Information Systems Security Survey Essay

The University of Nebraska Medical Center (UNMC) is an organization that was worked, thinking back to the nineteenth century. UNMC’s mission is to improve the wellbeing of Nebraska through chief instructive projects, inventive exploration, the most excellent patient consideration, and effort to underserved populaces (UNMC, 2004). As an establishment with key enthusiasm to protection of its understudies, staff and subordinate staff, UNMC has received different strategy rules to guarantee data security framework. The Information Security Management Plan (ISMP) portrays its shields to ensure private data. These shields are implied among another motivation to: Guarantee the secrecy of information Guarantee the uprightness of information Guarantee the accessibility of information Ensure against foreseen dangers or risks to the security or uprightness of the data UNMC has received data security industry best practices to actualize its data security framework (UNMC, 2014). They have become so compelling that during 2011, a Hitrust Gap appraisal was performed, and no huge holes were found inside its security program. The worksheet underneath traces how these projects have been turned out by various workplaces in the college. Worksheet: Information Security Program Survey Security Area Responsible Party/Office of Primary Responsibility Known Vulnerabilities/Risks Countermeasures/Risk Mitigation Strategy Acquisition (frameworks/administrations) Information Security Office Breach of the privacy statement All specialist co-ops must experience an assessment procedure to confirm they are qualified. Agreements have a privacy proviso whose break ends the agreement. Resource the board System Administrator Poor resource the executives Proper arrangements and method in placeâ to guarantee compelling resource the executives. Assessment to learn the capabilities of benefit directors. Review and responsibility Information Security Office Dishonest workers revealing secret data to outsiders Every application contains a log that must be kept up to meet administrative necessity. There is Information security Incident Response intend to deal with any remarkable odd occasions. Validation and approval System Administrator Covered information might be moved to outsiders without approval Employees are furnished with client name and secret phrase to get to the information. Representatives are prepared on building up a safe secret phrase. There are control arrangements set up administering access to this data. Business congruity Information Security Office Non-coordination and miscommunication between representatives All representatives should keep contact data of colleagues and managers to look for help in the event of any crisis. Consistence the board Compliance Officer the Information Security Officer Employees inability to consent to the set rules, arrangements and strategy There is a consistence structure that is filled before a significant task is embraced by the venture. The structure is to guarantee that no new hazard is acquainted with the venture. Setup control System Administrator Compromised framework security Every arrangement must have a secret key. Every secret key must have in any event ten characters. The secret phrase must be scrambled consistently. Information System Administrator Data might be captured during transmission Database with security keys is accessible to approved workers as it were. Access to grouped information is permitted to restricted workers. Data security plan guarantees security of secured information. Equipment System Administrator Destruction of equipment in a fiasco Only workers with specialized expertise of working equipment are permitted to utilize them. The equipment are scrambled for security purposes. Equipment reinforcement framework. Personality the board Information Security Office Unauthorized secured information and data move through outsiders Identity Management Program (IDM) plots method for giving certifications dependent on the NIST direction. Checks are done on workers before their business. Episode the board Command Center Episode Response Team Physical loss of information in a catastrophe An Incident Reporting and Response Plan is set up to report and react to anyâ identified hazard. Accessibility of a very much prepared episode reaction group. War room is set up to oversee crisis. Upkeep techniques Change Advisory Board (CAB) Existing patches inside the security framework A discharge procedure is set up to guarantee that the progressions don't influence non-essential framework. Fixing arrangements for workstations to guarantee security. Media assurance and demolition Information Security Office Unauthorized access secured information just as Data stockpiling approaches characterize how information put away in the media is to be ensured. Information is just put away in a made sure about server farm or scrambled medium. System Administrator Unauthorized access to the system Network traffic is constrained by Cisco undertaking class firewall where inbound interfaces are just permitted to DMZ. Inside believed arrange is given by means of an encoded VPN burrow. Specialized edge is set up to ban direct access from the web to the Internal Trusted Area. Arranging Information Security Office Poor arranging that bargain the board of the security framework Contingency plan is set up to deal with any consequence. Workers are urged to store information on organize record servers for reinforcement. All reinforcements are clearly put away and set apart for simple recognizable proof during crises. Staff System Administrator Loss of information uprightness Employees are just utilized subsequent to showing least security prerequisite. Data Security Addendum are to be finished paperwork for secrecy purposes. An insider who guarantees that every