The Association between Dust Incidents and Respiratory Diseases in Abu Dhabi

Introduction The climate’s peculiarities of the Middle East make the population of the countries in the region suffer from a lot of dust incidents every year which occur frequently in relation to the definite season. Summer is the period with the most intensive dust storms in the United Arab Emirates (UAE), Iran, Syria, and Iraq.Advertising We will write a custom research paper sample on The Association between Dust Incidents and Respiratory Diseases in Abu Dhabi specifically for you for only $16.05 $11/page Learn More The population of the countries with the similar weather conditions such as Lebanon and Israel observe the most drastic dust storms in spring. Dust storms are typical for the climate of Egypt not only for springs but also for winters. The problem is in the fact that such dust incidents as dust storms have a lot of negative effects not only on the environment and economy of the countries but also on their population’s health. Researchers state that it is possible to examine the direct dependence of the development of respiratory diseases among the population of the Middle Eastern countries on the dust storms’ frequency (Akbari, 2011; Kutiel Furman, 2003). Moreover, the possibility of frequent dust storms as the characteristic feature of the region’s climate negatively affects the development of such chronic diseases caused by the sandstorm dust as asthma and chronic obstructive pulmonary disease (COPD). The purpose of this research is to examine and describe the possible correlation between such dust incidents as dust storms and the prevalence of respiratory diseases in the Middle Eastern region with references to the situation in Abu Dhabi. The climate conditions of Abu Dhabi are characterized by frequent dust and sand storms which negatively affect the population’s state of health and cause different respiratory diseases which are often discussed as chronic ones (asthma and COPD). The Nature and Impacts of Dust/Sand Storms in the Region of the Middle East The causes of dust/sand storms in the UAE are the same ones as in any country of the Middle Eastern region. The sand storms are caused by the forces of wind and the prolonged droughts contribute to the development of the process. Thus, the wind affects the vibration of sand particles which later begin to saltate. Akbari states that then the particles of sand â€Å"repeatedly strike the ground, they loosen smaller particles of dust which then begin to travel in suspension† (Akbari, 2011, p. 228). The Persian Gulf region â€Å"suffers from considerably more dust storms than the other regions. The averaged maximum occurs in the summer during which for more than 30% of the time there is a level of airborne dust that reduces visibility to below 11 km† (Akbari, 2011, p. 229). Moreover, dust incidents can also occur in spring and winter when the percentage of their frequency is rather low. Dust storm s are characterized by a lot of negative impacts which can be discussed as rather severe for the countries’ environment, economy, and social life of the population in relation to the increase of health problems, especially a development of the respiratory diseases.Advertising Looking for research paper on environmental studies? Let's see if we can help you! Get your first paper with 15% OFF Learn More Kutiel and Furman, with references to the investigations of the other researchers, determine such negative effects of dust and sand storms in the region as the reduced soil fertility and possible damage to crops which are harmful for agriculture. It is also possible to observe the extreme reduction of solar radiation, and the consequences of this process are the efficiency of solar devices. Sand storms can destroy telecommunications and other mechanical systems. They result in the dirt, air pollution, and the increase of respiratory diseases (Akbari, 2011; Kutiel Furman, 2003). Why are sand storms so risky for the environment and population of the UAE? Akbari pays attention to the fact that â€Å"a sandstorm can move whole sand dunes. Dust storms can carry large amounts of dust, so much so that the leading edge of one can appear as a solid wall of dust as much as 1.6 km (1 mile) high† (Akbari, 2011, p. 228). The effects of this phenomenon can be dangerous for the territory where the process is the most intensive. To prevent the negative effects of dust and sand storms which are observed in the region during the whole year, it is necessary to concentrate on examining the peculiarities of these dust incidents, accentuating the factors which contribute to their development. Moreover, it is also important to work out the system of effective decreasing the consequences of the drastic sand storms. The economists pay much attention to overcoming the impacts of sand storms on the agriculture, the ecologists concentrate on protecting the envir onment from these severe processes, and doctors develop the ways to reduce the negative effects of dust and sand storms for people who suffer from asthma and COPD. The problem of dust storms is also typical for the territories which have different climatic conditions in comparison with those ones in the UAE. In their research, Shao and Dong focus on the methods to cope with dust storms effectively at the territories of China, Korea, and Japan (Shao Dong, 2006). The researchers’ conclusions about the effectiveness of monitoring dust storms and modeling systems to predict the consequences and overcome the impacts can be effective for analyzing the aspects of the problem in the UAE because the negative effects of dust storms on the quality of the people’s life, their health, and social activities can be considered as comparable for these countries.Advertising We will write a custom research paper sample on The Association between Dust Incidents and Respiratory Disea ses in Abu Dhabi specifically for you for only $16.05 $11/page Learn More The Problem of Respiratory Diseases in the World and in Abu Dhabi The increase of the amount of people who suffer from the respiratory diseases which have the chronic form can be observed every year. Moreover, chronic respiratory diseases become the cause for increasing the level of mortality in the definite countries. According to the data presented at the meeting of Global Alliance Against Chronic Respiratory Diseases (GARD), asthma and COPD caused the death of 250 000 persons in 2005, and this number increases every year with taking the third position of causing the people’s death globally (WHO, 2008, p.1). According to the results of Hajat, Harrison, and Shather’s research, respiratory diseases take the sixth position as the cause of deaths in Abu Dhabi. That is why, respiratory diseases are discussed as the influential factors for causing the persons’ deaths w ith references to non-communicable diseases (Hajat, Harrison, Shather, 2012). (Hajat, Harrison, Shather, 2012). The situation in the UAE can be compared with the situation in the countries with the similar climatic conditions. It is stated in researches that respiratory diseases is the main causes for the population’s deaths in Egypt, Syria, and Lebanon (WHO, 2006). According to Nuwayhid, Youssef, and Habib, â€Å"rainfall decrease and increase in temperature will increase air pollution and consequently cause an increase in respiratory illnesses among urban populations, particularly in Egypt, Lebanon and the United Arab Emirates† (Nuwayhid, Youssef, Habib, 2009, p. 90). The development of these diseases is correlated with the frequency of dust incidents.Advertising Looking for research paper on environmental studies? Let's see if we can help you! Get your first paper with 15% OFF Learn More It is possible to determine such causes for developing the chronic respiratory diseases as the intensification of the air pollution caused by increasing the level of dangerous substances in the air. Breathing the extremely polluted air as a result of the industries’ development, a lot of people over the world suffer from the reduced lung function, different symptoms of asthma and COPD, and from chronic bronchitis. However, the situation in the UAE is more complicated because of the fact the majority of symptoms of the respiratory diseases depend on the high level of presence of the sand and dust particles in the air. Thus, the professors who presented their reports at the GARD meeting stated that the percentage of the morbidity and mortality caused by asthma and COPD is comparatively high in the Middle East, and the risky situation continues to develop (WHO, 2008). In spite of the fact the main cause for the development of the chronic respiratory diseases is determined by the researchers as the climatic peculiarities and the frequent occurrence of dust and sand storms, the aspects of ‘civilization’ also significantly influence the prevalence of the respiratory diseases in the region. According to Hajat, Harrison, and Shather, the increase of chronic diseases in Abu Dhabi, including respiratory diseases, is connected with the growth of the region’s status and its intensive development (Hajat, Harrison, Shather, 2012). The definite aspects of the western way of life such as the growth of industries and transport can cause the people’s suffering from non-communicable diseases. The rapid growth of industries â€Å"is causing air quality to become poor in the large cities due to motor vehicles and industrial emissions. The health impact can be seen by the fact that the incidence of respiratory diseases has increased in the past 10 years† (WHO, 2006, p. 44). The next important factor is smoking. Thus, the quality of the air decreases, and the peculiarities of the climate in Abu Dhabi contribute to complicating the situation. Nevertheless, the researchers are inclined to associate the problem of respiratory diseases in the UAE, and Abu Dhabi in particular, with the peculiarities of the region’s hot and dry climate. Thus, occasional violent sand and dust storms can cause a lot of damage, reduce visibility, and contribute to worsening the health of those persons who suffer from different respiratory diseases. In their investigation, Zaabi and the group of researchers concentrated on the connection between the development of COPD in Abu Dhabi and smoking. The researchers concluded that there are no direct connections between the health problems and smoking because of the fact there are a lot of the other factors which stimulate the worsening of the population’s health state in Abu Dhabi and the increase of the amount of people with chronic respiratory diseases such as COPD (Zaabi et al., 2010 ). Thus, the question of more risky factors for developing respiratory diseases remains open because the situation in Abu Dhabi can be discussed as caused by the combination of the negative impacts of breathing the chemically polluted air, smoking, breathing the air with the particles of sand and dust storms. Salvi and Barnes also focus on examining the possible correlations between the fact of active or passive smoking and the development of COPD, and they conclude that chronic asthma and chronic obstructive pulmonary disease depend not only on the fact of smoking or the effects of biomass fuel but also on the combination of the definite socio-economic factors, and the peculiarities of the certain nations’ development (Salvi Barnes, 2009). The results of the research are significant for analyzing the role of such factors as, for instance, smoking and breathing the air polluted with the sand and dust particles for the development of the respiratory diseases. It is possible t o conclude that the prevalence of respiratory diseases in the UAE and Abu Dhabi is based on such significant factors as the progress of the life according to the definite western patterns, the industries’ growth, the development of the unhealthy habit to smoke, the pollution of the air with the sand and dust particles which is caused by the occasional sand storms. Chronic respiratory diseases are the causes for a lot of deaths in the region, and the frequency of sand and dust storms can be discussed as the negative factor for changing the statistical data in relation to the issue. The Connection between Dust/Sand Storms and Respiratory Diseases in Abu Dhabi Today, a lot of people who live in Abu Dhabi suffer from coughing and wheezing, such chronic respiratory diseases as asthma and COPD. Mahboub, Santhakumar, Soriano, and Pawankar conducted the complex research to examine the peculiarities of asthma in the UAE, concentrating on the factors which stimulate its development and on the ways of the effective treatment (Mahboub, Santhakumar, Soriano, Pawankar, 2010). The problem is in the fact chronic respiratory diseases are often caused by the combination of negative factors among which it is necessary to focus on smoking and the climatic peculiarities of the region. Thus, dust and sand storms are discussed as the most influential aspects for developing the people’s shortness of breath and worsening their chronic respiratory diseases. Kwaasi (as cited in Nuwayhid, Youssef, Habib, 2009, p. 92) pays attention to the fact that sandstorm dust is a â€Å"prolific source of potential triggers of allergic and nonallergic respiratory ailments†. Such dust incidents as sand storms in the UAE are the environmental risk factors which cause the prevalence of asthma, pneumonia, allergic rhinitis, pulmonary tuberculosis, and COPD in the region. The periods which can be considered as the seasons of dust/sand storms in Abu Dhabi are characterized by the pat ients’ frequent complaints about their chronic respiratory diseases or allergic rhinitis. That is why, it is important for people to stay indoors when the violent sand storms occur in order to avoid the deterioration of the physical state of those persons who suffer from asthma or COPD. Nowadays, many researchers agree that it is possible to observe the direct correlation between the development of asthma, COPD, and the other respiratory diseases and the frequency of dust and sand storms in the UAE because the particles of sand influence the respiratory system, causing its allergic reactions or worsening the chronic diseases (Nuwayhid, Youssef, Habib, 2009). From this point, the climatic and weather peculiarities of the region such as the vast desert area and the changes in temperature provoke dust incidents which cause a lot of respiratory diseases, and this logic chain ends with the high percentage of mortality affected by the development of respiratory diseases in the UAE (Hajat, Harrison, Shather, 2012). In spite of the fact dust/sand storms are dangerous for the people’s health in Abu Dhabi because of the peculiarities of this weather phenomenon, the situation can be complicated with the persons’ habit to smoke. Breathing the air polluted with the sand particles and gases, people increase the risks of worsening their physical state and developing chronic respiratory diseases. The researchers pay attention to the fact that dust and sand storms can provoke the development of the respiratory diseases such as pneumonia and allergic rhinitis and can prolong the patients’ suffering from COPD and bronchial asthma (Zaabi et al., 2011). It is important to note that the seasons of dust and sand storms in the UAE are the periods of the hot and windy weather when the percentage of the patients’ complaints about their health and respiratory diseases is extremely high, and it can be very low during the other seasons of a year. Thus, dust and sand storms are directly associated with increasing the level of respiratory diseases in the UAE, and in Abu Dhabi in particular. It is rather difficult to find the ways of prevention from developing allergies and worsening asthma during the seasons of dust and sand storms because of the necessity to go outdoors and continue the everyday activity. That is why, doctors draw the patients’ attention to the importance of following some rules among which the avoidance of smoking and covering their nose and mouth while being outdoors. Some easy forms of the respiratory diseases caused by the dust and sand storms which are typical for the region of the UAE can develop into asthma, lung diseases, and even trachea and bronchus cancers. From this point, the problem of respiratory diseases and its association with the frequency of dust incidents in Abu Dhabi is important for examining by the researchers because respiratory diseases are the cause for the premature deaths of the population in the region. Conclusions The high level of mortality from respiratory diseases in the UAE, and in Abu Dhabi in particular, is based on the peculiarities of the climate in the region when the hot and dry windy weather influences the dust incidents which cause the persons’ problems with the respiratory system. Dust/sand storms affect the situation when millions of sand particles are distributed with the help of the wind and provoke the development of the allergic reactions. Dust and sand storms are frequent in summer and spring, and these seasons are characterized by the extremely high percentage of the patients’ complaints about asthma, COPD, and allergies. To avoid the negative effects of dust incidents, it is necessary for people to stay predominantly indoors and protect their nose and mouth when they are outdoors. It is possible to conclude that the prevalence of asthma, COPD, and other respiratory diseases in Abu Dhabi is directly associated with dust storms in the region because these dust incidents provoke the negative stimulation of the people’s respiratory system, contributing to the development of a lot of symptoms such as coughing and problems with breathing. Living in the UAE, people have to adapt to the climatic peculiarities in order to avoid the health problems, and respiratory diseases caused by these peculiarities can be discussed as characteristic for the population’s health in Abu Dhabi. References Akbari, S. (2011). Dust storms, sources in the Middle East and economic model for survey it s impacts. Australian Journal of Basic and Applied Sciences, 5(12), 227-233. Hajat, C., Harrison, O., Shather, Z. (2012). A profile and approach to chronic disease in Abu Dhabi. Globalization and Health, 8(18), 1-24. Kutiel, H. Furman, H. (2003). Dust Storms in the Middle East: Sources of origin and their temporal characteristics. Indoor Built Environ,12, 419–426. Mahboub, B. H. S. H., Santhakumar, S., Sorian o, J. B., Pawankar, R. (2010). Asthma insights and reality in the United Arab Emirates. Annals of Thoracic Medicine, 5(4), 217–221. Web. Nuwayhid, I., Youssef, R., Habib, R. R. (2009). Human health. In M. K. Tolba N. Saab (Eds.) Arab environment. Climate change: Impact of climate change on Arab countries (pp. 88-98). Beirut, Lebanon: AFED. Salvi, S. S. Barnes, P. J. (2009). Chronic obstructive pulmonary disease in non-smokers. Lancet, 374, 733-743. Shao, Y. Dong, C. H. (2006). A review on East Asian dust storm climate, modelling and monitoring. Global and Planetary Change, 52, 1–22. World Health Organization (2006). Health system profile: The UAE. Web. World Health Organization (2008). Global Alliance against Chronic Respiratory Diseases (GARD). Web. Zaabi, A. A., Asad, F., Abdou, J., Musaabi, H. A., Saiari, M. B., Buhussien, A. S. M., Nagelkerke, N., Soriano, J. B. (2011). Prevalence of COPD in Abu Dhabi, United Arab Emirates. Respiratory Medicine, xx, 1-5. This research paper on The Association between Dust Incidents and Respiratory Diseases in Abu Dhabi was written and submitted by user Malice to help you with your own studies. You are free to use it for research and reference purposes in order to write your own paper; however, you must cite it accordingly. You can donate your paper here.

