardsIT Infrastructure StrategiesHow to build IT assetsManaging Internet and network services; data; human resources; mobile computingBusiness Application NeedsHow to acquire, implement and maintain IT (insource or outsource)Developing and maintaining information systemsIT Investment and PrioritizationHow much to invest and where to invest in IT assetsAnticipating new technologies © 2016 John Wiley & Sons, Inc. 15 Political Archetypes (Weill & Ross) Archetypes label the combinations of people who either provide information or have key IT decision rights Business monarchy, IT monarchy, feudal, federal, IT duopoly, and anarchy. Decisions can be made at several levels in the organization (Figure 9.6). Enterprise-wide, business unit, and region/group within a business unit. © 2016 John Wiley & Sons, Inc. 16
For each decision category, the organization adopts an archetype as the means to obtain inputs for decisions and to assign responsibility for them. 16 Political Archetypes Organizations vary widely in their archetypes selected The duopoly is used by the largest portion (36%) of organizations for IT principles decisions. IT monarchy is the most popular for IT architecture (73%) and infrastructure decisions (59%). © 2016 John Wiley & Sons, Inc. 17 Figure 9.6 IT governance archetypes © 2016 John Wiley & Sons, Inc. 18 There is no best arrangement for the allocation of decision rights. The most appropriate arrangement depends on a number of
factors, including the type of performance indicator. 18 Emergent Governance: Digital Ecosystems Challenge a “top down” approach Self-interested, self-organizing, autonomous sets of technologies from different sources Firms find opportunities to exploit new technologies that were not anticipated Good examples: Google Maps YouTube © 2016 John Wiley & Sons, Inc. 19 Another Interesting Example Electronic Health Record Can connect to perhaps planned sources: Pharmacy Lab Insurance Company And can connect to unplanned sources: Banks – for payment Tax authority – for matching deductions Smartphone apps – for many purposes © 2016 John Wiley & Sons, Inc. 20
How to Govern in this case? Might be difficult to impossible! The systems might simply emerge and evolve over time No one entity can plan these systems in their entirety © 2016 John Wiley & Sons, Inc. 21 Mechanisms for Making Decisions Policies and Standards (60% of firms) Review board or committee Steering committee (or governance council) Key stakeholders Can be at different levels: Higher level (focus on CIO effectiveness) Lower level (focus on details of various projects) © 2016 John Wiley & Sons, Inc. 22 Summary of Three Governance FrameworksGovernance FrameworkMain ConceptPossible Best PracticeCentralization- DecentralizationDecisions can be made by a central authority or
by autonomous individuals or groups in an organization.A hybrid, Federal approachDecision ArchetypesSpecifying patterns based upon allocating decision rights and accountability. Tailor the archetype to the situationDigital EcosystemsMembers of the ecosystem contribute their strengths, giving the whole ecosystem a complete set of capabilities.Build flexibility and adaptability into governance. © 2016 John Wiley & Sons, Inc. 23 A Fourth – Out of a Firm’s Control: Legislation 24 © 2016 John Wiley & Sons, Inc. Sarbanes-Oxley Act (SoX) (2002) To increase regulatory visibility and accountability of public companies and their financial health All companies subject to the SEC are subject to SoX. CEOs and CFOs must personally certify and be accountable for their firm’s financial records and accounting. Firms must provide real-time disclosures of any events that may affect a firm’s stock price or financial performance. 20 year jail term is the alternative. IT departments play a major role in ensuring the accuracy of financial data.
© 2016 John Wiley & Sons, Inc. 25 25 IT Control and Sarbanes-Oxley In 2004 and 2005, IT departments began to Identify controls, Determine design effectiveness, and Test to validate operation of controls © 2016 John Wiley & Sons, Inc. 26 26 IT Control and Sarbanes-Oxley Five IT control weaknesses are repeatedly uncovered by auditors: Failure to segregate duties within applications, and failure to set up new accounts and terminate old ones in a timely manner Lack of proper oversight for making application changes, including appointing a person to make a change and another to perform quality assurance on it Inadequate review of audit logs to not only ensure that systems
were running smoothly but that there also was an audit log of the audit log Failure to identify abnormal transactions in a timely manner Lack of understanding of key system configurations © 2016 John Wiley & Sons, Inc. 27 Frameworks for Implementing SoX COSO - Committee of Sponsoring Organzations of the Treadway Commission. Created three control objectives for management and auditors that focused on dealing with risks to internal control Operations –maintain and improve operating effectiveness; protect the firm’s assets Compliance –with relevant laws and regulations. Financial reporting –in accordance with GAAP © 2016 John Wiley & Sons, Inc. 28 28 Control Components Five essential control components were created to make sure a company is meeting its objectives:
Control environment (culture of the firm) Assessment of most critical risks to internal controls Control processes that outline important processes and guidelines Communication of those procedures Monitoring of internal controls by management © 2016 John Wiley & Sons, Inc. 29 Frameworks (continued) COBIT (Control Objectives for Information and Related Technology) IT governance framework that is consistent with COSO controls. Issued in 1996 by Information Systems Audit & Control Association (ISACA) A company must Determine the processes/risks to be managed. Set up control objectives and KPIs (key performance indicators) Develop activities to reach the KPIs Advantages - well-suited to organizations focused on risk management and mitigation, and very detailed. Disadvantages – costly and time consuming © 2016 John Wiley & Sons, Inc. 30
30 IS and the Implementation of SoX Compliance The IS department and CIO are involved with the implementation of SoX. Section 404 deals with management’s assessment of internal controls. Six tactics that CIOs can use in working with auditors, CFOs, and CEOs (Fig. 9.9): Knowledge building (Build a knowledge base) Knowledge deployment (Disseminate knowledge to management.) Innovation directive (Organize for implementing SoX) Mobilization (Persuade players and subsidiaries to cooperate) Standardization (Negotiate agreements, build rules) Subsidy (Fund the costs) A CIO’s ability to employ these various tactics depends upon his/her power (relating to the SoX implementation). © 2016 John Wiley & Sons, Inc. 31 The CIO needs to acquire and manage the considerable IT resources to make SoX compliance a reality. 31 Managing and Using Information Systems: A Strategic Approach – Sixth Edition Keri Pearlson, Carol Saunders,
and Dennis Galletta © Copyright 2016 John Wiley & Sons, Inc. What do you think were the critical factors that fueled the need for IT governance? In what ways did ISO affect the standards for network security? Please make your initial post and two response posts substantive. A substantive post will do at least TWO of the following: · Ask an interesting, thoughtful question pertaining to the topic · Answer a question (in detail) posted by another student or the instructor · Provide extensive additional information on the topic · Explain, define, or analyze the topic in detail · Share an applicable personal experience · Provide an outside source (for example, an article from the UC Library) that applies to the topic, along with additional information about the topic or the source (please cite properly in APA) · Make an argument concerning the topic. At least one scholarly source should be used in the initial discussion thread. Be sure to use information from your readings and other sources from the UC Library. Use proper citations and references in your post.
Chapter 12 Secure Communications and Network Attacks Network and Protocol Security Mechanisms Secure Communications Protocols Authentication Protocols overview Secure Communications Protocols IPSec Kerberos Secure Shell (SSH) Signal Protocol Secure Remote Procedure Call (S-RPC) Secure Sockets Layer (SSL) Transport Layer Security (TLS) Authentication Protocols Challenge Handshake Authentication Protocol (CHAP) Password Authentication Protocol (PAP) Extensible Authentication Protocol (EAP)
Secure Voice Communications Voice over Internet Protocol (VoIP) Weaknesses and attacks Secure Real-Time Transport Protocol (SRTP) Social Engineering In person, over the phone, e-mail, IM, social networks PBX Fraud and Abuse Direct Inward System Access (DISA) Phreakers Black box, Red box, Blue box, White box (DTMF) Multimedia Collaboration Remote Meeting Instant Messaging Manage Email Security Email Security Goals Understand Email Security Issues Email Security Solution s overview
Email Security Goals SMTP, POP, IMAP Open relay, closed relay, authenticated relay Nonrepudiation Restrict access Integrity Verify delivery Confidentiality Understand Email Security Issues Lack of encryption Delivery vehicle for malware Lack of source verification Flooding Attachments
Email Security