single legitimate prerequisite are followed before get to is conceded must go with untouchables getting to data. Physical condition System Administrator Physical wellbeing of nature might be undermined through assaults and robbery No unapproved in dividual is permitted inside the server farm premises. The server farms are constrained by keycard get to. Strategy Information Security Plan Coordinator Arrangements might be confused by the worker The University’s security strategy is cherished in the Privacy, Confidentiality and Security of Patient Proprietary Information Policy and the Computer Use and Electronic Information Security Policy. The two approaches necessitate that approved individuals can just access this data. The strategies are inspected at regular intervals to make them pair with the overall conditions. Activities The Information Security Officer and the Infrastructure Team Failure for tasks to follow the framework security strategy An activity must fill a consistence Checklist or a Security Risk Assessment structure for survey to confirm that no new hazard is acquainted with the endeavor. Re-appropriating System Administrator Unauthorized exposure of security data by outsiders Outsourced sellers must consent to UNMC Policy No. 8009, Contract Policy. Sellers getting to arranged understudy data must sign the GLB Act contract addendum. Hazard appraisals Information Custodian Poor technique for chance evaluation that may make light of the real effect of a hazard Security evaluation I led every year. All applications must meet the associations security strategies and strategy. Programming System Administrator Software might be contaminated with an infection Software ought not be introduced except if the client confides in it. Merchant update and fixes must be introduced except if coordinated something else. Programming permit must be held to get specialized help. Preparing System Administrators and Information Custodians Misuse of security framework Loss of information uprightness Employees are prepared on data security framework before they are utilized. Framework directors and data caretakers are every year prepared on Specific Information Security Policy and Procedure. References UNMC. (Walk 2014) Strategic Plan 2010-2013. Recovered from http://www.unmc.edu/wwwdocs/key plan_06-10_v3-brochure1.pdf United States Government Accountability Office. (February 2010). ELECTRONIC PERSONAL HEALTH INFORMATION EXCHANGE: Health Care Entities’ Reported Disclosure Practices and Effects on Quality of Care. Recovered from http://www.gao.gov/new.items/d10361.pdf UNMC. (February 9, 2004). Data Security Plan. Recovered from http://www.unmc.edu/its/docs/UNMCInformationSecurityPlan-Sept2010.pdf

Harvard Guide to Happiness, Freakonomics, Can’t a Woman Be Einstein Essay

The techniques proposed from an exploration led more than 10 years on 1,600 Harvard understudies are significant today like never before. The worldwide pattern of move in workforce from assembling to clerical work requires laborers acquire higher degrees of instruction. People with advanced education degree are increasingly outfitted with the ability to all the more likely oversee given assignments of the administration part utilizing logical reasoning. Workforce contained such exceptionally taught people improves seriousness in the undeniably mind boggling worldwide economy. In this way the estimation of individual scholarly interest is basic in supporting monetary improvement of a country. Accepting that understudies advancing their investigations choose dependent on freewill, keeping understudies propelled is the way to urging them to seek after advanced education. Basing on the outcomes from the investigation, expanding communication among the different components inside the educational system, for example, workforce and friend understudies impel understudies to accomplish higher evaluations, become all the more mentally connected with and increment their general satisfaction. A NBER investigation of a gathering of Kenyan young ladies in 69 grade schools contrasting the individuals who were arbitrarily chosen with get grants to the individuals who didn't get any shockingly reasoned that more prominent instruction doesn't in truth lead to more noteworthy majority rule government. Anyway I accept the connection among training and majority rule government can either be fortified or debilitated dependent on the substance of the instruction got by the residents and how it is celebrated in the study hall setting. Instruction frameworks that underscore and worth opportunity of articulation through warmed conversation among peers definitely give a chance to the understudies to encounter vote based method of taking care of things. The manner in which data was given to the little youngsters in Kenya and its substance may have been the explanation in the disappointment of expanded training to bring about more prominent majority rule government. The exposition that exhibited that organic distinction exists among male and female however doesn't propose a distinction in inclination represent a significant issue in the field of instruction. I concur that the outcomes insight an adjustment in the training framework yet I delay to concur with Leonard Sax in his conviction that â€Å"coed schools accomplish more mischief than good†. The way that current coed schools probably won't give a domain to young men and young ladies to learn at the pace of their developing minds doesn't require those understudies to be taught in single-sex schools. The issue, if there is any, would lie in the absence of division of classes dependent fair and square of each subject. Division of class in coed schools dependent on capability, for example fledglings, transitional and progressed appears to be a fitting reaction that viably manages the issue grasps anomalies simultaneously.

