Global Airways is a major airline company based in Los Angeles. It has a computer system dedicated

Question:

Global Airways is a major airline company based in Los Angeles. It has a computer system dedicated to reservations and ticketing operations. More than 1,000 terminals scattered throughout the United States are connected to the mainframe computer in the company's head office.

You are a member of the external audit team examining access and communications controls within the reservation and ticketing system. Your firm has just taken over the audit of Global Airways in light of a successful tender bid. You are amazed to find the system does not use passwords to prevent unauthorized access to the system. When you question the information systems manager why this is the case, he informs you that passwords are unnecessary. He explains that each terminal connected to the computer is given a unique identification number. This number is stored in a table within a secure area of the operating system. A terminal must supply this identification number with each message it sends, and the system will respond only to a valid identification number. The identification number is sent automatically by a terminal because it is hard-wired into the terminal.
He further explains that a password system had been tried previously and abandoned. Each reservation and ticketing clerk had been given a unique password. Because multiple clerks often used a single terminal, however, the system was too awkward and unwieldy as clerks had to continuously sign on and sign off the system. Major problems occurred with the system during rush periods.
Finally, the information systems manager is surprised about your concerns. Under the current system, he argues unauthorized removal of assets cannot occur. Moreover, he points out that the previous auditor had never expressed concerns about the system.
Required: Write a brief report identifying what could go wrong, if anything, with the current system that would result in the company losing assets or violation of data integrity occurring in the system. In light of your report, what advice will you give to the partner in charge of the audit in terms of how the remainder of the audit should proceed.

Fantastic news! We've Found the answer you've been seeking!

Step by Step Answer:

Related Book For  book-img-for-question
Question Posted: