QUESTION 1;SYSTEM RISKS

Answer 1:

Information system Risks

The principle reason for managing risk in an organization is to protect the mission and assets of the organization. Therefore, risk management must be a management function rather than a technical function. It is vital to manage risks to systems. Understanding risk, and in particular, understanding the specific risks to a system allow the system owner to protect the information system commensurate with its value to the organization. The fact is that all organizations have limited resources and risk can never be reduced to zero. So, understanding risk, especially the magnitude

of the risk, allows organizations to prioritize scarce resources.

System crash:  

System damage or crashs results in loss of data in the system due to work pressure and work load.

Environmental Threats—power failure, pollution, chemicals, water damage can cause a threat to the information system.

Natural disasters:

A natural disaster

It is the effect of a natural hazard (e.g., flood, tornado, hurricane, volcanic eruption, earthquake, or landslide). It leads to financial, environmental. This understanding is concentrated in the formulation: "disasters occur when hazards meet vulnerability." A natural hazard will hence never result in a natural disaster in areas without vulnerability, e.g. strong earthquakes, all these are related to the organization where It is valuable to compile a list of threats that are present across the organization and use this list as the basis for all risk management activities. As a major consideration of risk management is to ensure consistency and repeatability, an organizational threat list is invaluable.

Human errors- Mistakes made by a person rather than being caused by a poorly designed process, Human error sometimes lead to system crash also.

Question 3;types of Audits

Answer 3: there are two trypes of audits internal and external audit. Audit involves a periodical examanation and checks on records and procedures for security reasons, Internal audit is a function that, although operating independently from other departments and reports directly to the audit committee, resides within an organisation (i.e. they are company employees). It is responsible for performing audits (both financial and non-financial) within a wide range of areas within a business, as directed by the annual audit plan. Internal audit look at key risks facing the business and what is being done to manage those risks effectively, to help the organisation achieve its objectives. For example, they may look at risks to the company’s reputation such as the use of cheap labour in foreign countries, or strategic risks such as producing too many products in comparison to resources available etc.

External audit is an independent body which resides outside of the organisation which it is auditing. They are focused on the financial accounts or risks associated with finance and are appointed by the company shareholders. The main responsibility of external audit is to perform the annual statutory audit of the financial accounts, providing an opinion on whether they are a true and fair reflection of the company’s financial position. As part of this, external auditors often examine and evaluate internal controls put in place to manage the risks which could affect the financial accounts, to determine if they are working as intended.