buy custom International Business Environment essay

buy custom International Business Environment essay International business is described as the collectively commercial transactions, carried out in more than one country. Usually, government companies involve in business transaction across the boundaries for political reasons and the private companies for profit reasons. International business involves all the activities, carried out by public and private sectors across the borders. The economic transaction resources include capital, people as well as skills, necessary for production of goods and services. Many companies, involving in international companies, are referred as the multinational corporations. These are the companies that carry out business worldwide and they have their companies, located in more than one region. The international business operation depends on the objectives of the company. The global pattern of foreign direct investment from 2000-2011 have changed because the business operations have been affected by physical, societal and the competitive environmental f actors. The average annual FDI inflows on FDI in Africa doubled and increased significantly from 2000 to 2003. The global FDI flows in African regions increased for about 6 per cent. Among the developing nations, Africas FDI inflows from 2000 to 2003 increased, but it later reduced in 2004 to less than 9 % from 20% (UNCTAD 2008, p.109). From 2000 to 2003, FDI inflows accounted for one fifth per cent of the capital flow to African. In the developing nations, African continent has been lagging behind. However, the FDI is one of the most international dynamic resource flows for developing nations. The FDI is fundamental because of its intangible and tangible assets. This is because the firms deploying them are significant players of FDI flows in the global economy. The considerable evidence is that FDI affects growth and development, thus, complementing investments in the domestic market. Like many other developing countries, Africa requires substantial external resources inflows in order to el iminate the current economic crisis, which contributes to its increased poverty level. The international investment crisis started in 2004 but the year 2008 marked the end of this crisis because of the growth cycle. According to Cantwell, Dunning and Lundan (2010, p. 468), the FDI reached a remarkable record of $ 1.8 trillion during the year 2007. This was because of the ongoing global economic and financial crisis. This crisis affected many multinational companies, especially the International World Banks. Therefore, the FDI flows declined more than twenty the year 2008, making many multinational corporations to experience losses. The table 1 below indicates the FDI inflows by group of economies from 200 to 2008. The FDI flow decrease was experienced in 2009 due to transactional corporation crisis consequences and this affected the investment expenditures. This unfolded in the year 2010, when the private and public companies operating business worldwide started to experience a bigger loss in business transactions (Bergstrand and Egger 2007, p. 290). (Billions of dollars) Regions 2000 2001 2002 2003 2004 2005 2006 2007 2009 Developed economies Developing economies Transition economies 1400 200 200 1200 200 200 800 300 200 600 400 150 1000 400 150 1200 300 400 1400 300 500 1600 500 600 1800 600 800 Source: UNCTAD, based on EDI database (www. Unctad.org/fdi statistics) Additionally, the global decreases in FDI in 2008 to 2009 were initiated by two major factors, which affected the domestic and international investment. First, the firms were unable to invest due to reduction in financial resources accessibility both internally and externally. This led to corporate profit reductions because of the lower availability as well as higher financial cost of borrowing fund for carrying out transactions effectively. The financial and economic crisis made the International Monetary Funds to regulate financial accessibility in an attempt to curb this crisis (Antoncic, Cardon and Hirsch 2004, p.181). Secondly, the economic prospects affected negatively the propensity to invest, especially in the developed nations. This is because many of the developed nations were hit by severe economic depression. In earlier 2009, many companies were forced to restrict their costs investment programs because of the two factors. This was done in order to enable the companies to be more flexible to any further decline in the business environment. The two factors impacted the FDI types such as the market, efficiency and resource seekers, though with varied magnitudes and locations. The FDI impacted particularly the cross border mergers as well as the acquisitions. The impact was severe, especially in 2008, where there was sharp decline, compared to other years behind. This led to a kind of divestments and restructuring, rising wave in the business environment. Although the international Greenfield investments were less impacted in 2009, most of the projects were cancelled and some of them were postponed. Moreover, the FDI impacts were different because they depended on the regions and each sector. The developed countries were much more affected than the developing countries due to a decline in the 2008 FDI inflows. This was because of the sluggish market visions. Although, the flows into the developing nations in 2008 continued to increase, it was, however, much lower than the years before. In 2009, the FDI inflows declined in multinational sectors. This was because of the pull-back in efficiency as well as in FDI resource seeking, which aimed to export their p roducts to advanced economies (Hajkova, Nicoletti, Vartia, and Yoo 2006, p. 110). The FDI market seeking intended at servicing domestic markers with development prospects but they receded. Among the industries, the most significant FDI flows that have been affected up to the year 2011 were the financial service, intermediate and consumptions goods as well as the automotive industries. Other industries that have been affected by slowdown in the global economy include the aircraft, steel industries and the transport sector. However, the crisis is still expanding to other activities, arraying from the primary to non-financial sectors. The short term current economic recession on worldwide FDI prospects have created the negative impacts on the economy. The present crisis, which is a result of the exceptional magnitude, could lead to structural changes in the global economy. This is because some factors, favorable for FDI growth, are still working and some of them are associated with the crisis itself. Some driving forces will sooner or later trigger the new FDI flows. These include investment opportunities due to cheap prices of assets, large financial amounts. Industrial restructure and availability of financial resources in merging nations will trigger the FDI flows. Additionally, high expansion rate of new activities such as internalization of industries and environmental allied industries will too trigger the FDI flows (Buckley and Ghauri 2004, p. 87). In 2008, the FDI inflows declined to more than 20 per cent in ajor economies, thus, contributing to economic slowdown, rigid credit conditions and economic profit reductions in multinational corporations. Many companies decided to lay off their workers, curtailed production and reduced their capital expenditures. However, all of these had implications on the FDI inflows. According to Sethi, Guisinger, Phelan and Berg (2003, p. 320), the UNCTAD and world FDI flows preliminarily estimated that by 2008, the FDI would decline by 21 per cent. This is because of the sharp step-back of other things that were anticipated during the quarter of the year. The table 2 below indicates the FDI growth prospects of 2009 t0 2011 compared with that of 2008. The recent IMF forecast on world economic outlook anticipated that the economic output in 2009 expanded by 2.2 per cent from November 2008 as compared to October projection of the same year, whereby the output was 1.5 per cent (Vygodina 2006, p. 22 0). The United Nations are more pessimistic on the global economic prospects. This is because they predicted that the FDI inflows would increase with a skimpy one per cent growth in the global economy. Table 2: Global FDI prospects (per cent of responses) FDI growth prospects (compared with 2008) Increase Remain the same Decrease 2009 2010 2011 22 33 50 20 26 31 58 41 19 The present FDI economic crisis is different from that of the previous. For instance, when comparing the economic crisis of 2000 to 2004, it is different from that of 2007 to the present, which originated from the developing nations. This led to a negative impact on the FDI inflows as indicated in table 3 below. In contrast, the present economic crisis originated from the developed nations, thus, spreading to developing nations (Publishing, 2005). The crisis that hit the developed nations varies in severity degree among the nations. Thus, the crisis has varied consequences on the FDI inflows in geographical locations. The preliminary data revealed that the protracted and the deepening crisis of 2008 affected many financial institutions. Nevertheless, the liquidity crisis in the monetary banks and debt markets affected the FDI flows (UNCTAD 2008, p. 112). This led to a decline in the inward flow, especially in countries such as Finland, Italy and Germany, compared to FDI inflows in 20 06, which was somehow higher than in 2008. The FDI decline in the United States and United Kingdom led to severe crisis that contributed to limited financial investments. Table 3: World FDI inflow prospects Regions 2007 2008 2009 2010 2011 IMF: World Advanced economies Emerging economies World Bank Developing countries United Nations Developed economies Transition economies Developing economies 5 2.6 8.0 3.7 7.9 3.8 2.5 8.3 7.2 3.7 1.4 6.6 2.5 6.3 2.5 1.2 6.9 5.9 2.2 -0.3 5.1 0.9 4.5 1.0(baseline) -0.5(baseline) 4.8(baseline) 4.6 (baseline) - - 3.0 0.3 6.1 - - - - - - 2.0 0.2 5.5 - - - - Source: IMF, World Bank and United Nations However, there are signs of change but this depends on the sequence of uncertain factors. These factors can lead to change of FDI flows including the economic and financial speed up to a recovery state, effective public policies. These policies will address the causes of the current crisis, thus, looking for solutions to overcome them. Moreover, many companies made plans to scale back the high perceived risk levels and uncertainties in order to reduce economic crisis. Companies in advanced economies are restraining in launching new projects, which aim at increasing the capacity for market oriented production. Other companies are committed to increase production capacity in developing nations. However, this will weaken the external demand in developed nations, thus, contributing to a decrease in commodities and prices for energy. Heckscher-Ohlin