Custom Research Paper Writing Service - Find One That Can Create Work That Is Suitable For Your Needs

Custom Research Paper Writing Service - Find One That Can Create Work That Is Suitable For Your NeedsIn order to hire a custom research paper writing service, you have to find a company that specializes in the type of paper writing that you are seeking. There are many companies that offer a wide variety of services to different clients. You have to make sure that you find one that can deliver the type of paper writing that you need, at a price that you can afford.When you are looking for a research paper writing service, you have to make sure that it is a service that is able to keep up with your paper writing needs. It will be better if you hire a company that can offer you assistance in the areas of time frame, the number of topics covered, the quality of the topics and last but not least, the quality of the material that they will be offering.There are many things that you have to consider when hiring a research paper writing service. First of all, you have to find out what they o ffer. There are so many companies that offer different kinds of services, it will be best if you choose one that offers only paper writing services, instead of an assortment of services like audio books, web hosting, etc.You also have to check how long the research paper writing service that you are looking for can handle. You have to make sure that they are able to handle the amount of topics that you want covered. There are some instances where a company may be too busy to cover all the topics on their list. It is important that you check the deadline of the projects that you are expecting them to handle.The next thing that you have to check is how the research paper writing service works. This is important because the time and effort that you will be investing in this type of project is very high. It is best if you can find a company that can customize the work that they are doing for you. Since this kind of service is not something that you can do on your own, it is best if you can find a company that can tailor-make a solution for you.In fact, custom research paper writing service can handle your projects well, provided that you find a company that offers you custom writing solutions. Of course, you have to consider the money that you will be paying for the services that you will be receiving. You should make sure that you will not be spending much on the project. For this reason, you have to think about how much you can afford to spend.With the help of the internet, finding the right research paper writing service is easier. You can search for the company online. Once you found the company that you want to hire, all you have to do is give them the details of the project that you want to achieve. This way, they will be able to customize the service to your needs.If you want to hire a custom research paper writing service, you have to know that this type of service can give you the paper writing projects that you require. You just have to make sure that yo u have done your research before hiring a particular company. You can choose from any kind of research paper writing service, regardless of what it is that you are looking for.

Criminal Justice: the Right Job for You

I will discuss 3 key social issues adding to the requirement for criminal equity specialists and giving guides to each issue. I will likewise be clarifying the job of the criminal equity proficient in serving individual and cultural needs. In conclusion I will clarify how key social issues sway the job of the criminal equity proficient and give 2-3 guides to help my position. One key social issue adding to the requirement for criminal equity experts is jail swarming. Jail stuffing is one of America's most genuine criminal equity issues. The issue is a direct result of inadequate prison and jail space, for which the arrangement is to construct more prison and jail offices. As indicated by a recent report by the Pew Center on the States, the United States has the most noteworthy detainment rate on the planet, with one of every 100 Americans under the management of the criminal equity framework. Compulsory least sentences for tranquilize violations are a key factor in the high pace of detainment. Another key issue adding to the requirement for criminal equity specialists is movement. Movement raises three noteworthy, disputable issues in criminal equity. The first is the time and assets important to extradite migrants, regardless of whether they are recorded or undocumented, and who have been indicted for violations. The second is whether and to what degree neighborhood law authorization assets ought to be utilized finding and expelling undocumented foreigners. The third issue is the degree to which law requirement accentuation ought to be on people who transport and utilize undocumented migrants, instead of on the workers themselves. A significant issue adding to the requirement for criminal equity experts is neediness. You can peruse also Justice System Position Paper The seriousness of neediness regularly goes inseparably with the measure of wrongdoings submitted. Cash is frequently reinvested from the open market to the bootleg market to achieve high yet dangerous return in urban territories. Dangers, for example, these are significantly higher when this movement is constrained by savage crowd type associations and packs, whose presences are organized around gaining by the destitution of others. Reasonable and reachable good examples are far and not many between, if any exist whatsoever, which causes the offspring of the individuals who live in these territories to admire increasingly obnoxious figures who are carrying on with the high life through low living. While living in destitution a few people resort to wrongdoing to help their propensities (drugs as well as liquor) or potentially bolster their families. Due to this crime percentages go up, the measure of individuals imprisoned goes up, and the assessment dollars go up to keep the detainment facilities and correctional facilities running. The job of criminal equity experts in serving individual and cultural needs is exceptionally expansive. There are numerous situations in the criminal equity field in various territories with various errands and duties. Criminal equity experts invest a great deal of energy settling clashes and haggling with different gatherings inside and outside their associations. They handle protests, settle debates, and resolve complaints and clashes, generally by haggling with a few gatherings. Here and there they play out this assignment related to another, assessing data to decide consistence, which expects them to audit applicable data and utilize their individual judgment to decide if occasions or procedures follow laws, guidelines, or measures. Criminal Justice experts direct security, assemble data and documentation, give declaration, and they are relied upon to consistently give data to chiefs, collaborators, and subordinates to help their positions. One key social issue that impacts the job of criminal equity experts is requiring increasingly prison guards or detainment officials due to congestion. However there are more detainees in prisons and penitentiaries and there are insufficient prison guards or confinement officials to staff the jails and correctional facilities. Consequently the staff are exhausted with compulsory additional time and remunerated with additional days off rather than extra time pay. Migration is another key social issue that impacts the job of criminal equity experts. There is a constant fight about controlling the outskirt of Mexico and how to control it. There is a lot of viciousness at the fringe from illicit migrants and medication cartels. Outskirt Patrol Agents lives are put in danger consistently attempting to secure the fringe on account of this savagery. There are numerous social issues adding to the requirement for criminal equity experts and there consistently will be. The need will increment with time as will wrongdoing due to these social issues. There will consistently be a spot in the public arena for the criminal equity professional.