Recomendados

Tugas control & audit sistem informasi
Tugas control & audit sistem informasiTugas control & audit sistem informasi
Tugas control & audit sistem informasi
Nur Fatrianti
 
A project on inventory management
A project on inventory managementA project on inventory management
A project on inventory management
Projects Kart
 
Kontrol & Audit Sistem Informasi
Kontrol & Audit Sistem InformasiKontrol & Audit Sistem Informasi
Kontrol & Audit Sistem Informasi
dwiki apsyarin
 
Adaptive Neuro-Fuzzy Inference System (ANFIS) Approach to Raw Material Invent...
Adaptive Neuro-Fuzzy Inference System (ANFIS) Approach to Raw Material Invent...Adaptive Neuro-Fuzzy Inference System (ANFIS) Approach to Raw Material Invent...
Adaptive Neuro-Fuzzy Inference System (ANFIS) Approach to Raw Material Invent...
Dr. Amarjeet Singh
 
Design and Implement E-Warehouses Management System for Universities in Devel...
Design and Implement E-Warehouses Management System for Universities in Devel...Design and Implement E-Warehouses Management System for Universities in Devel...
Design and Implement E-Warehouses Management System for Universities in Devel...
IJSRED
 
Control and Audit Information System
Control and Audit Information SystemControl and Audit Information System
Control and Audit Information System
arif prasetyo
 
1. Project Description Definition of ProjectThe supervision of w
1. Project Description Definition of ProjectThe supervision of w1. Project Description Definition of ProjectThe supervision of w
1. Project Description Definition of ProjectThe supervision of w
SantosConleyha
 
1. project description definition of project the supervision of w
1. project description definition of project the supervision of w1. project description definition of project the supervision of w
1. project description definition of project the supervision of w
SUKHI5
 

Recomendados

Tugas control & audit sistem informasi
Tugas control & audit sistem informasiTugas control & audit sistem informasi
Tugas control & audit sistem informasi
Nur Fatrianti
 
A project on inventory management
A project on inventory managementA project on inventory management
A project on inventory management
Projects Kart
 
Kontrol & Audit Sistem Informasi
Kontrol & Audit Sistem InformasiKontrol & Audit Sistem Informasi
Kontrol & Audit Sistem Informasi
dwiki apsyarin
 
Adaptive Neuro-Fuzzy Inference System (ANFIS) Approach to Raw Material Invent...
Adaptive Neuro-Fuzzy Inference System (ANFIS) Approach to Raw Material Invent...Adaptive Neuro-Fuzzy Inference System (ANFIS) Approach to Raw Material Invent...
Adaptive Neuro-Fuzzy Inference System (ANFIS) Approach to Raw Material Invent...
Dr. Amarjeet Singh
 
Design and Implement E-Warehouses Management System for Universities in Devel...
Design and Implement E-Warehouses Management System for Universities in Devel...Design and Implement E-Warehouses Management System for Universities in Devel...
Design and Implement E-Warehouses Management System for Universities in Devel...
IJSRED
 
Control and Audit Information System
Control and Audit Information SystemControl and Audit Information System
Control and Audit Information System
arif prasetyo
 
1. Project Description Definition of ProjectThe supervision of w
1. Project Description Definition of ProjectThe supervision of w1. Project Description Definition of ProjectThe supervision of w
1. Project Description Definition of ProjectThe supervision of w
SantosConleyha
 
1. project description definition of project the supervision of w
1. project description definition of project the supervision of w1. project description definition of project the supervision of w
1. project description definition of project the supervision of w
SUKHI5
 
1. Project Description Definition of ProjectThe supervision of w
1. Project Description Definition of ProjectThe supervision of w1. Project Description Definition of ProjectThe supervision of w
1. Project Description Definition of ProjectThe supervision of w
AbbyWhyte974
 
Continous process improvement
Continous process improvementContinous process improvement
Continous process improvement
Sarfraz Ashraf
 
Suggest an intelligent framework for building business process management [ p...
Suggest an intelligent framework for building business process management [ p...Suggest an intelligent framework for building business process management [ p...
Suggest an intelligent framework for building business process management [ p...
ijseajournal
 
Sample audit plan
Sample audit planSample audit plan
Sample audit plan
Maher Manan
 
Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1
Sharing Slides Training
 
Ais Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And AisAis Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And Ais
sharing notes123
 
Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1
sharing notes123
 
Ais Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And AisAis Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And Ais
Sharing Slides Training
 
Company report version 1.0
Company report version 1.0Company report version 1.0
Company report version 1.0
Prasenjit Pradhan
 
0601075 inventory management
0601075 inventory management0601075 inventory management
0601075 inventory management
Supa Buoy
 
Business Process as the Basis of the Process Approach in Enterprise Management
Business Process as the Basis of the Process Approach in Enterprise ManagementBusiness Process as the Basis of the Process Approach in Enterprise Management
Business Process as the Basis of the Process Approach in Enterprise Management
Dr. Amarjeet Singh
 
System Development Life Cycle
System Development Life CycleSystem Development Life Cycle
System Development Life Cycle
Doma Ngonie
 
“Optimization of Inventory regarding Power Tiller”
“Optimization of Inventory regarding Power Tiller”“Optimization of Inventory regarding Power Tiller”
“Optimization of Inventory regarding Power Tiller”
IRJET Journal
 
Synopsis on inventory_management_system
Synopsis on inventory_management_systemSynopsis on inventory_management_system
Synopsis on inventory_management_system
Divya Baghel
 
Role of Operational System Design in Data Warehouse Implementation: Identifyi...
Role of Operational System Design in Data Warehouse Implementation: Identifyi...Role of Operational System Design in Data Warehouse Implementation: Identifyi...
Role of Operational System Design in Data Warehouse Implementation: Identifyi...
iosrjce
 