Model Moreover, due to decreased commodities, many companies have tried to employ models that are labor saving and capital using products that provides high income. Many products manufactured undergo product life-cycle because of its comparative advantage. The economic theory of product life-cycle was developed by Raymond Vernon due to failure of Heckscher-Ohlin model. The later model failed to explain the observed international trade pattern. According to Buckley and Ghauri (2004, p. 89), Heckscher-Ohlin model suggests that in product life cycle, products evolve from the place, in which they were invented. For instance, personal computers are some of the products in the United States that undergo product life cycle. These products are produced and consumed within the production area, thus, no export trade occurs. This model is seen as a comparative advantage because product production changes from innovation in developed nations to developing countries. The OLI-Framework Another model being employed is electric paradigm, which is an economic theory, which is also well-known as the OLI-framework. This model was invented by John Dunning and became an internalized model, which was commonly used in the international trade. The OLI model is based on the transaction cost theory. According to Sedoglavich, Hill and Field (2008, p. 56), the transaction cost requires that the transactions should be made within the organizations in case the internal costs are lower than the free market. John Dunning added that three factors such as ownership, location and internalization advantages are significant in this theory, thus, the theory was shortened as the OLI paradigm (Sedoglavich, Hill and Field (2008, p. 89). However, Locational advantage is considered as the fundamental factor for multinational corporations, carrying out their transactions across the globe. The area, whereby an industry is located for transacting activities, is taken into consideration for market seekers. Industries that need to use their own competitive advantage prefer areas that favor presence of foreign location. Thus, firms may choose to expand or exploit their ownership advantage though engaging in FDI business. Therefore, the Locational advantage is considered essential in the FDI because industries located or constructed abroad can benefit from the capital intensiveness. In addition, under the location advantage, companies are required to use foreign factors in connection with their native firm location advantage to enable them perform business successfully. Thus, the location advantage is the key for determining the location for a successful multinational corporation. The location advantage can be separated into three areas. One of them is the economic advantage, which calls for quantity and quality factors of production. The economic advantage takes into consideration the markket size, transport costs and the scope, thus, advantageous in FDI. Another factor it considers is political advantage. This is whereby the firms, carrying out business in the international market, take into consideration the favorable climate for carrying out transactions efficiently. The companies, carrying out business internationally, consider the favorable government policies that will influence the inward FDI investment flows. Lastly, the social-cultural advantages, whic h include the language, cultural diversities and attitude towards foreigners, are taken into considerations, when choosing industrial location for transacting activities. Porters Diamond Model The last model, which is comparative advantage, is the Porters Diamond model, which is a framework pattern, used in industrialized nations. The model was developed by Michael Porter and it focuses on the competitive sources from the national context. The model is used in analyzing the ability of the industries if they can function in the international market. Moreover, it analyses the ability of the national market to compete favorably in the international market. The model recognizes the demand and factor conditions, it also recognizes strategies, used in the firm, its structure and rivalry that a company should use in analyzing the viability of the countrys competitiveness in the international market. The model determines if the demand as well as the factors of production is required in a business environment. Some of the pillars of his model takes into considerations the strategies and tries to highlight the competitive advantage areas and weaknesses. Thus, it tries to access the suitability for particular condition necessary for successive foreign business performance (Brooks and Weatherston 2010, p. 89). Factors Affecting the FDI There are ranges of factors that can affect the FDI. One of the factors is cost and this affects the profits, especially when the production cost is high. It is quite clear that the FDI brings out costs as well as benefits. However, this must be evaluated well, especially when making decisions on the best policy approach to be used in transacting activities. For instance, in case the production cost of manufacturing commodities in an industry is high, an industry may encounter losses, when carrying out business activities across the borders. This is especially the transportation costs and other costs, required in machinery maintenance or high cost of hiring expatriate to operate technical machine in the companies. Most companies in Africa experience high cost of production because of increased cost for machinery maintenance and hiring external expatriates for operating technical machineries. Another factor, affecting the FDI inflows, is the political risks. Poor political climate and unfavorable government policies affect the FDI inflows negatively. For instance, many developing nations are lagging behind in terms of economic activities. This is because of the unfavorable political conditions that scare the potential investors away. Many International Monetary Funds that provide financial aid to countries, carrying out business across the globe, are situated in developed nation. The few are in developing nations because of the poor political environment, especially the political instabilities, thus, affecting the FDI flows. This is because the foreign direct investors appreciate protectionism and providing adequate security to their investments. Moreover, the ever political crisis, associated with clashes for political powers, has affected the FDI inflows (Davies and Kristjaansdoottir 2010, p. 51). This is because the ever increasing clashes within the developing nations , especially Africa, have hindered the potential investors from locating many multinational corporations within the nation. Cultural factors may affect the FDI inflows. The cultural factors may hinder better performance of foreign industries. An industry, participating in foreign market, should ensure that they understand the cultural beliefs of people in the foreign market. This is essential because it helps a company to carry out transactions effectively. However, lack of cultural understanding may hinder the performance of business, thus, contributing to poor output. Moreover, it is vital to understand the language of a particular culture, in which the business is located (McDonald, Tsagdis and Huang, 2006, 526). This is because language barrier is one of the greatest hindrances in better performance of the business across the globe. Competitive factors are the major problem of better performance in the foreign market. Due to technological expansion, especially in communication and transportation sector, many companies are now competing favorably. Therefore, poor technological development may impact the FDI inflow. This is because innovative commodities of high quality will thrive in the market. Thus, the domestic market is working hard to produce innovative products, thus, creating competition with foreign market. This forces the foreign industries to reduce cost in order to earn more customers. Thus, the competition scares away the potential investor or makes them to withdraw from the market. This is because of the fear of making lower profits, thus, a hindrance to FDI inflows (Bora 2001, p. 220) Lastly, governmental regulations affect the FDI policies. The government policies in developing countries as well as heavy taxes, imposed on foreign activities, transacted within the developing nations, put away the potential investors. Moreover, the government does not provide adequate incentives to the foreign investors, thus, hindering them in transacting business within the developing regions. Sanderson and Kentor (2008, p. 521) points out favorable government policies that attract more investors to a country, hence, contributing to increased FDI inflows. However, if these policies are not conducive, the investors would be forced to look for a better location, which is conducive. Moreover, imposing heavy duties on the foreign commodities and lack of incentive provision to the potential investors affects FDI negatively. The federal government in the United States recently announced that some policies will be changed in order to enable the multinational firms to compete favorably in the foreign market. The social policies for host governments and their ability to attract foreign investment would be applied in the new institutional economies. The new set of data would be used to explore the direct as well as the indirect non-governmental organizations roles in the business sector. Non-governmental organizations are non profit oriented and non voluntary organized groups that work within the local, national and the international levels. The US government declared to work with the non-governmental organizations in serving the interests of the societies. They focus on the advocacy, operational efforts on social, economic and political goals. This is done in order to ensure that the environment is protected, thus, making it conducive for attracting the potential foreign investors. Conclusion In conclusion, the global pattern of foreign direct investment from 2000-2011 have changed. This is because the business operations have been affected by physical, societal and the competitive environmental factors, thus, making the environment unfavorable for potential investors. This is because of the increased economic crisis that hit the developed nations and then spread to the developing nations, especially that of 2007. The FDI impacted particularly the cross border mergers as well as the acquisitions. There are ranges of factors that can affect the FDI such as cost factors, political risks, cultural and competitive factors. However, many international companies employed competitive models such as the Porters Diamond model, Heckscher-Ohlin model and OLI model. Lastly, the federal government of US changed some policies in order to enable foreign markets to compete favorably in the international market. Buy custom International Business Environment essay