Database Management Essay -- Technology, Computer Softwares, Data

What is a database the board framework? Examine every one of the five significant programming segments of a database the executives framework. Information Base Managements System (DBMS) is a PC programming program introduced on a framework hard drive that inventory, recover, and run inquiries on information. It gives approaches to information to be changed or expelled by clients or different projects. There are a few distinct kinds of database the board frameworks that exist that were made for the correct control of databases for explicit purposes. The five programming parts of a database administrations framework are DBMS motor, information definition subsystem, information control subsystem, applications age subsystem, and information organization subsystem (Cummings, 2010). Database the board frameworks motor is the focal segment of the DBMS it stores and recovers information it acknowledges legitimate solicitation from different subsystems and change them into its physical comparable. The DBMS motor gathers coherent solicitations for information clients and issues physical information/yield solicitations to the PC working framework. The information mentioned is assembled from physical capacity and keeping in mind that the information stays in memory, it is overseen by the DBMS motor. Information definition subsystems make and keep up information word reference. Characterize structure of the documents inside the Data Base. Its legitimate structure must be characterized before entering data and whenever data is entered or erased the information definition subsystem must be utilized. Field name, type, structure, default esteem, approval rule, is a passage required, and can there be copies are instances of legitimate properties (Cummings, 2010). Information Manipulation Subsystem is utilized to include, change and erase data in a database. There is programming in the ... ... execution items. A few models is nanotube which is have been added to the casings of tennis racquets and bay clubs. Nanotubes are the absolute hardest materials known to exist to man. Since these cylinders are minuscule, millions can be added to the tennis racquet to make it solid so as to give tennis players more control and force. Medication is another region where nanotechnology changing. With the clinical field managing things on the littlest level, the little nano gadgets are being created to enter the body. A model is Nano robot which is a PC controlled automated gadget used to treat and kill infections. Nanotechnology contrast from customary assembling in which conventional production enjoy an enormous thing and reprieve it down to its littlest structure, nanotechnology begins at the littlest structure and develop (Cummings, 2010).

LEGISLATION ADMINISTERED AND ENFORCED BY BANK NEGARA MALAYSIA AND SECURITY COMMISSION - Free Essay Example

The Act provides for the administration, objectives of the Central Bank. It also enumerates the powers and the duties of the Central Bank in relation to issuance of currency, maintenance of external reserve, authorized business of the bank, specific powers to deal with ailing institutions, its relationship with the Government and financial institutions. The Act also contains general provisions on the Banks accounts, powers to compound etc. 2. Banking and Financial Institutions Act 1989 (BAFIA) The BAFIA which came into force on October 1, 1989 provides for the licensing and regulation of institutions carrying on banking, finance company, merchant banking, discount house and money-broking businesses. It also provides for the regulation of institutions carrying on scheduled business comprising non-bank sources of credit and finance, such as credit and charge card companies, building societies, factoring, leasing companies and development finance institutions. Non-scheduled institutions which are engaged in the provision of finance may be subject to Part X and XI of the BAFIA as the Minister of Finance may decide. 3. Exchange Control Act 1953 Exchange Control Notices (ECM) ECM 1 to 16 The Act restricts dealings in gold and foreign currencies, payments to and from residents, issuance of securities outside Malaysia, imports and exports and settlements. The Act also empowers the Controller for Foreign Exchang e to grant permissions and consent on the foregoing and to enforce the provisions of the Act. The Act is supplemented by the Exchange Control Notices (ECM). ECM is issued by the Controller which embodies the general permission and directions of the Controller. 4. Islamic Banking Act 1983 An Act to provide for the licensing and regulation of Islamic banking business. The Act inter alia has provisions on the financial requirements and duties of an Islamic Bank, ownership, control and management of Islamic banks, restrictions on its business, powers of supervision and control over Islamic bank and other general provisions such as penalties etc. 5. Insurance Act 1996 The provisions of the Act deal with the licensing of insurers, insurance brokers adjusters and reinsurers. It also deals with setting up of subsidiary and offices, establishment of insurance fund, direction and control of defaulting insurers, the control on management of licensee, accounts of licensee, examin ation and investigation powers of the Central Bank, winding-up, transfer of business of licensee. The Act also provides for matters relating to policies, insurance guarantee scheme fund, enforcement powers of the Central Bank, offenses and other general provisions. 