H017634452
H017634452H017634452
H017634452
IOSR Journals
 
IRJET- Research Paper on Inventory Management System
IRJET- Research Paper on Inventory Management SystemIRJET- Research Paper on Inventory Management System
IRJET- Research Paper on Inventory Management System
IRJET Journal
 
performance management Audit report
performance management Audit report performance management Audit report
performance management Audit report
Preeti Bhaskar
 
CIS 2303 LO2 Part 2
CIS 2303 LO2 Part 2CIS 2303 LO2 Part 2
CIS 2303 LO2 Part 2
Ahmad Ammari
 
IM.pptx
IM.pptxIM.pptx
IM.pptx
alex194654
 
9©iStockphotoThinkstockPlanning for Material and Reso.docx
9©iStockphotoThinkstockPlanning for Material and Reso.docx9©iStockphotoThinkstockPlanning for Material and Reso.docx
9©iStockphotoThinkstockPlanning for Material and Reso.docx
priestmanmable
 
a 12 page paper on how individuals of color would be a more dominant.docx
a 12 page paper on how individuals of color would be a more dominant.docxa 12 page paper on how individuals of color would be a more dominant.docx
a 12 page paper on how individuals of color would be a more dominant.docx
priestmanmable
 

Mais conteúdo relacionado

Semelhante a 978-1-5386-6589-318$31.00 ©2018 IEEE COSO Framework for .docx

1. Project Description Definition of ProjectThe supervision of w
1. Project Description Definition of ProjectThe supervision of w1. Project Description Definition of ProjectThe supervision of w
1. Project Description Definition of ProjectThe supervision of w
AbbyWhyte974
 
Suggest an intelligent framework for building business process management [ p...
Suggest an intelligent framework for building business process management [ p...Suggest an intelligent framework for building business process management [ p...
Suggest an intelligent framework for building business process management [ p...
ijseajournal
 
Synopsis on inventory_management_system
Synopsis on inventory_management_systemSynopsis on inventory_management_system
Synopsis on inventory_management_system
Divya Baghel
 
Role of Operational System Design in Data Warehouse Implementation: Identifyi...
Role of Operational System Design in Data Warehouse Implementation: Identifyi...Role of Operational System Design in Data Warehouse Implementation: Identifyi...
Role of Operational System Design in Data Warehouse Implementation: Identifyi...
iosrjce
 
CIS 2303 LO2 Part 2
CIS 2303 LO2 Part 2CIS 2303 LO2 Part 2
CIS 2303 LO2 Part 2
Ahmad Ammari
 

Semelhante a 978-1-5386-6589-318$31.00 ©2018 IEEE COSO Framework for .docx (20)

1. Project Description Definition of ProjectThe supervision of w
1. Project Description Definition of ProjectThe supervision of w1. Project Description Definition of ProjectThe supervision of w
1. Project Description Definition of ProjectThe supervision of w
 
Continous process improvement
Continous process improvementContinous process improvement
Continous process improvement
 
Suggest an intelligent framework for building business process management [ p...
Suggest an intelligent framework for building business process management [ p...Suggest an intelligent framework for building business process management [ p...
Suggest an intelligent framework for building business process management [ p...
 
Sample audit plan
Sample audit planSample audit plan
Sample audit plan
 
Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1
 
Ais Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And AisAis Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And Ais
 
Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1
 
Ais Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And AisAis Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And Ais
 
Company report version 1.0
Company report version 1.0Company report version 1.0
Company report version 1.0
 
0601075 inventory management
0601075 inventory management0601075 inventory management
0601075 inventory management
 
Business Process as the Basis of the Process Approach in Enterprise Management
Business Process as the Basis of the Process Approach in Enterprise ManagementBusiness Process as the Basis of the Process Approach in Enterprise Management
Business Process as the Basis of the Process Approach in Enterprise Management
 
System Development Life Cycle
System Development Life CycleSystem Development Life Cycle
System Development Life Cycle
 
“Optimization of Inventory regarding Power Tiller”
“Optimization of Inventory regarding Power Tiller”“Optimization of Inventory regarding Power Tiller”
“Optimization of Inventory regarding Power Tiller”
 
Synopsis on inventory_management_system
Synopsis on inventory_management_systemSynopsis on inventory_management_system
Synopsis on inventory_management_system
 
Role of Operational System Design in Data Warehouse Implementation: Identifyi...
Role of Operational System Design in Data Warehouse Implementation: Identifyi...Role of Operational System Design in Data Warehouse Implementation: Identifyi...
Role of Operational System Design in Data Warehouse Implementation: Identifyi...
 
H017634452
H017634452H017634452
H017634452
 
IRJET- Research Paper on Inventory Management System
IRJET- Research Paper on Inventory Management SystemIRJET- Research Paper on Inventory Management System
IRJET- Research Paper on Inventory Management System
 
performance management Audit report
performance management Audit report performance management Audit report
performance management Audit report
 
CIS 2303 LO2 Part 2
CIS 2303 LO2 Part 2CIS 2303 LO2 Part 2
CIS 2303 LO2 Part 2
 
IM.pptx
IM.pptxIM.pptx
IM.pptx
 

Mais de priestmanmable

9©iStockphotoThinkstockPlanning for Material and Reso.docx
9©iStockphotoThinkstockPlanning for Material and Reso.docx9©iStockphotoThinkstockPlanning for Material and Reso.docx
9©iStockphotoThinkstockPlanning for Material and Reso.docx
priestmanmable
 
A ) Society perspective90 year old female, Mrs. Ruth, from h.docx
A ) Society perspective90 year old female, Mrs. Ruth, from h.docxA ) Society perspective90 year old female, Mrs. Ruth, from h.docx
A ) Society perspective90 year old female, Mrs. Ruth, from h.docx
priestmanmable
 
9 dissuasion question Bartol, C. R., & Bartol, A. M. (2017)..docx
9 dissuasion question Bartol, C. R., & Bartol, A. M. (2017)..docx9 dissuasion question Bartol, C. R., & Bartol, A. M. (2017)..docx
9 dissuasion question Bartol, C. R., & Bartol, A. M. (2017)..docx
priestmanmable
 
9 AssignmentAssignment Typologies of Sexual AssaultsT.docx
9 AssignmentAssignment Typologies of Sexual AssaultsT.docx9 AssignmentAssignment Typologies of Sexual AssaultsT.docx
9 AssignmentAssignment Typologies of Sexual AssaultsT.docx
priestmanmable
 
9 0 0 0 09 7 8 0 1 3 4 4 7 7 4 0 4ISBN-13 978-0-13-44.docx
9 0 0 0 09 7 8 0 1 3 4 4 7 7 4 0 4ISBN-13 978-0-13-44.docx9 0 0 0 09 7 8 0 1 3 4 4 7 7 4 0 4ISBN-13 978-0-13-44.docx
9 0 0 0 09 7 8 0 1 3 4 4 7 7 4 0 4ISBN-13 978-0-13-44.docx
priestmanmable
 