Gynocentric Feminism Essay Example | Topics and Well Written Essays - 750 words - 1

Gynocentric Feminism - Essay Example In the past years, women were excluded from important activities in the society and, therefore, were denied the ownership of certain rights such as the right to expression, participation, and education among others. Although women had the power to change the situation, they did not have the courage to exercise this power. Every woman has an erotic resource lying deep within them and the spiritual plane. This resource is rooted in the power of their unrecognized or unexpressed feeling. However, in order to perpetuate the resource, various male models of power that bring oppression must be distorted. This is because oppression suppresses the erotic resource of the women making them powerless in the society (Allen 166). Men have made women to believe that it is only the suppression of the women’s erotic resource, within their lives, that can truly make them strong. However, that belief is illusory because it is framed by the male models of power which only aims at taking the advantage of female existence. However, through gynocentric feminism approach, women have come to distrust the male models of power. They have discovered the potentials and possibilities that lie within themselves. Their erotic resource offers a provocative and replenishing force to a woman (Ptacek 12). It is a source of information and power that can help them to explore the world. It is also a measure between the beginning of a woman’s sense of self and the pandemonium of their strongest feelings. In addition, it is â€Å"an internal sense of satisfaction† where once a woman has experienced it, she gets to aspire. Furthermore, this measure can be well understood by observing the current public housekeepin g of the modern cities in America. The city departments, controlled by men, have snatched women, their responsibility as housekeepers. This has affected their sense of self and they no longer aspire to carry out their responsibilities as housekeepers.

Study on what drives potential employees who are currently studying Dissertation

Study on what drives potential employees who are currently studying business in Foundation Campus (UK) to choose a job that offe - Dissertation Example endations 30 APPENDICES 34 Appendix 1: Questionnaire 34 Appendix 2: Interview 36 CHAPTER I – INTRODUCTION 1.1 Overview The area of this research is human resource management. This area is made up by several fields which includes reward and motivation (Boddy, 2008). Human resource management refers to the use of modern science approach to "train, organize, and allocate some people"(Stone and Stone-Romero, 2008). People's thought, psychological and behavior of the appropriate induction, control and coordinate. To create people’s self-image and to improve people’s motivation of working, it is good to keep balance of employee e and material resources. Human resource management is the â€Å"effective use† of people so that can â€Å"boost organizational performance† (Simons 2011). Managers use employees to finish task effectively so that to make company performance better. Managers can give opportunities to motivate employees to work better. It is a way to use people to work hard. For example, manager reward, recruits, train and verbally punish their employees (Thussu and Freedman, 2003; Ruppel, 2010). The field of this research will be based on reward, extrinsic motivation and intrinsic motivation. Mmotivation is a â€Å"process of allocating energy to maximize the satisfaction of needs† (Pritchard and Ashwood, 2008). Motivation is the driving force in order to employees to keep their goals. For example, employees hope to have their own car. They will be motivated by their own desire. They will earn enough money to buy it. Motivation can also be defined as a recurrent concern (McClelland, 1985, p.590). The goal state acts like workers to do something very well or having impact. For example, if people feel hungry, they will find food from different places. The aspect of human resource management is interesting as the research seeks to reward employees in intrinsic motivation and extrinsic motivation. Reward is that" work ana lysis, making plan of human resource needs and recruit; training and exploiting" (Adair, 1996). It is a good way to know what the employees need when they work in a company and how the employers can meet the needs of employees. Intrinsic motivation refers to inside an individual "interesting" (McClelland, 1985). Workers enjoy job itself and the challenge is offered a sense of pleasure. Inside desires to finish a special task, people do some activities because it can give them pleasure. Meanwhile, it develops particular skill of employees. Extrinsic motivation factors are external rewards such as salary for workers or grades for students (McClelland, 1985). This type of motivation provides satisfaction and pleasure even though the task itself can be discussing. People are motivated by money and

The Analysis of the Effectiveness of 3 Food Applications Research Paper

The Analysis of the Effectiveness of 3 Food Applications - Research Paper Example Currently, there are a lot of applications with different effects as far as service provisions are concerned. A number of usability issues have also become more prevalent, as the ease with which these applications can be developed and distributed increases. In this paper, three types of food applications available in the market are being reviewed. These are Eat24, Fooducate and Foodspotting. Their effectiveness will be evaluated while stating their strengths and weaknesses thereafter (Lonczak, 2011). First and foremost is the Foodspotting application. This is a renowned visual guide to good food, where one can find and share great dishes, not only in restaurants. In addition to reviewing restaurants, one can find and share their best dishes using photos. If undecided on what to eat, the application can really help. This feature allows the user to determine the nearest best and latest foods around them. One can find a particular food they really miss or even look up to a hotel to find out their best delicacy at that time. Focusing on its application, Foodspotting has proven to be very beneficial, especially to those who are a big fan of food. It allows the user to locate a new restaurant and interesting food dishes to try in their area. It also permits, the user to share their favorite food dishes with interested parties so that they can experience such delicacies. That being said, the strength of this application is easy to figure out. One such strength is that enables the user to locate the best restaurants and dishes in their location of interest. It also enables the user to recommend friends and to see their recommended foods and places. The interface is very attractive and easy to use. With this information, you can be able to criticize local food while applauding others.