6. Takaful Act 1984 An Act to provide for the registration and regulation of takaful business in Malaysia and for other purposes relating to or connected with takaful. Takafulin this context means a scheme based on brotherhood, solidarity and mutual assistance which provides for mutual financial aid and assistance to the participants in case of need whereby the participants mutually agree to contribute for that purpose. 7. Government Investment Act 1983 An Act to confer on the Minister power to receive investments of moneys for a fixed period and to pay dividend thereon. The Act amongst other things appoints the Central Bank as the agent of the Government and allows the issue of the investment by way of book-e ntry i.e. scripless. 8. Anti-Money Laundering and Anti-Terrorism Financing Act 2001 (AMLA) Since 2000, Malaysia has made significant progress in constructing a comprehensive anti-money laundering regime. Malaysias National Coordination Committee to Counter Money Laundering (NCC), comprised of members from 13 government agencies, oversaw the drafting of Malaysias Anti-Money Laundering Act 2001 (AMLA) and coordinates government-wide anti-money laundering efforts. The AMLA, enacted in January 2002, criminalized money laundering and lifted bank secrecy provisions for criminal investigations involving more than 150 predicate offenses. The law also created a financial intelligence unit (FIU) located in the Central Bank, Bank Negara Malaysia (BNM). The FIU is tasked with receiving and analyzing information, and sharing financial intelligence with the appropriate enforcement agencies for further investigations. The Malaysian FIU works with more than twelve other agencies to identif y and investigate suspicious transactions. 9. Uniform Customs and Practice for Documentary Credits (UCP 600) Not a legislation but a trade finance practices The Uniform Customs and Practice for Documentary Credits (UCP) is a set of rules on the issuance and use of letters of credit. The UCP is utilised by bankers and commercial parties in more than 175 countries in trade finance. UCP 600 came into effect on 1 July 2007. It is the sixth revision of the rules since they were first promulgated in 1933. UCP defines rights and obligations of the various parties in a documentary credit transaction, it is not law and any given documentary credit is subject to the UCP only to the extent indicated in the documentary credit itself. 10. Capital Markets and Services Act 2007 (CMSA) The CMSA prescribes the laws among others, to regulate and to provide for matters relating to the activities, markets and intermediaries in the capital markets. CMSA largely consolidates the Securit ies Industry Act 1983 (SIA), the Futures Industry Act 1993 (FIA) and Part IV of the Securities Commission Act 1993 (SCA), makes some changes to the regulatory structure of stock markets and futures markets, revamps the securities and futures industry licensing framework, adds new provisions to help promote Malaysias development as a global Islamic financial hub, improves and modernises the regulatory framework, fund raising activities and investor protection and introduces provisions for self-regulatory organizations. 11. Labuan Financial Services and Securities Act 2010 (LFSSA) This Act provides the framework on the licensing and regulation of financial services and securities in Labuan. With the enactment of the Labuan Financial Services and Securities Act 2010, the following Acts are repealed:- o Labuan Trust Companies Act 1990; o Offshore Banking Act 1990; o Offshore Insurance Act 1990; and o Labuan Offshore Securities Industry Act 1998. 12. Labuan Islamic F inancial Services and Securities Act 2010 The Act sets the licensing and regulatory framework for Islamic financial services and securities in Labuan and provides for the establishment of Islamic banking and Takaful business including captive Takaful business plus Labuan Islamic trusts, foundations, limited partnerships and limited liability partnerships. 13. Labuan Financial Services Authority Act 1996 This Act described and governed the roles and powers of Labuan FSA. Under this legislation, Labuan FSA is allowed and given the power to administer, carry out and enforce the Labuan legislation to all industry players in this jurisdiction. 14. Malaysia Deposit Insurance Corporation Act 2011 The Act sets adequate powers to the Malaysia Deposit Insurance Corporation (PIDM) to manage troubled financial institutions (member institutions) effectively. Provides PIDM powers to improve consumer protection in terms of finance. The scope of protection for deposits has been raise d from RM60,000 to RM250,000. Exchange Control Notices (ECM) ECM 1 to 16 Bank Negara Malaysia, as agent of the Government on exchange control matters, administers the Exchange Control Act 1953 since August 1, 1960, with the Governor as the Controller of Foreign Exchange. To complement the Act, the Controller issues exchange control notices and various circulars from time to time. Currently, there are sixteen ECM notices: ECM No. Contents 1 Definitions 2 Dealings in Gold and Foreign Currency 3 External Accounts 4 General Payments 5 Export of Goods 6 Credit Facilities to Non-Residents 7 Foreign Currency Accounts 8 Domestic Credit Facilities to Non-Resident Controlled Companies This notice was revoked on April 1, 2005. 9 Investments Abroad 10 Foreign Currency Credit Facilities and Ringgit Credit Facilities From Non-Residents 11 Inter-Company Accounts 12 Securities 13 Import and Export of Currency Notes, Bills of Exchange, Assurance Policies, etc. 14 Dealings with Specified Persons and in Restricted Currencies 15 Labuan International Offshore Financial Centre 16 Approved Operational Headquarters