900 BritishJournalofNursing,2013,Vol22,No15©2.docx
900 BritishJournalofNursing,2013,Vol22,No15©2.docx900 BritishJournalofNursing,2013,Vol22,No15©2.docx
900 BritishJournalofNursing,2013,Vol22,No15©2.docx
priestmanmable
 
9 Augustine Confessions (selections) Augustine of Hi.docx
9 Augustine Confessions (selections) Augustine of Hi.docx9 Augustine Confessions (selections) Augustine of Hi.docx
9 Augustine Confessions (selections) Augustine of Hi.docx
priestmanmable
 
8.3 Intercultural CommunicationLearning Objectives1. Define in.docx
8.3 Intercultural CommunicationLearning Objectives1. Define in.docx8.3 Intercultural CommunicationLearning Objectives1. Define in.docx
8.3 Intercultural CommunicationLearning Objectives1. Define in.docx
priestmanmable
 
8413 906 AMLife in a Toxic Country - NYTimes.comPage 1 .docx
8413 906 AMLife in a Toxic Country - NYTimes.comPage 1 .docx8413 906 AMLife in a Toxic Country - NYTimes.comPage 1 .docx
8413 906 AMLife in a Toxic Country - NYTimes.comPage 1 .docx
priestmanmable
 
8. A 2 x 2 Experimental Design - Quality and Economy (x1 and x2.docx
8. A 2 x 2 Experimental Design - Quality and Economy (x1 and x2.docx8. A 2 x 2 Experimental Design - Quality and Economy (x1 and x2.docx
8. A 2 x 2 Experimental Design - Quality and Economy (x1 and x2.docx
priestmanmable
 
800 Words 42-year-old man presents to ED with 2-day history .docx
800 Words 42-year-old man presents to ED with 2-day history .docx800 Words 42-year-old man presents to ED with 2-day history .docx
800 Words 42-year-old man presents to ED with 2-day history .docx
priestmanmable
 
8.1 What Is Corporate StrategyLO 8-1Define corporate strategy.docx
8.1 What Is Corporate StrategyLO 8-1Define corporate strategy.docx8.1 What Is Corporate StrategyLO 8-1Define corporate strategy.docx
8.1 What Is Corporate StrategyLO 8-1Define corporate strategy.docx
priestmanmable
 
8.0 RESEARCH METHODS These guidelines address postgr.docx
8.0 RESEARCH METHODS These guidelines address postgr.docx8.0 RESEARCH METHODS These guidelines address postgr.docx
8.0 RESEARCH METHODS These guidelines address postgr.docx
priestmanmable
 
95People of AppalachianHeritageChapter 5KATHLEEN.docx
95People of AppalachianHeritageChapter 5KATHLEEN.docx95People of AppalachianHeritageChapter 5KATHLEEN.docx
95People of AppalachianHeritageChapter 5KATHLEEN.docx
priestmanmable
 
9 781292 041452ISBN 978-1-29204-145-2Forensic Science.docx
9 781292 041452ISBN 978-1-29204-145-2Forensic Science.docx9 781292 041452ISBN 978-1-29204-145-2Forensic Science.docx
9 781292 041452ISBN 978-1-29204-145-2Forensic Science.docx
priestmanmable
 
8-10 slide Powerpoint The example company is Tesla.Instructions.docx
8-10 slide Powerpoint The example company is Tesla.Instructions.docx8-10 slide Powerpoint The example company is Tesla.Instructions.docx
8-10 slide Powerpoint The example company is Tesla.Instructions.docx
priestmanmable
 
8Network Security April 2020FEATUREAre your IT staf.docx
8Network Security April 2020FEATUREAre your IT staf.docx8Network Security April 2020FEATUREAre your IT staf.docx
8Network Security April 2020FEATUREAre your IT staf.docx
priestmanmable
 
9 781292 041292ISBN 978-1-29204-129-2Movies and Meanin.docx
9 781292 041292ISBN 978-1-29204-129-2Movies and Meanin.docx9 781292 041292ISBN 978-1-29204-129-2Movies and Meanin.docx
9 781292 041292ISBN 978-1-29204-129-2Movies and Meanin.docx
priestmanmable
 

Mais de priestmanmable (20)

9©iStockphotoThinkstockPlanning for Material and Reso.docx
9©iStockphotoThinkstockPlanning for Material and Reso.docx9©iStockphotoThinkstockPlanning for Material and Reso.docx
9©iStockphotoThinkstockPlanning for Material and Reso.docx
 
a 12 page paper on how individuals of color would be a more dominant.docx
a 12 page paper on how individuals of color would be a more dominant.docxa 12 page paper on how individuals of color would be a more dominant.docx
a 12 page paper on how individuals of color would be a more dominant.docx
 
92 Academic Journal Article Critique  Help with Journal Ar.docx
92 Academic Journal Article Critique  Help with Journal Ar.docx92 Academic Journal Article Critique  Help with Journal Ar.docx
92 Academic Journal Article Critique  Help with Journal Ar.docx
 
A ) Society perspective90 year old female, Mrs. Ruth, from h.docx
A ) Society perspective90 year old female, Mrs. Ruth, from h.docxA ) Society perspective90 year old female, Mrs. Ruth, from h.docx
A ) Society perspective90 year old female, Mrs. Ruth, from h.docx
 
9 dissuasion question Bartol, C. R., & Bartol, A. M. (2017)..docx
9 dissuasion question Bartol, C. R., & Bartol, A. M. (2017)..docx9 dissuasion question Bartol, C. R., & Bartol, A. M. (2017)..docx
9 dissuasion question Bartol, C. R., & Bartol, A. M. (2017)..docx
 
9 AssignmentAssignment Typologies of Sexual AssaultsT.docx
9 AssignmentAssignment Typologies of Sexual AssaultsT.docx9 AssignmentAssignment Typologies of Sexual AssaultsT.docx
9 AssignmentAssignment Typologies of Sexual AssaultsT.docx
 
9 0 0 0 09 7 8 0 1 3 4 4 7 7 4 0 4ISBN-13 978-0-13-44.docx
9 0 0 0 09 7 8 0 1 3 4 4 7 7 4 0 4ISBN-13 978-0-13-44.docx9 0 0 0 09 7 8 0 1 3 4 4 7 7 4 0 4ISBN-13 978-0-13-44.docx
9 0 0 0 09 7 8 0 1 3 4 4 7 7 4 0 4ISBN-13 978-0-13-44.docx
 
900 BritishJournalofNursing,2013,Vol22,No15©2.docx
900 BritishJournalofNursing,2013,Vol22,No15©2.docx900 BritishJournalofNursing,2013,Vol22,No15©2.docx
900 BritishJournalofNursing,2013,Vol22,No15©2.docx
 
9 Augustine Confessions (selections) Augustine of Hi.docx
9 Augustine Confessions (selections) Augustine of Hi.docx9 Augustine Confessions (selections) Augustine of Hi.docx
9 Augustine Confessions (selections) Augustine of Hi.docx
 
