Manage Access
Manage Change
Manage IT Operations
Walkthrough/Testing
EY!
100

Although this definition differs slightly depending on the client, a user with access to make changes, modifications, or with more rights than the average user is referred to as a...

Privileged User

100

Name some manage change tasks that should be done by different individuals

  • Request/approve change 

  • Develop the change 

  • Move change in and out of production 

  • Monitor changes

100

Describe an example of a manage IT operations control including the associated risk?

1. In certain IT applications, programs must be scheduled to run in a particular order. IT personnel can monitor the successful completion of jobs based on their particular order.

2. Employment termination data moves from the HR IT application to the access management tool on a nightly basis. IT personnel can monitor the successful completion of this job.

100

Transactional testing assesses the _______ of each control based on a representative sample of transactions.

Operational effectiveness

100

In what year did Ernst & Whinney and Athur Young & Co. merge?

1989

200

Give an example of a control a company might have in place to ensure that unauthorized access to applications cannot occur

Username/Password (multiple answers)

200

How might a change request be initiated?

End-user request through the help desk, requests submitted to a change review committee or submitted directly to the IT department. Emphasize that different types of changes may have different methods of initiation.

200

What is an interface?

-Transfer of information / data used in the performance of SCOTs or IT processes among the IT environment

-Can be similar to scheduled jobs

-How applications talk to each other

200
In your own words, walk us through the EY Random Application
EY Random is a tool that helps us randomly select numbers, dates, etc. (usually used for sample selections!) After inputting company info, you insert your range and tell the program how many selections you'd like (how many groups, ascending/generation, etc.). Once the report is created, you read the generated listing by column.
200

What are EY’S three geographic areas?

  • Americas
  • Europe, Middle East, India and Africa (EMEIA)
  • Asia-Pacific
300

What is being violated when the same user requests, approves, and grants access?

Segregation of Incompatible Duties

300

Provide an example of a compensating control for an SOD issue.

On a monthly basis, an individual with knowledge of the changes who does not provide approval or development/migration responsibilities reviews all changes made to the system for that month, and ties them back to appropriate change tickets, role rotation every 90 days, requirement of multiple reviews

300

Name an example of an automated tool

1) Automated backup and job scheduling tools.

2) Access management tools that permit the automated creation or removal of access rights to various IT components.

3) Help ticket systems that are used to record changes to IT applications. 

300

True or False: If a client answers "yes," to the question "Is this process the same as last year?," is this satisfactory? Explain.

FALSE!

- ALWAYS be skeptical

- Ask open-ended questions

- Hard to recover from this mistake

300

What is the name of one of the strategic pillars in NextWave?

Client Centricity, Exceptional and diverse people, Data and technology and Global integration and Teaming

M
e
n
u