Identify the business risks at Sunshine. - Free Essay Example

Question 1 a) There are eight business risks which should be assessed by the management of Sunshine. Exclusive right risk In July 2009, Sunshine obtained exclusive rights to operate a car and passenger ferry route between Hong Kong and Shekou until December 2025. It about only 15 years exclusive right, it is relative short. Besides, it may be cancel in the future. Sunshine facing cannot extend the exclusive right risk. Entrance of competitor risk Between Hong Kong and Shekou has an alternative to driving 300 kilometers using the road. There have been several ambitious plans to build a bridge crossing Hong Kong to Shekou in the future, but they have failed due to lack of public support and the government funds only. If the road is build, then it will be a high business risk for Sunshine, since using the road is faster than boats. Sunshine is facing entrance of competitor risk in the future. Old boats risk Sunshine refurbished two 20-year-old boats to service the route. In this case, Sunshine facing boats are relatively old. Old boats need higher repair and maintenance costs in order to operate the business. Environmental Protection Regulations risk The boats have no yet met the emission standards of the Environmental Protection Regulations which will come into force in 2015. Sunshine sh ould be update the old boats or buy new boats. Both suggestions need a very high cost for Sunshine to meet Environmental Protection Regulations. Unused capacity risk Each boat makes three return crossings every day of the year, subject to weather conditions. Each has the capacity to carry 250 passengers and 40 vehicles. Sunshine carried 70,000 vehicles in the year ended 31 December 2013(2012:58,000; 2011:47,000). According to above, capacity to carry vehicles is 3ÃÆ'—2ÃÆ'—40ÃÆ'—365=87600 vehicles. Sunshine has over unused capacity during 2011-2013. Franchise risk Hot and cold refreshments and travel booking facilities are offered on the one-hour crossing. These services are provided by independent businesses on a franchise basis. The services quality very depends on the suppliers. Besides, extra income is not subject to Sunshine. Oil cost risk Oil cost will be affected by global environment, such as, required of oil consumption, objectives a nd needs, current and future business environment etc. So it may be rise or drop dramatically. The cost of oil may be very unstable. Weather risk Sunshine is facingpotential financial losses caused by unusual weather. Besides, it may be leading to shipwreck. Weather is an important element for boats industry. b) The risks identified in (a) could be managed and maintained at an acceptable level by Sunshine. Show as following: Exclusive right risk Sunshine should be maintain a good relationship with customers and good brand name in order to obtain the exclusive right to operate a car and passenger ferry route between Hong Kong and Shekou for a long time more easily. Besides, it can reduce the entrance of competitor. Thus, exclusive right will be not taken by another company. Entrance of competitor risk Sunshine should be built up their brand name in order to retain customer. Promote comfortable, conveniences and cheaper for customer. Besides, keep profession cu stomer service and maintain good customer relationship in order to defense the entrance of competitor. Old boats risk Old boats facing old machine problem, then it may be suddenly have some accident, thus Sunshine should be keep more frequency on repair and maintenance, in order to avoid the accident. Environmental Protection Regulations risk New Environmental Protection Regulations will be effect in 2015, Sunshine cannot avoid the event. Besides Sunshine can prepare early, because the cost of met the emission standards of Environmental Protection Regulations will be more expensive when near the regulation effect in 2015. On the other hand, early to improve the boats emission standard are more elasticity and cheaper. Unused capacity risk Unused capacity is an opportunity cost for the company, Sunshine should utilize the opportunity cost, and thus some of place can transport goods in order to utilize all unused capacity. Franchise risk Sunshine should be direc tly manages hot and cold refreshments and travel booking facilities, so Sunshine can easy to maintain the quality of services in order to keep the brand loyalty. Besides, Sunshine can earn extra income from the hot and cold refreshments and travel booking facilities. Thus, dont use franchise basis. Oil cost risk Oil cost will be affected by global environment, so implementation of an oil price risk strategy is needed. Sunshine can besthedgeagainst costly exposures to oil price risk.The best method is use oil price risk management services in order to decrease the oil cost risk. Weather risk Weather risk may be lead to Sunshine facing financial impact, so Sunshine should be use risk transfer instruments based on a defined weather element, such as temperature, rain, snow, wind, etc. in order to decrease the financial exposure due to the weather problem. Thus, Sunshine should buy insurance to cover the potential loss. c) Business risk identified in (a) may be linked t o a financial statement risk. Show as following, Exclusive right risk The exclusive right risk will be affect Sunshine going concern problem, because cannot obtain the exclusive right will be close the business Entrance of competitor risk Build a road crossing Hong Kong to Shekou will be decrease Sunshines revenue, because one more method crossing Hong Kong to Shekou. Old boats risk Old boats will increase repair and maintenance expenses. Environmental Protection Regulations