As part of the BeGood AIS assessment, you must address risks, threats, and controls in compliance with the COSO framework. You know the external auditor will also want this information, so you decide to document it now. In preparation for the company external audit, you prepare the following documentation to assist the audit team in starting their work:
- Document a new AIS with a flowchart that will address the size and scope of BeGood in its current form.
- List at least three vulnerabilities and appropriate control measures to manage the vulnerabilities for each function (department) within the flowchart.
- Devise controls based on threats in a general ledger reporting system.
- Evaluate at least one security policy or procedure that would minimize threats and risks.