Economic Factors Affecting UK Non League Football Clubs

Economic Factors Affecting UK Non League Football Clubs An investigation of the economic factors affecting the commercial success and sustainability of UK non league football clubs Introduction Football clubs are traditionally not the strongest or most profitable businesses. This is supported by Deloitte’s (2007) annual report into the state of football finance, which stated that, outside of the Premier League, UK football as an industry recorded a net operating loss. Even in the Premier League, where clubs benefit from higher levels of sponsorship, media exposure and TV revenues, four clubs posted an operating loss in the 2005 / 2006 season. This implies that, the lower the division a club is in, the harder it is for them to survive and become commercially sustainable, let alone successful. Indeed, there is an argument that many football clubs will not survive without some form of outside financial support, such as a rich benefactor or owner. However, with increasing pressure from fans to spend money on securing the best players and challenging for success, whilst not increasing ticket prices to cover any additional expenditure, many wealthy businessmen, and even mu lti millionaires, are finding that bankrolling a football club is beyond their means. This is reflected in the view of Henk Potts, a strategist at Barclays who claims that â€Å"Any business model that revolves around 11 overpaid players kicking a piece of dead cow around on a wet November evening is no place to put your money† (Tomlinson, 2004). Issues such as these are exacerbated at the non league level. Not only must non league clubs put up with similar demands for success, but they often find themselves within the catchment area of a league, or even Premier League, club. In addition, with the rise of cable and satellite television, many people who would have previously watched their local non league teams on a regular basis can now choose to watch a variety of league matches from the comfort of their own home. This has put downward pressure on attendances for a number of non league clubs, making it even harder for them to survive and succeed. Ashford Town is a prime example of such a struggling club. As can be seen from the six years of accounts in the appendix, Ashford Town’s level of debt has increased from less than  £40,000 at the end of 2002 to more than  £90,000 at the end of 2007. In the same period, the club’s losses, and hence net worth, has fallen to - £70,000, with the club posting a net lo ss in every single one of the last six years. Attempting to address issues such as these is something which has been the subject of significant amounts of research and discussion over the past few decades. As such, this dissertation will not attempt to reach a solution to all of the numerous issues affecting the modern UK football industry. Instead, it will attempt to determine the extent to which contemporary management theories and techniques can be used by non league football clubs aiming to improve their sustainability. This aspect has been chosen because, in spite of the significant amount of research carried out into the sustainability of football as a business model, there has been little attention paid to smaller non league clubs. As such, the initial investigation will entail a detailed and structured review of the existing literature, around how the commercialisation of football has developed and what useful lessons this can provide. This will be followed up by a questionnaire survey of ten non league football clubs, i ncluding Ashford Town, to determine the extent to which they have followed contemporary business practices, and the extent to which said practices have aided their commercial sustainability. Finally, the results of these investigations will be used to attempt to put together a business plan for Ashford Town, in an attempt to demonstrate how the club may be able to turn its current, loss making, performance around. Aim and objectives As discussed above, the main aim of this dissertation will be to carry out an investigation of the economic factors which impact on the commercial success and sustainability of non league football clubs in the UK, and how contemporary management theories may be able to assist in boosting said success. In order to achieve this, it will be necessary to examine how football has developed as a commercial enterprise, and how this has impacted on the divisions of revenue and profits within the industry. As part of this, it would be useful to analyse the main revenue streams of football clubs, as well as the main parts of their cost base, and how these can best be managed. One of the main sources of revenue for most clubs will likely be gate receipts, however many clubs will likely make a significant amount of revenue from marketing, commercial activities, and sponsorship, particularly in the upper leagues where commercial opportunities are likely to be larger. However, it is expected that commercial and marketing opportunities will also exist in the lower leagues, and even for non league sides. As such, this piece will also investigate the extent to which non league teams take advantage of these opportunities, as well as the need to control for factors such as on pitch performance and success, with the associated potential prize money and increased takings. The following objectives will be addressed as part of this study: To assess the factors which underlie the commercial success of football clubs, and hence also the factors which could lead to clubs going into administration, and potentially ceasing to exist. To examine some of the most successful football clubs and football business practices in the UK, and identify how these clubs and practices can contribute to maintaining commercial sustainability. To examine the extent to which contemporary models of business organisation and competitive strategy are relevant to football clubs. To identify and analyse the role broader business opportunities can play in increasing the stability of football clubs. To identify areas of financial savings and cost efficiency which can be used by football clubs without adversely affecting their on pitch performance. It is expected that, in answering these objectives through the literature and primary research, sufficient insight will be obtained to allow the formulation of conclusions and recommendations for non league football clubs wishing to boost their income, or control their costs. These conclusions and recommendations will be used to analyse the commercial business potential of Ashford Town, as a key example of a struggling non league football club. As such, part of the final report will include recommendations for inclusion into sustainable business plans detailing how the club can learn from other clubs, and economic and management theories, to ensure future economic stability. Ideally, in addressing the various objectives above, and looking at the ongoing performance of Ashford Town, it should be possible to gain an understanding of the critical factors which can affect the commercial sustainability of the football club. As such, the findings can then be applied to Ashford Town, helpin g to contribute to the recommendations around the formation of a sustainable business plan. Methodology Research is defined as the collection of data in order to answer research questions or address research objectives. As this obviously presents a significant range of potential data to collect, and numerous ways to collect it, there are various defined theoretical approaches, the most important of which will be assessed in this section. These are: action research, surveys, case studies, experimentation, grounded theory and ethnography (Saunders et al, 2007). The first of these, action research, involves researchers actively collaborating and working with practitioners in their chosen field in order to investigate a well defined issue or problem, with the aim of finding practical solutions to said issue. As such, action research is a highly involved research methodology, which enables researchers to examine an issue in significant depth, investigating the root causes and creating detailed cause and effect chains. However, it can cause the researcher to have too narrow a focus when exam ining the problem, leading them to ignore contributing factors from outside their field of study. Indeed, in a study such as this one, where the aim is to determine what the factors affecting football club commercial success are, action research is likely to be unsuitable. Surveys, on the other hand, are more often used for descriptive and exploratory research, as they enable the researcher to cover a wide scope and thus make recommendations for future research and study. In addition, surveys allow researchers to collect significant amounts of both qualitative and quantitative data, thus supporting a broad range of qualitative and quantitative analysis techniques. This is because surveys can include questionnaires and various types of interviews. Of course, the counter to this is that the broad reach of surveys makes it hard for researchers to gain much depth to their research, and surveys are unlikely to reveal the root causes of the phenomena they observe. Case studies represent something of a middle ground, combining the best aspects of action research and surveys, and thus allowing for both depth and breadth to be obtained. This is because they carry out research at a distance from an organisation, thus avoiding the researcher becoming too involved with the organisation, and developing a narrow view. However, the attempt to achieve both depth and breadth means that the research will not actually achieve full depth or full breadth, rather it will fall somewhere in between (Saunders et al, 2007). The other three approaches, experimentation, grounded theory and ethnography, do not actually refer to the collection of data, but to the methods used to observe and categorise said data. Of these, experimentation is based on setting up specific scenarios, in order to determine how said scenarios occur, and then compare the results to theoretical predictions. As part of this, certain external factors can be controlled, whilst others are allowed to vary, hence making it easier to observe and categorise certain factors as either causative or non causative, and also to rank the impact of each factor. Unfortunately, such experiments are often difficult to set up, particularly when attempting to observe large and complicated phenomena. In addition, there is an argument that the level of control implied in experimentation creates unrealistic environments, within which individuals do not behave as they do when not being observed or where nothing is controlled (Saunders et al, 2007). In cont rast, grounded theory focuses on observing scenarios naturally, observing what the factors are affecting said scenario, and attempting to use theoretical perspectives to explain what occurs. These theoretical perspectives are then tested against other scenarios, and refined until they describe the behaviour of the phenomenon as well as possible. Finally, ethnography is more inductive, and involves simply observed the phenomenon, looking at the factors which have combined to cause it, and attempting to decide which key factors and behaviours have caused the phenomenon to behave as it did. In contrast to grounded theory, ethnography does not attempt to objectively define the various factors and theoretical models affecting an observed phenomenon. Instead, ethnography focused on the qualitative effects which both the factors and the individuals concerned have on a phenomenon, and also looks at the perceptions the actors have of the key causal factors (Saunders et al, 2007). In this case, because this dissertation is attempting to analyse a more general phenomenon,: the factors affecting the commercial success of football clubs, a broad research perspective should be taken. As such, this piece will use a survey, to help frame and investigate said factors, as well as using a limited case study of Ashford Town, to examine the fact ors which specifically impact on this club. Ethnography will be used as a guiding principle when analysing the results and attempting to determine which factors are most important to non league football clubs. This is because football clubs are not renowned for their use of specific management theory and techniques, and hence any attempt to directly fit their behaviour to the theory would likely harm the relevance of the results to other clubs looking to make use of them. In addition, the nature of football, where success is defined by on pitch results rather than profitability, means that existing theory is unlikely to be an exact fit to the football context. As such, ethnography will be used to help explain the techniques used, and how these could fit to management theory and observations. The surveys themselves will include both a questionnaire and an interview with the club officials, either the club Secretary or Chairman, regarding the commercial realities confronting the club, as well as the existing financial situation including any handouts from wealthy club benefactors, loans, grants, and sponsorship. Unfortunately, details of the income and revenue streams are not available, and thus it is impossible to complete a full and detailed analysis of income streams and expenditure analysis, with the exception of those of Ashford Town. As such, the findings will be used to analyse the revenue and costs of Ashford Town, with the aim being to assist in assessing the clubs overall position; and whether it is under performing, or whether a business and financial saturation point has been reached. Given that only the financial accounts, and not the management accounts, of Ashford Town are available, detailed analysis of the revenue streams and costs will not be possible. As such, and as discussed above, the quality and depth of data is likely to limit the extent to which specific recommendations can be made. In addition, this dissertation will attempt to make use of both qualitative and quantitative data, as both of these types of data can make positive contributions to a study. Qualitative data methods aim to gather data which is difficult to represent in a numerical form. As such, qualitative data gathering tends to focus more on asking people their opinion around certain topics, as well as their perceptions of various factors. As such, qualitative data tends to be richer than its quantitative equivalent, although it is usually not as easy to analyse and represent it in graphical forms or through statistical analysis techniques. This is because qualitative data can help to explain why relationships occur between data, as well as helping to explain relationships that are not as unclear when examined from a quantitative point of view. In contrast, quantitative data collection methods tend to based on simply gathering and analysing quantitative observations and data, or data which can be represented in a numerical form. This is usually achieved through actually observing quantifiable phenomena, such as the profits made by football clubs or the number of clubs going into administration. However, it can also be gathered by asking individuals to assess qualitative factors from a quantitative point of view, such as by asking them to rank factors on a Likert scale, like the importance of their sources of income (Saunders et al, 2007). As a result, whilst this piece will look to use some quantitative data, the primary research and data analysis will be performed via qualitative data, analysis, and interpretation. As a consequence of the above discussion, this dissertation will use one main method of primary data collection, and one secondary method, to address the research questions. This will thus help increase the value of the dissertation, by providing more depth and insight to the analysis, as well as allowing triangulation with the results from the literature