risk Government Environmental Protection Regulations will lead to increase repair and maintenance expenses. Unused capacity risk Unused capacity will lead to decrease Sunshines revenue. Franchise risk Franchise basis may be decrease revenue, because supplier provides bad services and goods. Oil cost risk Oil cost increase may be increase material expense. Weather risk Unstable weather may be lead to decrease revenue. Question 2 a) Fred decided to inspect d ocumentary evidence that all shipments made by Top Shop Ltd. have been invoiced by matching shipping documents with invoices. So he has identified all sales invoices as the population from which he intends to take a sample. Select sales invoices to inspect documentary evidence that all shipments made by Top Shop Ltd is incorrect, since all sales invoices must have shipping documents. However, have shipping documents may not issue sales invoices. Thus, Fred should not take sales invoices for the sample test. Fred should take shipping documents as sample test. b) Since Fred plans to place a high degree of reliance on this particular control, he assesses the risk of overreliance at 5%. In previous years, a 10% level was used. High percentage of risk of overreliance is more irrelevance on their clients. On the other hand, Lower percentage of risk of overreliance is more reliance on their clients. According to this case, audit manager (Mike Wong) and audit partner (Mary Lee) indicate that a higher degree of reliance is planned in the current audit, so Fred assesses the risk of overreliance at 5% which is lower than 10% level was used in previous years is correct. c) Fred assessed the expected population deviation rate at 1% in current audit year. While the rate of deviation from prior audits has approximated 2% High percentage of expected population deviation rate is worst in its processing of sales invoices. On the other hand, Lower percentage of expected population deviation rate is better in its processing of sales invoices. In this case, Top Shop Ltd. has made several improvements in its processing of sales invoices; as a result, Fred believes that a lower expected population deviation rate is appropriate. Thus, expected population deviation rate decrease from prior audit 2% to current audit 1% is correct. d) Fred uses sampling tables to calculate s sample size of 156 prior years. In current year, more than 30,000 sales invoi ces are processed per year, and then he increases the sample size to 175 because the population of sales invoices is extremely large. In this case, population of sales invoices is extremely large, and then increase sample size from 156 to 175 cannot have a good sample test. Since, increase 175-156=19 is relative small. On the other hand, the population of sales invoices is extremely large, continuous increase the sample size is not significance for the test. e) The sum of sample rate of deviation of 2% and allowance for sampling risk of 2.5% equal to 4.5% is less than the risk of overreliance 5% by d), Fred concluded that the control is operating effectively and decided to rely on this control as planned to reduce the scope of his substantive procedures. In this case, Fred is incorrect and risk of overreliance is irrelevant to the sample rate of deviation plus allowance for sampling risk. He should use tolerable rate of deviation to compare with the sum of sample rate of deviation and allowance for sampling risk. Thus, sample rate of deviation of 2% and allowance for sampling risk of 2.5% equal to 4.5% is more than the tolerable rate of deviation 4% by d). The control is not operating effectively and cannot rely on this control as planned to reduce the scope of his substantive procedures. Question 3 a) These third parties more likely pursue litigation against Madeoff under common law because of the auditor breach of failure to exercise reasonable skill and care. b) Case (1) First Trust Bank First Trust Bank was specifically named in the engagement letter. Prior to committing the capital, First Trust Bank had reviewed Madeoffà ¢Ã¢â€š ¬Ã¢â€ž ¢s financial statements and, based on the financial condition reflected in its statement of financial position, deemed Madeoff to be a qualified loan candidate. According to the case, First Trust Bank is primary beneficiaries with Allen which is known and named third parties. By law, prim ary beneficiaries as having this privity to contract, as a result, First Trust Bank will be treated same as client. First Trust Bank was specifically named in the engagement letter. Case (2) MoonTrust Bank MoonTrust Bank is not named in the engagement letter nor identified to Allen, Madeoff had previous business dealings with MoonTrust and maintained several accounts at MoonTrust. Based primarily on its prior relationships with Madeoff, as a result approved the financing to Madeoff prior to receiving the audited financial statements. In this case, MoonTrust Bank is foreseen beneficiaries with Allen which is known and unnamed third party. Because MoonTrust Bank is not named in the engagement letter nor identified to Allen, but based on its prior relationships with Madeoff. Case (3) Alice Lay Alice Lay request and review Madeoffà ¢Ã¢â€š ¬Ã¢â€ž ¢s audited financial statements and Allenà ¢Ã¢â€š ¬Ã¢â€ž ¢s report on those financial statements prior to providing funding. H owever, Alice had never entered into a loan agreement of this nature in the past. In this case, Alice Lay is foreseeable third parties with Allen which is unknown and unnamed third party. Because Alice Lay felt personal ties to Madeoff and was interested in its continued success, but never entered into a loan agreement of this nature in