8.3 Intercultural CommunicationLearning Objectives1. Define in.docx
8.3 Intercultural CommunicationLearning Objectives1. Define in.docx8.3 Intercultural CommunicationLearning Objectives1. Define in.docx
8.3 Intercultural CommunicationLearning Objectives1. Define in.docx
 
8413 906 AMLife in a Toxic Country - NYTimes.comPage 1 .docx
8413 906 AMLife in a Toxic Country - NYTimes.comPage 1 .docx8413 906 AMLife in a Toxic Country - NYTimes.comPage 1 .docx
8413 906 AMLife in a Toxic Country - NYTimes.comPage 1 .docx
 
8. A 2 x 2 Experimental Design - Quality and Economy (x1 and x2.docx
8. A 2 x 2 Experimental Design - Quality and Economy (x1 and x2.docx8. A 2 x 2 Experimental Design - Quality and Economy (x1 and x2.docx
8. A 2 x 2 Experimental Design - Quality and Economy (x1 and x2.docx
 
800 Words 42-year-old man presents to ED with 2-day history .docx
800 Words 42-year-old man presents to ED with 2-day history .docx800 Words 42-year-old man presents to ED with 2-day history .docx
800 Words 42-year-old man presents to ED with 2-day history .docx
 
8.1 What Is Corporate StrategyLO 8-1Define corporate strategy.docx
8.1 What Is Corporate StrategyLO 8-1Define corporate strategy.docx8.1 What Is Corporate StrategyLO 8-1Define corporate strategy.docx
8.1 What Is Corporate StrategyLO 8-1Define corporate strategy.docx
 
8.0 RESEARCH METHODS These guidelines address postgr.docx
8.0 RESEARCH METHODS These guidelines address postgr.docx8.0 RESEARCH METHODS These guidelines address postgr.docx
8.0 RESEARCH METHODS These guidelines address postgr.docx
 
95People of AppalachianHeritageChapter 5KATHLEEN.docx
95People of AppalachianHeritageChapter 5KATHLEEN.docx95People of AppalachianHeritageChapter 5KATHLEEN.docx
95People of AppalachianHeritageChapter 5KATHLEEN.docx
 
9 781292 041452ISBN 978-1-29204-145-2Forensic Science.docx
9 781292 041452ISBN 978-1-29204-145-2Forensic Science.docx9 781292 041452ISBN 978-1-29204-145-2Forensic Science.docx
9 781292 041452ISBN 978-1-29204-145-2Forensic Science.docx
 
8-10 slide Powerpoint The example company is Tesla.Instructions.docx
8-10 slide Powerpoint The example company is Tesla.Instructions.docx8-10 slide Powerpoint The example company is Tesla.Instructions.docx
8-10 slide Powerpoint The example company is Tesla.Instructions.docx
 
8Network Security April 2020FEATUREAre your IT staf.docx
8Network Security April 2020FEATUREAre your IT staf.docx8Network Security April 2020FEATUREAre your IT staf.docx
8Network Security April 2020FEATUREAre your IT staf.docx
 
9 781292 041292ISBN 978-1-29204-129-2Movies and Meanin.docx
9 781292 041292ISBN 978-1-29204-129-2Movies and Meanin.docx9 781292 041292ISBN 978-1-29204-129-2Movies and Meanin.docx
9 781292 041292ISBN 978-1-29204-129-2Movies and Meanin.docx
 

Último

Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
ZurliaSoop
 

Último (20)

Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
Plant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptxPlant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptx
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structure
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptx
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptx
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 

