REVIEW

Question 1

Third Normal Form (3NF) ** review normalization*

Answer 1

• Normalization reduces data redundancy and eliminates undesirable characteristics like insertion, update, and deletion anomalies.
• 3NF: eliminate any attributes that depend on both the primary key and other non-key attributes. Attributes should not have transitive dependencies (where they rely on other non-key attributes.

Question 2

Role of service auditor vs. Service org management

Answer 2

• service org management responsible for preparing the description of the system.
• ## service org management: responsible for determining control objectives

Question 3

Trust services supplemental criteria COSO components:

Answer 3

-

Question 4

COBIT core

Answer 4

• BAI (Build, Acquire, and Implement)
• APO (Align, Plan, and Organize)
• EDM (Evaluate, Direct, and Monitor)
• DSS (Deliver, Service, and Support)

Question 5

Security assessment report (SAR) procedures

Answer 5

• Examination (the process of analyzing, observing, and reviewing one or more assessment objects, such as job roles, security specifications, security activities, or relevant operational controls)
• interviewing (the method that involves having individual or group discussions to better understand, collect, and evaluate evidence)
• testing (the process of testing assessment objects that reflect how the object performs in its current state compared to a target or expected rate.

Question 6

service auditor

Answer 6

• service auditors are not required to be independent of the user entities but only the responsible party like the service organization in a SOC engagement.

Question 7

Eight components of ERP (Enterprise Risk Management) when applying to risk profile

Answer 7

• Internal Environment
• Objective Setting
• Event Identification
• Risk Assessment
• Risk Response
• Control Activities
• Information and Communication
• Monitoring