review, which will increase the validity of any conclusions and recommendations (Saunders et al, 2007). The main method of primary data collection will be the questionnaire survey of ten non league football clubs. This data will be used to assess the various factors impacting on these clubs, and their relative importance, as well as looking at the key income streams and costs incurred by the various clubs. As such, this data will be both qualitative and quantitative, and will act as the survey part of the methodology. The secondary set of primary data will be obtained from the financial accounts of Ashford Town, which will be provid ed. Whilst these accounts are not likely to be very detailed, they will help add depth to the study, and will demonstrate the actual financial situation the club is in as well as help contextualise the possible additional revenue streams the club is able to generate. As such, this section will represent the case study part of the study, whilst being driven and directed by the results of the survey discussed above. This will enable the provision of additional depth, through an in depth look at the actual accounts of a non league football club. This will help provide the ideal balance of breadth and depth. In addition, the collection of data from two distinct sources, the internal survey of staff and the financial results intended for external use, will help create a more accurate and independent triangulation between the various results, as well as a better analysis of the factors underlying them. This cross sectional data collection and analysis is critical in facilitating the use of both quantitative and qualitative analysis, as discussed above, and will help to further increase the value and the academic impact of this dissertation. However, given that commercial sustainability is not a concept which can be easily described through simple quantitative data, the qualitative part of the report is likely to be more important when attempting to determine the factors which underlie the commercial success and sustainability of non league football clubs. Regarding the sample size, it was necessary to find a balance between the need to have a large sample size, and the need to maintain a manageable quantity of data, as well as to fit all of the data collection and analysis in what is a very short period of time. As such, it was decided to collect data from just ten selected non league football clubs. These clubs are Ashford Town FC, Bromley FC, Burscough FC, Chatham Town FC, Corinthians FC, Croydon Athletic FC, Dartford FC, Ebbsfleet United FC, Whitstable FC and AFC Wim. These clubs have been selected as they were most responsive to initial attempts to contact them, and are also within reasonably close geographic proximity thus making the collection of data somewhat simpler. As such, they also represent teams from a fairly close geographic area, and thus should be affected by similar factors and economic effects. When carrying out questionnaires with the clubs, no club requested complete anonymity, and indeed all expresses an interest in seeing the final results of the study to see if it would be of use to them in determining how to best improve their business performance and sustainability. As each questionnaire is relatively straightforward, it was decided to only use one questionnaire for each club, to keep the data set simple and consistent. In order to analyse the qualitative data which is produced from the surveys, it will be necessary to use a research strategy to interpret and validate the data. Positivism has been selected as the research strategy for this piece because, of the four main research philosophies, or paradigms, which can be used to guide and interpret qualitative research, positivism is the one which is most concerned with the facts, rather than the impressions arising from the research (Saunders et al, 2007). This makes positivism ideal for analysing the subject of health and safety in the oil industry, as this can be an emotive and important issue for many workers in the oil industry, as has been shown in the literature review. As such, it will be necessary to avoid forming impressions when carrying out the research, and particularly when analysing the results of the questionnaires. Positivism can help avoid such subjectivity by ensuring that the researcher takes a scientific approach to the research, and minimises the impact of impressions and judgements. Indeed, positivism is based in the original work of Comte, who argued that knowledge can only even be relative, and hence will always be affected by the method used to gather it (Sellars, 1939). This implies that any attempt to interpret the motivations of a respondent in a research project will be affected by the method of data collection, and thus will be blurred. As such, the researcher should concentrate solely on the observed facts, rather than attempting to contextualise or rationalise their observations. However, the main disadvantage of positivism is that, simply be observing or recording an event, such as someone’s views on health and safety, can tend to influence the motivations of the subject, and hence their responses. As a researcher using a positivist paradigm cannot speculate on any potential changes in motivation, this may mean that the actions observed will not be wholly consistent with the actual behaviour in the absence of observation. For example, if a senior manager at an oil company were asked their opinion about health and safety legislation, they may give a different answer to their true opinion of the subject, as they may feel that their public persona needs to be displayed in a certain way. This can hopefully be avoided, to a certain degree, in the questionnaires by not revealing the overall purpose of the survey; assuring the respondent of neutrality; and ensuring that the questionnaire is as neutral as possible. This is based on the argument that if the su bject is unaware of what their responses will be used for, they will be less likely to change their behaviour accordingly. Caldwell (1980) also argues that the face that positivism is based on observations, and not on the fundamental motivations behind said observations, means that it is incompatible with financial and economic viewpoints. This is because economics is based on the study of people’s motivations and decisions in situations where everyone is seen as either a buyer or supplier, and hence everyone acts according to a motivation. For example, when asked if they would prefer additional health and safety legislation, oil executives would naturally answer no, as the cost of compliance would decrease their profits. This occurs because the oil executive’s salary depends on their financial performance, hence they are motivated to avoid anything which may have a negative effect on said performance. Whilst this incompatibility and bias has not been empirically proven; Caldwell (1980, p. 53) argues that it has â€Å"been sufficiently robust to cause many contemporary analysts to turn to alternative approaches†. This implies that such factors need to be addressed when constructing the questionnaires, and that questions which will have an innate connection to, or dependence or, economic and financial factors should be avoided. This implies that, as discussed above, the financial impacts of the health and safety legislation will need to be studied as a secondary priority. Literature Review The history of professional football and commercialism Wray (1982) argues that the late nineteenth century, when significant riches were brought into the UK by the Industrial Revolution and during the Victorian era, was the start of true commercialisation of sport in the UK. This assessment is based on a study of the economics of the gate receipts taken by the football industry in Scotland between 1890 and 1914. This analysis showed that, not only were some entrepreneurs looking to profit from football by commercialising its, but others were looking to do so with the aim of winning more matches, tournaments and hence glory and status. Indeed, whilst the majority of the companies involving themselves in sports such as cycling and horse racing were simply looking to use the sport to create wealth for themselves and their shareholders, the majority of football clubs in Scotland were converted to business principles purely to enhance sporting success. As such, conventional profit and shareholder utility maximisation goals arguably applied mu ch more to other sports than to football, where supporter utility maximisation took precedence. However, Wray (1982) also claims that there was a significant focus on supporter and team utility in other team sports such as cricket, and this was again due to the motives behind the owners, directors and shareholders in many cricket teams. It appears that the British affinity with sports such as football and cricket meant that they developed with the aim of satisfying the fans, whilst the other sports, with less of a spectator following, developed more with the aim of providing financial returns. In addition, the drive towards commercialisation, and in an attempt to assure competitive success, Wilders (1976) reported that, in 1976, all the 92 clubs in the English League, except for Nottingham Forest, had become limited liability companies. This allowed the owners to spend large amounts of money; with no fear of debtors looking to their personal funds should the club fail to break even. In addition, of those companies, more than half the boards of directors held enough shares to make it virtually impossible for the other shareholders to outvote them on any matter. In particular, in 1967, Wilders (1976) reported that there were 22 clubs where the chairman and board of directors owned more than half of the shares; and a further 55 where the board of directors owned over 25 per cent of the shares. In addition to this, in more than a third of said clubs approval was required by the board of directors if anyone wished to sell their shares. As such, the distribution of shares change d very little as the game commercialised, and the clubs continued to be run for the benefit of the directors and chairman, with ordinary shareholders having very little say in the running of the clubs or the returns they earned on their investment. Sloan (1969) also argues that football’s commercial development was driven largely by the significant non financial advantages and disadvantages of being employed as a professional footballer. The main argument appears to be that playing football is a source of great enjoyment for a significant number of people, as witnessed by the thousands of amateur and non league sides which pay without any financial reward. As such, football tends to give players a degree of satisfaction which few other jobs provide, as well as potentially allowing the best players to become national celebrities, with associated additional income and exposure from activities such as writing books; commenting on other footballers performances; and advertising various products and services. In addition, during the initial development of the sport, clubs tended to provide players with houses let at below market rents, as well as giving them significant freedom outside of training and match days. In addition, the fact that the season only covers around nine months of the year, excluding internationals, means that players tend to have significant amounts of free time during the summer break, and even when training they often have several hours free each day. This is countered by the fact that players require a high degree of fitness, and will often need to be away from home for several nights if their schedule demands it. However, Sloan (1969) concludes that football seems to confer more advantages to players than disadvantages, which has helped to raise the profile of professional and semi professional football, and thus contribute to the number of players, and hence number of clubs, in the modern game (Sloan, 1969). This obviously places pressure on the market, with it being difficult and expensive for supporters to follow more than one club, hence making it difficult for smaller clubs to attract supporters. However, countering this is the fact that, since early on in the evolution of the English Football League, the transfer system acted to restrict the movement of labour, to an extent that is rarely seen in other industries. The rules of the transfer system state that any player who wishes to appear for a league club must be employed by that club, in the case of professional players, and must be registered with the Football League, as well as the English Football Association. As such, the only way a player may move between clubs is if both clubs and both ruling bodies approve the transfer. As such, this procedure requires both clubs, the player, the Football League and the FA to consent, effectively giving clubs monopolies over the services of their players for the duration of their fixed length contracts. This is a situation which would not be accepted in other industries, and has regularly been compared with trading slaves, with players often having very little say in where their clu b makes them move (BBC, 2008). Indeed, the fact that transfers almost always involve the payment of a fee by the club who the player is joining further enhances the slave trade connotations. As such, whereas most businesses would attempt to attract new employees by offering higher wages or better working conditions, football clubs are forced to offer high wages, better working conditions, and pay a large fee to the club from which they source the new player. Given that the fees have risen from  £1,000 in 1905,  £10,000 in 1928,  £100,000 in 1961, and into the tens of millions by the present day, it is clear that the increased demand for the best players is forcing clubs to devote ever more funds to transfer fees and wages, particularly when bidding against other clubs to secure the best players (Sloane, 1969). However, in spite of the multi million pound deals which they have been charged with sourcing and carrying out, Wilders (1976) reported that the majority of managers still tended not to have any form of formal training. Indeed, in Wilders’ (1976) survey of 28 English League managers, 16 managers claimed that they would have benefitted from some sort of business and financial course when carrying out their duties and developing their careers. Wilders (1976) claims that this is not the most surprising aspect, the most surprising aspect is that twelve of the managers surveyed believed that they did not need any formal training, and that their experience as a player would be sufficient to help them discharge their managerial responsibilities. However, this belief that playing experience alone provides sufficient training and skills for the demands of football management is arguably one of the reasons why so many clubs have failed to develop as businesses: the skills of professiona l footballers do not tend to include financial and business dealings, or the need to balance budgets. Indeed, the results of the survey indicated a general belief that the majority of football managers knew about the footballing side of their job, but generally knew very little about the need to manage the financial side of the business. As such, the general belief that the best footballers tend to make the best managers has not necessarily been borne out, with many of the best managers having been mediocre footballers at best. In fact, Wilder (1976) claims that the technical gifts needed to make a footballer can often hinder the effective management of clubs. The rise of commercialisation Whilst commercialisation has been a significant trend in the football industry in the UK for the past few years, its only since the 1980s that football in the UK, and the whole of Europe, has truly developed as a major commercial industry. This is evidenced by the fact that, in 1986 the 22 First Division clubs in England had a combined annual tur