978-1-5386-6589-318$31.00 ©2018 IEEE COSO Framework for .docx

  • 1. 978-1-5386-6589-3/18/$31.00 ©2018 IEEE COSO Framework for Warehouse Management Internal Control Evaluation: Enabling Smart Warehouse Systems Ratna Sari Information Systems Department, School of Information Systems, Bina Nusantara University, Jakarta 11480, Indonesia Computer Science Department, BINUS Graduate Program – Doctor of Computer Science, Bina Nusantara University, Jakarta, Indonesia 11480 [email protected] Raymond Kosala Computer Science Department, BINUS
  • 2. Graduate Program – Doctor of Computer Science, Bina Nusantara University, Jakarta, Indonesia 11480 [email protected] Benny Ranti Faculty of Computer Science, Universitas Indonesia, Depok 16424, Indonesia [email protected] Suhono Harso Supangkat Sekolah Teknik Elektro dan Informatika, Institut Teknologi Bandung, Bandung, Indonesia [email protected] Abstract— There are many ways for the company to improve its performance, one of them is optimizing the internal control of the company's activities. Internal control is intended to evaluate company activities and
  • 3. operations. This study took a case study at PT. XYZ related to the evaluation of internal controls in warehouse management using the COSO framework approach. From 5 elements and 17 Principle, study found, there are 2 principles that have not been applied in PT. XYZ; enforced accountability and control over technology. The recommendation given is system improvement as intended the inventory system to be more accurate and reliable to enable smart warehouse systems inside organizations. Keywords: internal control, COSO framework, warehouse management, evaluation I. INTRODUCTION There are many ways for the company to improve its performance, one of them is optimizing the internal control of the company's activities and also implementation of the new system to increase efficiency and effectiveness in all
  • 4. business process activities [4]. Internal control is a process undertaken by company management to assist the achievement of operations, reporting and in accordance with the compliance [9]. The internal optimization is needed because it describes the overall rules and procedures used by management to improve management effectiveness in the business and identify lack of internal control in the business processes that it can make the organization vulnerable and possible risks occurs, eventually all these risks can have an impact on a company's financial performance [2]. In warehouse management, internal controls devoted to optimizing the functions, including the process of finished goods inventory, and it useful to organize the distribution process to the market. According to Rita Makumbi (2013) [6] the function of the warehouse management is one of a service that can help the company's operational functions run smoothly as a store of raw material, unfinished goods, until stock the finished goods or inventory. One of the
  • 5. problem in warehouse management is high production of manufacture, company must pay attention to the process from the beginning of production, to the process of goods delivery, and inventory calculations. One of famous approach for warehouse management control is using COSO framework. COSO framework is one of tools to maintain the effectiveness and efficiency of inventory process in organizations [12]. COSO framework also known as integrated framework that can help company to:(1) warehouse operation process more effective and efficient; (2) accountable and reliable of inventory stock calculation; (3) compliances with government law and regulations [8]. This research took case study from PT. XYZ as one of company who implemented the warehouse management. Based on observing in PT. XYZ, we found that company still difficulty to balance the production and inventory storage in warehouse which impact to lack of inventory
  • 6. control. II. LITERATURE REVIEW Early definition of internal control is the plan of organization to coordinate methods and measure all the element in process business safe, accurate, reliable, encourage the prescribed managerial policies [10]. Another definition of internal control is philosophy of risk alignment, risk management, ethics, policies, resources, tasks and responsibilities according to organizational capacity to manage risk [12]. In warehousing planning and control, company produces various product, company needs good control over its inventory which two main objectives such as (1) warehouse inventory planning and control; (2) reliable inventory report to support financial statements [11] Related to COSO framework, basic concepts of internal control are:(a) internal control is an integrated process and a tool that can be used to achieve organization goals; (b)
  • 7. Internal control is not only limited to policies and procedures but should include all levels within the organization; (c) Internal control can only provide a reasonable guarantee, not an absolute guarantee, because there are limitations that can obstruct the absoluteness of the internal control itself; (d) Internal Control will ultimately result in achievement of goals in categories of financial statements, compliance, operational activities [13]. Using COSO framework for evaluating the internal control helps company to calculate the probability of risk which can occur adversely [2]. However COSO can maintain and support the company to maintain risk which known can give positive feedback nor negative [12]. COSO framework is consist of five: (1) Control environment; (2) Risk assessment; (3) Control activities; (4) Information & Communication; (5) Monitoring activities [7].
  • 8. Figure 1. The COSO Cube [3] Table 1. Component of Internal Control in COSO [1] III. METHODOLOGY With COSO framework approach this research starting with process business analysis as preliminary measurement and basic analysis in PT. XYZ then continue with internal control evaluation as follow: Figure 2. The Research Flow for Warehouse Management Evaluation in PT. XYZ For detail performed as follows: 1) Meeting related to explaining flow of evaluation process. 2) Conducting interviews with stakeholders such as IS team leader operations, IS analyst, supervisor factory logistics, team leader factory logistics, warehouse staff,
  • 9. forklift drivers, internal control, and IPG (Information Protection & Governance) to observe and also learn detail about how the business process run, systems used and also the company's internal control procedures. 3) Documents checking related to the process of the finished goods inventory. 4) Doing directly observations in order to learn and understand more clearly about the working procedures associated with the process of finished goods inventory. IV. ANALYSIS AND RESULT A. FINDINGS Based on the results of research and interviews as part of internal control evaluation, here are the results: Based on the result above, total of 17 principles from COSO framework known as 2 principles is in red area for medium and high risk area, 6 principles is in yellow area which “not fully adapted” for medium and high risk area and green area for total 9 principles from low and high risk area.
  • 10. For the red area, we conducted deeply investigation as high level evaluation for give the best recommendation. We found incorrect procedure during the process of inventory cycle in warehouse, due to goods receipt in warehouse is not loaded to the shelf directly and it put to wrong shelf. The impact, a lot of expired inventory due to incorrect process in goods issue. The inventory are stored in a multilevel shelf. During the good issue and shipment for delivery, it was taken randomly. Another issued for the red area is control activities for control over technology. PT. XYZ not only use warehouse management but also already used one of the systems like robot machine systems for put the inventory during the goods receipt. The process starts when shipping case sent by the conveyor and the systems will create into one pallet by robot machine then the next step is data will be stored in the robot database, but once in while systems went down, there is no back up so the process will be stopped or create manually. The effect for this case is lack of control for goods receipt. B. RECOMMENDATION After we found the fact findings about internal control evaluation for warehouse management in PT. XYZ, the recommendation is as follow: • Conducting customization through warehouse
  • 11. management system at PT. XYZ. • Change business processes related to system requirements. The recommendation above expected, will support and improved the process in PT. XYZ such as:(1) Eliminate the manual process; (2) Provide reliable information about location of inventory stored and retrieved; (3) Trackable inventory; (4) Provide real-time information related to inventory in the warehouse. The recommendation of design architecture for warehouse management customization is using Three-Tier Architecture. While the warehouse management will integrated with robot machine and the application will store into one single application server. This design purpose with benefit: (1) optimized the server for storage, data process and retrieving database; (2) Reduce data duplication [5]. Figure 3. Three-Tier Architecture [5]
  • 12. The business process changes purposed as follow: Robot Machine Systems Warehouse Management Systems DATABASE Interface Process Integration Mobile Scanner (Goods Issue) Inventory Barcode Create Automatic Inventory Stock Calculation Recommendation for Goods Issue Movement (First In First Out Method Adoption) Figure 4. System Design System design from figure 4, describes about additional interface process integration as bridging between warehouse
