Q1 give get exchange: items delivered in exchange of payment

Q2
i. Separation of accounting duties involves authorizing, recording, and custody.
Effective separation of accounting duties is achieved by ensuring that no one person
performs two or three of accounting duties on his own. A person who authorizes
cannot record or handle cash.
Part B
To limit system access, access controls, physical access controls, and network access controls
can be put into place. Examples of access controls include authentication (verify identity:
passwords, ID cards) and authorization where access to a system is limited once granted.
Examples of physical access controls include ensuring that the doors are locked so that
unauthorized personnel cannot get through. Network access controls include perimeter
defense, static packet filtering, and stateful packet filtering (packet head filtered).

Q3
i. End user computing is the creation and development by end users of their own
information systems. Three advantages: users control the development of the
system (they know what they want), it meets user’s needs, it is timely (avoids
lengthy delays) and it is easy to understand and use.
ii. Three disadvantages: inefficiency (most user’s are not trained programmers so it
may result in the system being inefficient), weak controls and lack of documentation
(controls are weak and users fail to realize that proper documentation help others
understand the system), lack of testing (inadequately tested) – user’s are less likely
to test their systems because they do not realize the need to do so.

Q4

i.
Advantages Disadvantages
Interviews Answers why questions Time consuming
Can answer follow up Inexpensive
questions for clarification
Questionnaires Not time consuming Does not allow in depth
Not expensive questions
Cannot follow up
responses

ii. Experience to prior changes – employees who had a bad experience to past changes
may tend to resist change. Mary had an experience where the change to the system
ended up as a disaster.
Biases and emotions – people with emotional attachments to their co-workers are
more likely to resist change. Mary thinks her team is stable and they like working
together. She is more likely to resist change if changes were to be made to her team.
 iii. Involve users – involve users in the development of the system and take into
account their suggestions

Test system – properly test systems to minimize bad first impressions

iv. Advantages: Easy to change software and hardware which improves flexibility
Eliminates need for making major investments for IT

Disadvantages: data is protected just by the strength of the password

Unauthorized access exposes not just one device but the entire network

Q5
i. Availability: information systems must be available to meet contractual obligations
ii. Backup is an exact copy of the database or system can be used if the original is no
longer available. A backup is not enough to plan for a disaster since disasters can not
only destroy data but also an entire information system. The chief mechanic is right
in the above scenario since more must be done to plan for a disaster. A disaster
recovery plan outlines procedures to restore operations in case data and the
information system gets destroyed by natural disasters. Organizations must also
have a business continuity plan which not only outlines how to restore operations,
but the entire business process (relocating, hiring temporary employees) in the case
its head office gets destroyed as well.