New Zealand Early Childhood Curriculum Essay -- Education, elementary

Fleer claims â€Å"there are many theoretical voices within Te WhÄ riki,† the New Zealand Early Childhood Curriculum document (Nuttall, 2003, p.254). However two are predominant and stand symbiotically on the pages and in the intent of the curriculum. Bronfenbrenner’s ecological, system’s theory, which emphasises how the quality and setting of the child’s environment influences the child (Ministry of Education, 1996; Paquette, & Ryan, 2001) and Vygotsky’s ‘sociocultural theory,’ which describes learning as a social process originating in society or culture and passed through generations (UNESCO, 2004). Discussed within this essay will be a review of these theoretical perspectives illustrating their explanations for how each influences the child, how the child learns, how development is explained, and how these theories are reflected within Te WhÄ riki. Bronfenbrenner’s ecological, system’s theory describes how the child and their immediate surroundings are in an innermost layer surrounded, embedded and influenced by layers from the larger environment all impacting upon the child (Ministry of Education, 1996; Paquette, & Ryan, 2001). Of particular interest are the effects to the child of two way relationships towards and away from the child, as defined by Bronfenbrenner as bi-directional influences, these are particularly influential in the child’s inner layer. For instance: the impact to the child of attentive or non-attentive parents affects how the child reacts to a given situation, which in turn affects how the parent behaves. Notwithstanding, the impact of bi-directional influences on the child’s world continues into the outer layers, as in the example of a parent’s workplace demanding more input into the workplace, which means... ... social aspects have a huge influence on these surroundings. This is demonstrated when whÄ nau are involved and supportive in a child’s life, sharing the family’s and their culture’s funds of knowledge, resulting in the positive effect to the child’s environment which will have vast social and educational impacts by ensuring connections are made to children’s lives and experiences. Adding to this is the socio-cultural philosophy of peer tutoring and where knowledge is actively constructed through modelling and scaffolding, with teachers facilitating the learning process. While through the building of relationships between the family and the centre, Te WhÄ riki advocates the importance of the involvement of whÄ nau and family, which encourages a learning community which has interchangeable reciprocal advantages in a safe, positive, fun, caring, learning environment.

Kompyuter Adiksyon

E. Competition In the Tagaytay City we have several competitors in the terms of Shawarma product and there are also a lot of food charts that place in the different area of Tagaytay City because it is the tourist spot in the Philippines. The main targets of this food chart are the lower middle to upper middle class and some are tourist international and local. Our indirect competitors are Mr. Mappy pizza, Potato Chips, Siomai, Angel’s Burger and etc. Our direct competitors in the area Turks (Olivarez) and Alibaba Shawarma (magallenes branch and robinson tagaytay). Market Shares:Turk’s Shawarma (Olivarez Plaza) is the number one in market shares because of its place and the volume of people go in Olivarez Plaza while Alibaba Shawarma (Robinson Tagaytay Branch) is the number two on the spot because of its place but theres a lot of competitors in the place like restaurant and fast food chains and Alibaba Shawarma (magallenes square Branch) it is the last spots because in t he that place only workers of different establishment are the customer because that place have different restaurant and food chains to choose from like Leslies, Max restaurant, Yellow Cab and many more.Resources: Since, this establishment is food stall type and there is a Franchisee and Franchisor. The resources of the business are comes from the Franchisor all the thing that will be needed in the business comes from franchisor. Product and Market Focus The product is shawarma product it is meat preparation, where  lamb,  chicken,  turkey,  beef,  veal, or mixed meats are placed on a  spit  (commonly a vertical spit in  restaurants), and may be grilled for as long as a day. Shavings are cut off the block of meat for serving, and the remainder of the block of meat is kept heated on the rotating spit.There market focuses to sell the product on their target market they only focus on selling the product they not create new idea about the product. Goals They goal is to se ll a delicious shawarma to their customer and serve the best shawarma on the place. Strategies This food stall only focuses in selling the product to their customer they not focus on how their establishment continues to operate. Their also dependent on their franchisor all planning and strategies comes from their franchisor. Strengths and WeaknessesAll establishments has a nice place but the product they offer is only limited in terms of sizes and different variety of flavor. Key Barriers to Entry There no vacant place to rent There are so many stalls in the place There are no yet crews for the business There is no yet a stall for the business Our product is unique from the other shawarma product because our product is a kind of street food that is of the same concept as Shawarma which is thinly sliced meat mixed with chopped vegetables and is rolled into a large piece of steamed bread. The difference from our product and the traditional shawarma is that we modified the fillings.We will not fill the bread with the usual meat and vegetables. Instead, we will add new flavors to the traditional shawarma. Examples are Spaghetti, Pizza and California maki flavored shawarma. We will address our product as shawarma because the idea of filipino consumers of shawarma is filled flatbread which is applied in our new product. This new product will be named â€Å"Shawarmalaya†. Shawarmalaya came from the words â€Å"Shawarma† and â€Å"Malaya. Shawarma because the concept of this food is derived from the traditional shawarma and Malaya because customers can freely choose from the new flavors of shawarma.The idea of this product is mostly derived from the traditional shawarma so the preparation of this product will be quite the same. The facilities to be used will also be the same except for the vertical grill used in cooking the traditional shawarma meat. We will also be needing an oven and steamers for the baking and steaming of the bread. Usual kitchen ute nsils will also be used for cooking and preparing the fillings. The processes and technology to be used in the preparation of this product will not be as high-tech as used in making the traditional shawarma.Since we are short on facility and capital, we have decided to use alternatives to make the product. The use of old processes of making food will also mean less cost and expenses which will be good for the group/company. The usual shawarma meat is cooked in a vertical grill, in our case; we will just grill meat in an old fashioned way which will make the meat tastier and cost less. On the other hand, the preparation of the bread will be the same as the traditional shawarma which is baked and steamed then rolled with the fillings.This idea is innovative in a way. We managed to add a twist and modify an already existing product. We didn’t change the form of the product but its approach. We are trying to make a new perception of shawarma on the minds of the consumers. We also want the consumers to enjoy the food they like in a new more flavorful way. Our product is difficult to copy because we have secret ingredient to put up to the product and we have the best suppliers that will supply best ingredients that will be needed.Our competitors will be surprise because we have different approach to our customer because they have the free will to choose what the flavor will be put to their shawarmalaya. Our competitors will be surprise because we have different variety to choose from we have different flavors that is new to the eyes and taste of the consumer. When we launch our product we will do first 100 customers is free to taste our product and first one week of our product is by one take one. In takes a lot of time to copy our product because it is unique and it has different ingredients to find.