  • 13. management systems and robot machine systems which all data from the systems will save into single database. Otherwise the process will improve since the inventory movement will follow with FEFO (First Expired First Out), like picture describe in figure 5. Table 2. Coso Matrix Performance in PT. XYZ In the figure 5 shown the inventory movement while systems automatically will scan and check the criteria. If the criteria of the product proper the next step systems will input into inventory systems and robot systems will take the product into the pallet specifically based on criteria and create delivery notes, afterwards the inventory staff will put into shelf storing. For the next process, PT. XYZ move the process of inventory into FEFO System (First Expired First Out): the systems will create the delivery note (inventory
  • 14. selection based on expired date) and show which the inventory should out and help the inventory staff find the correct inventory. V. CONCLUSION COSO framework not only providing better internal control but also measurement of compliance risk due to reviewing the organization operational as well. COSO framework can support the risk mitigation, which can give recommendation and also solution to the company. Through 5 elements and 17 principles, it will help company reach the objective nor goal of effectiveness and efficiency company operation. Another opinion COSO framework is likely common audit that enables controls not the business operations but also all personnel inside of company. REFERENCES [1] COSO Framework. (2016). Retrieved from http://www.bussvc.wisc.edu/intcntrls/cosoframework.h tml
  • 15. [2] Diane J. Janvrin, E. A. (2012). The Updated COSO Internal Control— Integrated Framework: Recommendations and Opportunities for Future Research. JOURNAL OF INFORMATION SYSTEMS, 189-213. [3] J. Stephen McNally, C. (2013, June 2013). The 2013 COSO Framework & SOX Compliance : ONE APPROACH TO AN EFFECTIVE TRANSITION. Retrieved from https://www.coso.org/documents/COSO%20McNallyT ransition%20Article- Final%20COSO%20Version%20Proof_5-31-13.pdf [4] Jokipii, A. (2009). Determinants and consequences of internal control in firms: a contingency theory based analysis. Springer Science-Business Media, 115-144 [5] Kambalyal, C. (2010). Three Tier Architecture. Retrieved from http://channukambalyal.tripod.com/NTierArchitecture. pdf
  • 16. [6] Makumbi, R. (2013). Introduction to Warehousing Principles and Practices. Lambert Academic Publishing. Figure 5 – The Process of Inventory Movement [7] Martin, K., Sanders, E., & Scalan, G. (2014). The Potential Impact of COSO Internal Control Integrated Framework Revision on Internal Audit Structured SOX Work Program . Elsivier - Research in Accounting Regulations. [8] Mary B. Curtis, F. H. (2000). The components of a comprehensive framework of internal control. The CPA Journal, 64-66. [9] Miles E.A. Everson, S. E. (2013). Internal Control — Integrated Framework. NY: Committee of Sponsoring Organizations of the Treadway Commission. [10] Procedure, A. I. (2008). Codification of auditing
  • 17. standards and procedures . University of Mississippi Library. Accounting Collection. [11] Ravee, J. M. (2009). Pengantar Akuntansi-Adaptasi Indonesia . Jakarta: Salemba Empat. [12] Thomas V. Scannell, S. C. (2013). Supply Chain Risk Management within the Context of COSO’s Enterprise Risk Management Framework. Journal of Business Administration Research, 15-28, Vol. 2, No. 1. [13] Tsay, B.-Y. (2010). Designing an Internal Control Assessment Program Using COSO's Guidance on Monitoring. New York: The CPA Journal. My group is empathy, we did group assignment on empathy, of a young and a older man getting help with shoveling of snow. I Need a example from the media to write about for this assignment and plus adding what we sounds and making the research paper I sent it below. “Introduction.” Instead, type the title of your paper on the first page of the text. This should match exactly with the title on the title page. Introduce the reader to the purpose of the project You are telling a story (i.e., People tend to help others who are similar to themselves. This is a form of discrimination. We are
  • 18. interested in whether we can change this by focusing on (empathy) State the specific social group your team is focused on. What are the problems this group faces (i.e., what type of discrimination or societal problem)? Use an example from the media. This is your chance to “hook” the reader. Mention the two IVs you will focus on (group membership and theory of helping behavior) and the DV outcome you are interested in (helping behavior). ‐‐--‐-‐-----‐---‐--------- the attached urvey sheet do not need to be filled out, it is just something that the introduction will be about and plus an article from a online site. You can pick something that is going on about empathy someone helping a older person because of his age Maybe and younger guy --------------- It's like writing a paragraph about what happened with the younger and the older guy getting help, the empathy had for maybe the younger or the older guy. Because they both had to leave for work and they needed help will it be better to help the younger person or the older person which one would you have empathy for the most . And if you can find something online about someone receiving empathy for helping a person, let me know if you find something. Managing and Using Information Systems: A Strategic Approach – Sixth Edition Keri Pearlson, Carol Saunders, and Dennis Galletta © Copyright 2016 John Wiley & Sons, Inc.
  • 19. Chapter 9 Governance of the Information Systems Organization 2 Learning Objectives Understand how governance structures define how decisions are made Describe governance based on organization structure, decision rights, and control Discuss examples and strategies for implementation. © 2016 John Wiley & Sons, Inc. 3 Intel’s Transformation Huge performance improvements between 2013 and 2014 Was it due to a spending increase? Intel’s evolution 1992: Centralized IT 2003: Protect Era – lockdown (SOX & virus)
  • 20. 2009: Protect to Enable Era (BYOD pressure) © 2016 John Wiley & Sons, Inc. 4 No, it was due to a spending decrease, not an increase. They focused on protecting to enable, not just locking down 4 Intel Reached Level 3: Developing programs and delivering services Contributing business value Transforming the firm Previously: categorized problems as “business” or “IT” Now: Integrated solutions are the only way © 2016 John Wiley & Sons, Inc. 5 IT Governance Governance (in business) is all about making decisions that Define expectations, Grant authority, or Ensure performance. Empowerment and monitoring will help align behavior with business goals. Empowerment: granting the right to make decisions.
  • 21. Monitoring: evaluating performance. © 2016 John Wiley & Sons, Inc. 6 A decision right is an important organizational design variable since it indicates who in the organization has the responsibility to initiate, supply information for, approve, implement, and control various types of decisions. 6 IT Governance IT governance focuses on how decision rights can be distributed differently to facilitate three possible modes of decision making: centralized, decentralized, or hybrid Organizational structure plays a major role. © 2016 John Wiley & Sons, Inc. 7 Four Perspectives Traditional – Centralized vs decentralized Accountability and allocation of decision rights
  • 22. Ecosystem Control structures from legislation © 2016 John Wiley & Sons, Inc. 8 Centralized vs. Decentralized Organizational Structures Centralized – bring together all staff, hardware, software, data, and processing into a single location. Decentralized – the components in the centralized structure are scattered in different locations to address local business needs. Federalism – a hybrid of centralized and decentralized structures. © 2016 John Wiley & Sons, Inc. 9 9 Organizational continuum
  • 23. 10 Federalism Most companies would like to achieve the advantages of both centralization and decentralization. Leads to federalism Distributes, power, hardware, software, data and personnel Between a central IS group and IS in business units A hybrid approach Some decisions centralized; some decentralized © 2016 John Wiley & Sons, Inc. 11 11 Federal IT © 2016 John Wiley & Sons, Inc. 12 12 Recent Global Survey
  • 24. Percent of firms reporting that they are: Centralized: 70.6% Decentralized: 13.5% Federated: 12.7% © 2016 John Wiley & Sons, Inc. 13 Figure 9.4 IT Accountability and Decision Rights MismatchesAccountabilityLowHighDecision RightsHighTechnocentric Gap Danger of overspending on IT creating an oversupply IT assets may not be utilized to meet business demand Business group frustration with IT group Strategic Norm (Level 3 balance) IT is viewed as competent IT is viewed as strategic to businessLowSupport Norm (Level 1 balance) Works for organizations where IT is viewed as a support function Focus is on business efficiencyBusiness Gap Cost considerations dominate IT decision IT assets may not utilize internal competencies to meet business demand IT group frustration with business group © 2016 John Wiley & Sons, Inc. 14
