Direction: Read the case and provide what is required.

1. A new system development project is being planned for Consti Corporation. The invoicing, cash
receipts, and accounts payable modules are all going to be updated. You are the controller of Consti
Corporation, and you are a little anxious about the aforementioned project. The last systems
development project that affected your department was not very successful, and the employees in the
accounting department did not accept the new system very well at first. You feel that the systems
personnel did not interact sufficiently with the users of the systems in the accounting department.
Required: Prepare a memo that you will send to Anna Marie, the head of the information systems
department. In the memo, provide some suggestions about the new project, including your concern
about the accounting personnel in the systems development project. Give persuasive arguments why
prototyping would be helpful to the workers in the accounting department.

2. Angela Adventure is a major national retailer specializing in outdoor sports, hunting, fishing, and
camping, including a wide variety of all-terrain vehicles (ATVs), which inspired its name. The company
has operations currently based in the Philippines and has a long-term business plan to expand its retail
centers to selected parts of South-East Asia (SEA). As part of ongoing current operations, management
has asked an internal information system (IS) auditor to review the company’s readiness for complying
with requirements for protecting cardholder information. This is meant to be a high-level overview of
where the firm stands and not a point-by-point review of its compliance with the specific standard. The
point-by-point review would be undertaken as a separate engagement later in the year.
During the initial assessment, the IS auditor learned the following information:
• Point-of-sale (POS) register encryption. The retailer uses wireless POS registers that connect
to application servers located at each store. These registers use wired equivalent protection
(WEP) encryption.
• POS local application server locations. The POS application server, usually located in the
middle of each store’s customer service area, forwards all sales data over a frame relay
network to database servers located at the retailer’s corporate headquarters, with strong
encryption applied to the data, which are then sent over a virtual private network (VPN) to the
credit card processor for approval of the sale.
• Corporate database location. Corporate databases are located on a protected screened subset
of the corporate local area network.
• Sales data distribution. Weekly aggregated sales data, by product line, are copied as-is from
the corporate databases to magnetic media and mailed to a third party for analysis of buying
patterns.
• Current enterprise resource planning (ERP) system compliance. The current state of the
company’s ERP system is such that it may be out of compliance with newer laws and
regulations. During the initial assessment, the IS auditor determined that the ERP system does
not adhere to the EU’s General Data Protection Regulation (GDPR).
Additionally, Angela Adventure’s database software has not been patched in over two (2) years, due to
a few factors:
• The vendor’s support for the database package was dropped due to it being acquired by a
competitor and refocusing the remaining business to other software services

• The company’s management has implemented plans to upgrade to a new database package.
The upgrade is underway; however, it is taking longer than anticipated.
Sizeable customizations were anticipated and are being carried out with a phased approach of partial
deliverables about the database upgrade. These deliverables are released to users for pilot usage on
real data and actual projects. Concurrently, the design and programming of the next phase are ongoing.
Despite positive initial test results, the internal audit group has voiced that it has not been included in
key compliance decisions regarding the configuration and testing of the new system. Also, operational
transactions are often queued, or “hang” during execution, and more and more frequently, data are
corrupted in the database. Additional problems have shown up wherein errors already corrected have
started occurring again and functional modifications already tested tend to present other errors. The
project, already late, is now in a critical situation.

Required:

a. Identify the event in the above scenario that would present the MOST significant risk to the retailer.
Justify your answer

b. Identify the MOST important detail/item that an IS auditor must include in its preliminary report to
the management about the database upgrade. Justify your
answer

sentences.
c. Identify the control in the above scenario that is MOST important to be implemented. Justify your
answer

Question

Direction: Read the case and provide what is required.

1. A new system development project is being planned for Consti Corporation. The invoicing, cash
receipts, and accounts payable modules are all going to be updated. You are the controller of Consti
Corporation, and you are a little anxious about the aforementioned project. The last systems
development project that affected your department was not very successful, and the employees in the
accounting department did not accept the new system very well at first. You feel that the systems
personnel did not interact sufficiently with the users of the systems in the accounting department.
Required: Prepare a memo that you will send to Anna Marie, the head of the information systems
department. In the memo, provide some suggestions about the new project, including your concern
about the accounting personnel in the systems development project. Give persuasive arguments why
prototyping would be helpful to the workers in the accounting department.

2. Angela Adventure is a major national retailer specializing in outdoor sports, hunting, fishing, and
camping, including a wide variety of all-terrain vehicles (ATVs), which inspired its name. The company
has operations currently based in the Philippines and has a long-term business plan to expand its retail
centers to selected parts of South-East Asia (SEA). As part of ongoing current operations, management
has asked an internal information system (IS) auditor to review the company’s readiness for complying
with requirements for protecting cardholder information. This is meant to be a high-level overview of
where the firm stands and not a point-by-point review of its compliance with the specific standard. The
point-by-point review would be undertaken as a separate engagement later in the year.
During the initial assessment, the IS auditor learned the following information:
• Point-of-sale (POS) register encryption. The retailer uses wireless POS registers that connect
to application servers located at each store. These registers use wired equivalent protection
(WEP) encryption.
• POS local application server locations. The POS application server, usually located in the
middle of each store’s customer service area, forwards all sales data over a frame relay
network to database servers located at the retailer’s corporate headquarters, with strong
encryption applied to the data, which are then sent over a virtual private network (VPN) to the
credit card processor for approval of the sale.
• Corporate database location. Corporate databases are located on a protected screened subset
of the corporate local area network.
• Sales data distribution. Weekly aggregated sales data, by product line, are copied as-is from
the corporate databases to magnetic media and mailed to a third party for analysis of buying
patterns.
• Current enterprise resource planning (ERP) system compliance. The current state of the
company’s ERP system is such that it may be out of compliance with newer laws and
regulations. During the initial assessment, the IS auditor determined that the ERP system does
not adhere to the EU’s General Data Protection Regulation (GDPR).
Additionally, Angela Adventure’s database software has not been patched in over two (2) years, due to
a few factors:
• The vendor’s support for the database package was dropped due to it being acquired by a
competitor and refocusing the remaining business to other software services

• The company’s management has implemented plans to upgrade to a new database package.
The upgrade is underway; however, it is taking longer than anticipated.
Sizeable customizations were anticipated and are being carried out with a phased approach of partial
deliverables about the database upgrade. These deliverables are released to users for pilot usage on
real data and actual projects. Concurrently, the design and programming of the next phase are ongoing.
Despite positive initial test results, the internal audit group has voiced that it has not been included in
key compliance decisions regarding the configuration and testing of the new system. Also, operational
transactions are often queued, or “hang” during execution, and more and more frequently, data are
corrupted in the database. Additional problems have shown up wherein errors already corrected have
started occurring again and functional modifications already tested tend to present other errors. The
project, already late, is now in a critical situation.

Required:

a. Identify the event in the above scenario that would present the MOST significant risk to the retailer.
Justify your answer

b. Identify the MOST important detail/item that an IS auditor must include in its preliminary report to
the management about the database upgrade. Justify your
answer

sentences.
c. Identify the control in the above scenario that is MOST important to be implemented. Justify your
answer

Accepted Answer

HEY there since you have posted multiple questions, we can answer only first question, kindly…

Give persuasive arguments why prototyping would be helpful to the workers in the accounting department.