the past. c) Allenà ¢Ã¢â€š ¬Ã¢â€ž ¢s audit did not follow the HKSA but that it did not demonstrate a lack of minimum care or actual knowledge of the misstatements. Case (1) First Trust Bank According to contract law, First Trust Bank is a primary beneficiary with Allen. First Trust Bank was specifically named in the engagement letter. Besides, First Trust Bank had reviewed Madeoffà ¢Ã¢â€š ¬Ã¢â€ž ¢s financial statements, and then based on the financial statement deemed Madeoff to be a qualified loan candidate. Allen did not follow the HKSA, he breach of common law duties, because he failure to exercise reasonable skill and care. Be sides, under contract law, Allen owed the First Trust Bank a duty of care, Allen was negligent and First Trust Bank suffered a loss as a result of the auditors negligence. Thus, Allen is liable to First Trust Bank. To conclude, First Trust Bank ability is to against Allen in potential claim. Case (2) MoonTrust Bank According to contract law, MoonTrust Bank is a foreseen beneficiary with Allen. MoonTrust Bank is not named in the engagement letter nor identified to Allen, however, MoonTrust Bank based on prior relationships with Madeoff, then reviewed Madeoffà ¢Ã¢â€š ¬Ã¢â€ž ¢s financial statements and based on the financial statement qualified the loan. Same as case (1) Allen did not follow the HKSA, he breach of common law duties and failure to exercise reasonable skill and care. Although, MoonTrust Bank is not named in the engagement letter, Allen foreseen MoonTrust Bank will be based on the financial statement and qualified the loan. Because, based on primarily on its prior relationships with Madeoff. Under contract law, Allen owed the First Trust Bank a duty of care, Allen was negligent and First Trust Bank suffered a loss as a result of the auditors negligence. Thus, Allen is liable to third parties of First Trust Bank. To conclude, MoonTrust Bank ability is to against Allen in potential claim. Case (3) Alice Lay Alice Lay, provided $200,000 of capital to Madeoff. While her decision was primarily motivated by Madeoffà ¢Ã¢â€š ¬Ã¢â€ž ¢s role in the community and its corporate citizenship, besides, she did request and review Madeoffà ¢Ã¢â€š ¬Ã¢â€ž ¢s audited financial statements and Allenà ¢Ã¢â€š ¬Ã¢â€ž ¢s report on those financial statements prior to providing funding. However, she did not entered into any loan agreement to Madeoff before. In this case, although Allen did not follow the HKSA, he breach of common law duties and failure to exercise reasonable skill and care. However, Allen can prove he did not demonstrate a lack of m inimum care or actual knowledge of the misstatements, so there is no duty owed to Alice. Furthermore, they are absence of causal connection. Alice didnt rely on the financial statement make the decission. To conclude, Alice do not have ability to against Allen in potential claim. d) The parties could prove that Allen was aware that Madeoffà ¢Ã¢â€š ¬Ã¢â€ž ¢s financial statements contained a material misstatement. In this case, an intentional act by one or more individuals among management, those charges with governance, employees, or third parties, involves the use of deception to obtain an unjust or illegal advantage. This is a fraud action. Relationship is irrelevant with the fraud case, when these parties prevail against Allen in a potential claim. These parties are eligible to claim the loss from Allen. To conclude, Allen is liable for these three parties potential loss. Question 4 a) Audit committees can enhance a listed companys corporate governance. Th ere are following eight benefits. Audit committees reviewing the financial statements on behalf of the Board, it improves the quality of financial reporting Audit committees can help risk management awareness and control which will reduce the opportunity for fraud, by create a climate of discipline. Non-executive directors sitting on the Audit Committee can contribute an independent judgment and play a positive role. Audit committees can help the finance director, and then finance director can get things done which might otherwise be difficult. Audit committees can provide a channel of communication and forum for issues of concern, so it can strengthens the position of the external auditor. Audit committees can provide a framework, when the external auditor can assert his independence in the event of a dispute with management. Audit committees can strengthen the position of the internal audit function, because it can provide high degree of independence from management. Audit committees can increase public confidence in the credibility and objectivity of financial statements and the Board. Reference: Auditing and Assurance in Hong Kong Third Edition (Peter Tze Yiu Lau and Nelson Chi Yuen Lam) P.818 b) Good self regulation can lead to absence of major corporate failure or fraud and government will be reluctant to impose regulations on industry. However, without regulated by law, then audit committees may be inconsistency of practice and standards. Audit committees may be disproportionate significance being given to its role and may impact on corporate performance. Thus, the role of the audit committee should be left to voluntary codes of practice and should be regulated by law in all countries. Reference: The Hong Kong University of Hong Kong, à ¢Ã¢â€š ¬Ã‹Å"Auditing I studyà ¢Ã¢â€š ¬Ã¢â€ž ¢ The Hong Kong University of Hong Kong, à ¢Ã¢â€š ¬Ã‹Å"Auditing II study unit 1-2à ¢Ã¢â€š ¬Ã¢â€ž ¢ Eilifsen, Aasmund., Auditing assurance services, McGraw-Hill Education (2nd international) Peter Tze Yiu Lau, Nelson Chi Yuen Lam, Auditing and assurance in Hong Kong, Pilot Pub, (3rd edn) ACT B417 TMA1 P.1