CASE PROJECTS Case Project 1-1: Qualitative Risk Assessment As a consultant with the Risk Analysis Consulting...

Transcribed Image Text:

CASE PROJECTS Case Project 1-1: Qualitative Risk Assessment As a consultant with the Risk Analysis Consulting Co., you have been asked to perform a qualitative risk assessment for the TRC Chemical Company. TRC Chemical has a large outside sales force, numbering in the hundreds. Most of these employees use their own home computers (70% laptops, 30% desktops) to conduct TRC Chemical business. You have been asked to assess the risks associated with the use of home computers versus company-owned and-managed computers. Case Project 1-2: Quantitative Risk Assessment As a consultant with the Risk Analysis Consulting Co., you have completed a qualitative risk assessment regarding the risks associated with using non- company-owned computers to conduct company business. Your customer, TRC Chemical, is pleased with the results of the qualitative risk assessment and wants to see hard numbers to see whether it can justify the capital and expense burden of equipping the sales force with company-owned computers, based upon risk mitigation alone. In your risk assessment, make best estimates on the value of information and costs associated with purchasing and supporting company-owned computers. Case Project 1-3: Segregation of Duties Matrix As a consultant with the Risk Analysis Consulting Co., you have been asked to help the BBX Internet Stock Trading Company develop a viable segregation of duties for the management of its online software and supporting infrastructure. The activities that BBX is concerned with include: • Request and assignment of privileged access at the network, operating system, database, and application layers • Setup of new customers • Changes to audit alert settings For each of the activities listed above, develop a segregation of duties matrix where different parts of each process are performed by different individuals. Things to consider: • Separate the activity of requesting an action from performing the action. • Add an activity of confirming correct completion of the action. • Include any recordkeeping for the action so that an auditor can examine the action after the fact to see if the action was appropriately carried out. CASE PROJECTS Case Project 1-1: Qualitative Risk Assessment As a consultant with the Risk Analysis Consulting Co., you have been asked to perform a qualitative risk assessment for the TRC Chemical Company. TRC Chemical has a large outside sales force, numbering in the hundreds. Most of these employees use their own home computers (70% laptops, 30% desktops) to conduct TRC Chemical business. You have been asked to assess the risks associated with the use of home computers versus company-owned and-managed computers. Case Project 1-2: Quantitative Risk Assessment As a consultant with the Risk Analysis Consulting Co., you have completed a qualitative risk assessment regarding the risks associated with using non- company-owned computers to conduct company business. Your customer, TRC Chemical, is pleased with the results of the qualitative risk assessment and wants to see hard numbers to see whether it can justify the capital and expense burden of equipping the sales force with company-owned computers, based upon risk mitigation alone. In your risk assessment, make best estimates on the value of information and costs associated with purchasing and supporting company-owned computers. Case Project 1-3: Segregation of Duties Matrix As a consultant with the Risk Analysis Consulting Co., you have been asked to help the BBX Internet Stock Trading Company develop a viable segregation of duties for the management of its online software and supporting infrastructure. The activities that BBX is concerned with include: • Request and assignment of privileged access at the network, operating system, database, and application layers • Setup of new customers • Changes to audit alert settings For each of the activities listed above, develop a segregation of duties matrix where different parts of each process are performed by different individuals. Things to consider: • Separate the activity of requesting an action from performing the action. • Add an activity of confirming correct completion of the action. • Include any recordkeeping for the action so that an auditor can examine the action after the fact to see if the action was appropriately carried out.

Answer rating: 100% (QA)

Answer Case Project 11 Qualitative Risk Assessment As a consultant with the Risk Analysis Consulting Co I have been asked to perform a qualitative risk assessment for the TRC Chemical Company TRC Chem... View the full answer