  • 25. Figure 9.5 Five major categories of IT decisions.CategoryDescriptionExamples of Affected IS ActivitiesIT PrinciplesHow to determine IT assets that are neededParticipating in setting strategic directionIT ArchitectureHow to structure IT assetsEstablishing architecture and standardsIT Infrastructure StrategiesHow to build IT assetsManaging Internet and network services; data; human resources; mobile computingBusiness Application NeedsHow to acquire, implement and maintain IT (insource or outsource)Developing and maintaining information systemsIT Investment and PrioritizationHow much to invest and where to invest in IT assetsAnticipating new technologies © 2016 John Wiley & Sons, Inc. 15 Political Archetypes (Weill & Ross) Archetypes label the combinations of people who either provide information or have key IT decision rights Business monarchy, IT monarchy, feudal, federal, IT duopoly, and anarchy. Decisions can be made at several levels in the organization (Figure 9.6). Enterprise-wide, business unit, and region/group within a business unit. © 2016 John Wiley & Sons, Inc. 16
  • 26. For each decision category, the organization adopts an archetype as the means to obtain inputs for decisions and to assign responsibility for them. 16 Political Archetypes Organizations vary widely in their archetypes selected The duopoly is used by the largest portion (36%) of organizations for IT principles decisions. IT monarchy is the most popular for IT architecture (73%) and infrastructure decisions (59%). © 2016 John Wiley & Sons, Inc. 17 Figure 9.6 IT governance archetypes © 2016 John Wiley & Sons, Inc. 18 There is no best arrangement for the allocation of decision rights. The most appropriate arrangement depends on a number of
  • 27. factors, including the type of performance indicator. 18 Emergent Governance: Digital Ecosystems Challenge a “top down” approach Self-interested, self-organizing, autonomous sets of technologies from different sources Firms find opportunities to exploit new technologies that were not anticipated Good examples: Google Maps YouTube © 2016 John Wiley & Sons, Inc. 19 Another Interesting Example Electronic Health Record Can connect to perhaps planned sources: Pharmacy Lab Insurance Company And can connect to unplanned sources: Banks – for payment Tax authority – for matching deductions Smartphone apps – for many purposes © 2016 John Wiley & Sons, Inc. 20
  • 28. How to Govern in this case? Might be difficult to impossible! The systems might simply emerge and evolve over time No one entity can plan these systems in their entirety © 2016 John Wiley & Sons, Inc. 21 Mechanisms for Making Decisions Policies and Standards (60% of firms) Review board or committee Steering committee (or governance council) Key stakeholders Can be at different levels: Higher level (focus on CIO effectiveness) Lower level (focus on details of various projects) © 2016 John Wiley & Sons, Inc. 22 Summary of Three Governance FrameworksGovernance FrameworkMain ConceptPossible Best PracticeCentralization- DecentralizationDecisions can be made by a central authority or
  • 29. by autonomous individuals or groups in an organization.A hybrid, Federal approachDecision ArchetypesSpecifying patterns based upon allocating decision rights and accountability. Tailor the archetype to the situationDigital EcosystemsMembers of the ecosystem contribute their strengths, giving the whole ecosystem a complete set of capabilities.Build flexibility and adaptability into governance. © 2016 John Wiley & Sons, Inc. 23 A Fourth – Out of a Firm’s Control: Legislation 24 © 2016 John Wiley & Sons, Inc. Sarbanes-Oxley Act (SoX) (2002) To increase regulatory visibility and accountability of public companies and their financial health All companies subject to the SEC are subject to SoX. CEOs and CFOs must personally certify and be accountable for their firm’s financial records and accounting. Firms must provide real-time disclosures of any events that may affect a firm’s stock price or financial performance. 20 year jail term is the alternative. IT departments play a major role in ensuring the accuracy of financial data.
  • 30. © 2016 John Wiley & Sons, Inc. 25 25 IT Control and Sarbanes-Oxley In 2004 and 2005, IT departments began to Identify controls, Determine design effectiveness, and Test to validate operation of controls © 2016 John Wiley & Sons, Inc. 26 26 IT Control and Sarbanes-Oxley Five IT control weaknesses are repeatedly uncovered by auditors: Failure to segregate duties within applications, and failure to set up new accounts and terminate old ones in a timely manner Lack of proper oversight for making application changes, including appointing a person to make a change and another to perform quality assurance on it Inadequate review of audit logs to not only ensure that systems
  • 31. were running smoothly but that there also was an audit log of the audit log Failure to identify abnormal transactions in a timely manner Lack of understanding of key system configurations © 2016 John Wiley & Sons, Inc. 27 Frameworks for Implementing SoX COSO - Committee of Sponsoring Organzations of the Treadway Commission. Created three control objectives for management and auditors that focused on dealing with risks to internal control Operations –maintain and improve operating effectiveness; protect the firm’s assets Compliance –with relevant laws and regulations. Financial reporting –in accordance with GAAP © 2016 John Wiley & Sons, Inc. 28 28 Control Components Five essential control components were created to make sure a company is meeting its objectives:
  • 32. Control environment (culture of the firm) Assessment of most critical risks to internal controls Control processes that outline important processes and guidelines Communication of those procedures Monitoring of internal controls by management © 2016 John Wiley & Sons, Inc. 29 Frameworks (continued) COBIT (Control Objectives for Information and Related Technology) IT governance framework that is consistent with COSO controls. Issued in 1996 by Information Systems Audit & Control Association (ISACA) A company must Determine the processes/risks to be managed. Set up control objectives and KPIs (key performance indicators) Develop activities to reach the KPIs Advantages - well-suited to organizations focused on risk management and mitigation, and very detailed. Disadvantages – costly and time consuming © 2016 John Wiley & Sons, Inc. 30
  • 33. 30 IS and the Implementation of SoX Compliance The IS department and CIO are involved with the implementation of SoX. Section 404 deals with management’s assessment of internal controls. Six tactics that CIOs can use in working with auditors, CFOs, and CEOs (Fig. 9.9): Knowledge building (Build a knowledge base) Knowledge deployment (Disseminate knowledge to management.) Innovation directive (Organize for implementing SoX) Mobilization (Persuade players and subsidiaries to cooperate) Standardization (Negotiate agreements, build rules) Subsidy (Fund the costs) A CIO’s ability to employ these various tactics depends upon his/her power (relating to the SoX implementation). © 2016 John Wiley & Sons, Inc. 31 The CIO needs to acquire and manage the considerable IT resources to make SoX compliance a reality. 31 Managing and Using Information Systems: A Strategic Approach – Sixth Edition Keri Pearlson, Carol Saunders,
  • 34. and Dennis Galletta © Copyright 2016 John Wiley & Sons, Inc. What do you think were the critical factors that fueled the need for IT governance? In what ways did ISO affect the standards for network security? Please make your initial post and two response posts substantive. A substantive post will do at least TWO of the following: · Ask an interesting, thoughtful question pertaining to the topic · Answer a question (in detail) posted by another student or the instructor · Provide extensive additional information on the topic · Explain, define, or analyze the topic in detail · Share an applicable personal experience · Provide an outside source (for example, an article from the UC Library) that applies to the topic, along with additional information about the topic or the source (please cite properly in APA) · Make an argument concerning the topic. At least one scholarly source should be used in the initial discussion thread. Be sure to use information from your readings and other sources from the UC Library. Use proper citations and references in your post.
  • 35. Chapter 12 Secure Communications and Network Attacks Network and Protocol Security Mechanisms Secure Communications Protocols Authentication Protocols overview Secure Communications Protocols IPSec Kerberos Secure Shell (SSH) Signal Protocol Secure Remote Procedure Call (S-RPC) Secure Sockets Layer (SSL) Transport Layer Security (TLS) Authentication Protocols Challenge Handshake Authentication Protocol (CHAP) Password Authentication Protocol (PAP) Extensible Authentication Protocol (EAP)
  • 36. Secure Voice Communications Voice over Internet Protocol (VoIP) Weaknesses and attacks Secure Real-Time Transport Protocol (SRTP) Social Engineering In person, over the phone, e-mail, IM, social networks PBX Fraud and Abuse Direct Inward System Access (DISA) Phreakers Black box, Red box, Blue box, White box (DTMF) Multimedia Collaboration Remote Meeting Instant Messaging Manage Email Security Email Security Goals Understand Email Security Issues Email Security Solution s overview
  • 37. Email Security Goals SMTP, POP, IMAP Open relay, closed relay, authenticated relay Nonrepudiation Restrict access Integrity Verify delivery Confidentiality Understand Email Security Issues Lack of encryption Delivery vehicle for malware Lack of source verification Flooding Attachments