L e a r n I n g o b j e c t I v e s


Which of the following is the correct order of the risk assessment steps discussed in this chapter a



Download 1.2 Mb.
View original pdf
Page45/46
Date20.09.2021
Size1.2 Mb.
#57360
1   ...   38   39   40   41   42   43   44   45   46
Accounting Information Systems 13th Chapter 7
9. Which of the following is the correct order of the risk assessment steps discussed in this chapter
a.
Identify threats, estimate risk and exposure, identify controls, and estimate costs and benefits. (Correct. See Figure b. Identify controls, estimate risk and exposure, identify threats, and estimate costs and benefits. (Incorrect. See Figure c. Estimate risk and exposure, identify controls, identify threats, and estimate costs and benefits. (Incorrect. See Figured. Estimate costs and benefits, identify threats, identify controls, and estimate risk and exposure. (Incorrect. See Figure 7-4.)
10. Your current system is deemed to be 90% reliable. A major threat has been identified with an impact of $3,000,000. Two control procedures exist to deal with the threat. Implementation of control A would cost $100,000 and reduce the likelihood to 6%. Implementation of control B would cost $140,000 and reduce the likelihood to 4%. Implementation of both controls would cost $220,000 and reduce the likelihood to 2%. Given the data, and based solely on an economic analysis of costs and benefits, what should you do?
a. Implement control A only. (Incorrect. Control procedure A provides a net benefit of only $20,000, whereas control procedure B provides a net benefit of $40,000.)

b.
Implement control B only. (Correct. Control procedure B provides a net benefit of
$40,000. Procedure A and the combination of A and B provide a benefit of only c. Implement both controls A and B. (Incorrect. The combination of procedures A and B provides a net benefit of only $20,000, whereas control procedure B provides a net benefit of d. Implement neither control. (Incorrect. Both controls provide a net benefit. Control procedure B provides a net benefit of $40,000. Procedure A and the combination of A and Beach provide a net benefit of EXPECTED LOSS 5 IMPACT 3 LIKELIHOOD ($300,000 5 $3,000,000 3 CONTROL PROCEDURE LIKELIHOOD
IMPACT
REVISED EXPECTED
LOSS
REDUCTION IN EXPECTED
LOSS
COST OF
CONTROL(S)
NET BENEFIT
(COST)
A
0.06
$3,000,000
$180,000
$120,000
$100,000
$20,000
B
0.04
$3,000,000
$120,000
$180,000
$140,000
$40,000
Both
0.02
$3,000,000
$ 60,000
$240,000
$220,000
$20,000

Download 1.2 Mb.

Share with your friends:
1   ...   38   39   40   41   42   43   44   45   46



The database is protected by copyright ©ininet.org 2024
send message
    Main page
techniques used
four types
major elements
probability that it
internal environment
largest supplier