Kara and Scott Baker own a small retail company, BasicRequirements, with one store located in a small college town and awebsite through which customers can make purchases. The store sellstraditional but up-to-date clothing for young women such astee-shirts, jeans, chinos, and skirts. The store has been open for10 years, and the owners added the online shopping capability justlast year. Online business has been slow, but Kara and Scottbelieve that as student customers graduate from the university theywill use the online site to continue to have access to theirfavorite store from their college days.The storeâs website has manyfeatures. It classifies clothing by type, and customers can viewitems in various colors. To purchase an item, the user clicks onthe icon depicting the desired product and adds it to an individualonline shopping basket. The customer can view the basket and make apurchase at any time while browsing the site. When checking out atthe site, a new customer must first register, providing billing andshipping information, as well as credit card data. Returningcustomers log in with the identification code and password theycreated when they registered. They also use that method to check onan order status. If a customer forgets their login information,they can simply click on a link to have it emailed to them. Once auser registers, Basic Requirementsâ system will automatically addtheir email address to a file that they use to regularly send outemails about sales and other promotions. Kara and Scott areconcerned about internal controls in their business. Theyespecially worry because they know that their web access createssome special risks. They have asked one of their customers who isan accounting student at the university to evaluate the reliabilityof their information system with respect to security, availability,and privacy.
1. Identify two security, availability, and privacy risks thatBasic Requirements faces.
2. For each risk identified above, describe two internalcontrols Basic Requirements should use to protect against theserisks.
3. The accounting student who is evaluating the reliability ofBasic Requirementsâ information system is interested in becoming anIT auditor. Describe some of the specific actions an IT auditorwould take to verify that Kara and Scott have adequate controls inplace concerning privacy.