Cisa Essays

Cisa Essays Cisa Essay Cisa Essay 1. A benefit of open system architecture is that it: A. facilitates interoperability. B. facilitates the integration of proprietary components. C. will be a basis for volume discounts from equipment vendors. D. allows for the achievement of more economies of scale for equipment. ANSWER: A NOTE: Open systems are those for which suppliers provide components whose interfaces are defined by public standards, thus facilitating interoperability between systems made by different vendors. In contrast, closed system components are built to proprietary standards so that other suppliers systems cannot or will not interface with existing systems. . An IS auditor discovers that developers have operator access to the command line of a production environment operating system. Which of the following controls would BEST mitigate the risk of undetected and unauthorized program changes to the production environment? A. Commands typed on the command line are logged B. Hash keys are calculated periodical ly for programs and matched against hash keys calculated for the most recent authorized versions of the programs C. Access to the operating system command line is granted through an access restriction tool with preapproved rights D. Software development tools and compilers have been removed from the production environment ANSWER: B NOTE: The matching of hash keys over time would allow detection of changes to files. Choice A is incorrect because having a log is not a control, reviewing the log is a control. Choice C is incorrect because the access was already granted- it does not matter how. Choice D is wrong because files can be copied to and from the production environment. 3. In the context of effective information security governance, the primary objective of value delivery is to: A. optimize security investments in support of business objectives. B. implement a standard set of security practices. C. institute a standards-based solution. D. implement a continuous improvement culture. ANSWER: A NOTE: In the context of effective information security governance, value delivery is implemented to ensure optimization of security investments in support of business objectives. The tools and techniques for implementing value delivery include implementation of a standard set of security practices, institutionalization and commoditization of standards-based solutions, and implementation of a continuous improvement culture considering security as a process, not an event. 4. During a review of a business continuity plan, an IS auditor noticed that the point at which a situation is declared to be a crisis has not been defined. The MAJOR risk associated with this is that: A. assessment of the situation may be delayed. B. execution of the disaster recovery plan could be impacted. C. notification of the teams might not occur. D. potential crisis recognition might be ineffective. ANSWER: B NOTE: Execution of the business continuity plan would be impacted if the organization does not know when to declare a crisis. Choices A, C and D are steps that must be performed to know whether to declare a crisis. Problem and severity assessment would provide information necessary in declaring a disaster. Once a potential crisis is recognized, the teams responsible for crisis management need to be notified. Delaying this step until a disaster has been declared would negate the effect of having response teams. Potential crisis recognition is the first step in responding to a disaster. 5. When implementing an IT governance framework in an organization the MOST important objective is: A. IT alignment with the business. B. accountability. C. value realization with IT. D. enhancing the return on IT investments. ANSWER: A NOTE: The goals of IT governance are to improve IT performance, to deliver optimum business value and to ensure regulatory compliance. The key practice in support of these goals is the strategic alignment of IT with the business (choice A). To achieve alignment, all other choices need to be tied to business practices and strategies. 6. When reviewing an implementation of a VoIP system over a corporate WAN, an IS auditor should expect to find: A. an integrated services digital network (ISDN) data link. B. traffic engineering. C. wired equivalent privacy (WEP) encryption of data. D. analog phone terminals. ANSWER: B NOTE: To ensure that quality of service requirements are achieved, the Voice-over IP (VoIP) service over the wide area network (WAN) should be protected from packet losses, latency or jitter. To reach this objective, the network performance can be managed using statistical techniques such as traffic engineering. The standard bandwidth of an integrated services digital network (ISDN) data link would not provide the quality of services required for corporate VoIP services. WEP is an encryption scheme related to wireless networking. The VoIP phones are usually connected to a corporate local area network (LAN) and are not analog. 7. An IS auditor selects a server for a penetration test that will be carried out by a technical specialist. Which of the following is MOST important? A. The tools used to conduct the test B. Certifications held by the IS auditor C. Permission from the data owner of the server D. An intrusion detection system (IDS) is enabled ANSWER: C NOTE: The data owner should be informed of the risks associated with a penetration test, what types of tests are to be conducted and other relevant details. All other choices are not as important as the data owners responsibility for the security of the data assets. 8. Which of the following is a risk of cross-training? A. Increases the dependence on one employee B. Does not assist in succession planning C. One employee may know all parts of a system D. Does not help in achieving a continuity of operations ANSWER: C NOTE: When cross-training, it would be prudent to first assess the risk of any person knowing all parts of a system and what exposures this may cause. Cross-training has the advantage of decreasing dependence on one employee and, hence, can be part of succession planning. It also provides backup for personnel in the event of absence for any reason and thereby facilitates the continuity of operations. 9. The use of digital signatures: A. requires the use of a one-time password generator. B. provides encryption to a message. C. validates the source of a message. D. ensures message confidentiality. ANSWER: C NOTE: The use of a digital signature verifies the identity of the sender, but does not encrypt the whole message, and hence is not enough to ensure confidentiality. A one-time password generator is an option, but is not a requirement for using digital signatures. 0. A retail outlet has introduced radio frequency identification (RFID) tags to create unique serial numbers for all products. Which of the following is the PRIMARY concern associated with this initiative? A. Issues of privacy B. Wavelength can be absorbed by the human body C. RFID tags may not be removable D. RFID eliminates line-of-sight reading ANSWER: A NOTE: The purchaser of an item wil l not necessarily be aware of the presence of the tag. If a tagged item is paid for by credit card, it would be possible to tie the unique ID of that item to the identity of the purchaser. Privacy violations are a significant concern because RFID can carry unique identifier numbers. If desired it would be possible for a firm to track individuals who purchase an item containing an RFID. Choices B and C are concerns of less importance. Choice D is not a concern. 11. A lower recovery time objective (RTO) results in: A. higher disaster tolerance. B. higher cost. C. wider interruption windows. D. more permissive data loss. ANSWER: B NOTE: A recovery time objective (RTO) is based on the acceptable downtime in case of a disruption of operations. The lower the RTO, the higher the cost of recovery strategies. The lower the disaster tolerance, the narrower the interruption windows, and the lesser the permissive data loss. 12. During the requirements definition phase of a software development project, the aspects of software testing that should be addressed are developing: A. test data covering critical applications. B. detailed test plans. C. quality assurance test specifications. D. user acceptance testing specifications. ANSWER: D NOTE: A key objective in any software development project is to ensure that the developed software will meet the business objectives and the requirements of the user. The users should be involved in the requirements definition phase of a development project and user acceptance test specification should be developed during this phase. The other choices are generally performed during the system testing phase. 13. The BEST filter rule for protecting a network from being used as an amplifier in a denial of service (DoS) attack is to deny all: A. outgoing traffic with IP source addresses external to the network. B. incoming traffic with discernible spoofed IP source addresses. C. incoming traffic with IP options set. D. incoming traffic to critical hosts. ANSWER: A NOTE: Outgoing traffic with an IP source address different than the IP range in the network is invalid. In most of the cases, it signals a DoS attack originated by an internal user or by a previously compromised internal machine; in both cases, applying this filter will stop the attack. 14. What is the BEST backup strategy for a large database with data supporting online sales? A. Weekly full backup with daily incremental backup B. Daily full backup C. Clustered servers D. Mirrored hard disks ANSWER: A NOTE: Weekly full backup and daily incremental backup is the best backup strategy; it ensures the ability to recover the database and yet reduces the daily backup time requirements. A full backup normally requires a couple of hours, and therefore it can be impractical to conduct a full backup every day. Clustered servers provide a redundant processing capability, but are not a backup. Mirrored hard disks will not help in case of disaster. 15. Which of the following is a feature of Wi-Fi Protected Access (WPA) in wireless networks? A. Session keys are dynamic B. Private symmetric keys are used C. Keys are static and shared D. Source addresses are not encrypted or authenticated ANSWER: A NOTE: WPA uses dynamic session keys, achieving stronger encryption than wireless encryption privacy (WEP), which operates with static keys (same key is used for everyone in the wireless network). All other choices are weaknesses of WEP. 16. The ultimate purpose of IT governance is to: A. encourage optimal use of IT. B. reduce IT costs. C. decentralize IT resources across the organization. D. centralize control of IT. ANSWER: A NOTE: IT governance is intended to specify the combination of decision rights and accountability that is best for the enterprise. It is different for every enterprise. Reducing IT costs may not be the best IT governance outcome for an enterprise. Decentralizing IT resources across the organization is not always desired, although it may be desired in a decentralized environment. Centralizing control of IT is not always desired. An example of where it might be desired is an enterprise desiring a single point of customer contact. 17. The MAIN purpose of a transaction audit trail is to: A. reduce the use of storage media. B. determine accountability and responsibility for processed transactions. C. help an IS auditor trace transactions. D. provide useful information for capacity planning. ANSWER: B NOTE: Enabling audit trails aids in establishing the accountability and responsibility for processed transactions by tracing them through the information system. Enabling audit trails increases the use of disk space. A transaction log file would be used to trace transactions, but would not aid in determining accountability and responsibility. The objective of capacity planning is the efficient and effective use of IT resources and requires information such as CPU utilization, bandwidth, number of users, etc. 18. An IS auditor invited to a development project meeting notes that no project risks have been documented. When the IS auditor raises this issue, the project manager responds that it is too early to identify risks and that, if risks do start impacting the project, a risk manager will be hired. The appropriate response of the IS auditor would be to: A. tress the importance of spending time at this point in the project to consider and document risks, and to develop contingency plans. B. accept the project managers position as the project manager is accountable for the outcome of the project. C. offer to work with the risk manager when one is appointed. D. inform the project manager that the IS auditor will conduct a review of the risks at the completion of the requirements definition phase of the project. ANSWER: A NO TE: The majority of project risks can typically be identified before a project begins, allowing mitigation/avoidance plans to be put in place to deal with these risks. A project should have a clear link back to corporate strategy and tactical plans to support this strategy. The process of setting corporate strategy, setting objectives and developing tactical plans should include the consideration of risks. Appointing a risk manager is a good practice but waiting until the project has been impacted by risks is misguided. Risk management needs to be forward looking; allowing risks to evolve into issues that adversely impact the project represents a failure of risk management. With or without a risk manager, persons within and outside of the project team need to be consulted and encouraged to comment when they believe new risks have emerged or risk priorities have changed. The IS auditor has an obligation to the project sponsor and the organization to advise on appropriate project management practices. Waiting for the possible appointment of a risk manager represents an unnecessary and dangerous delay to implementing risk management. 19. A data center has a badge-entry system. Which of the following is MOST important to protect the computing assets in the center? A. Badge readers are installed in locations where tampering would be noticed B. The computer that controls the badge system is backed up frequently C. A process for promptly deactivating lost or stolen badges exists D. All badge entry attempts are logged ANSWER: C NOTE: Tampering with a badge reader cannot open the door, so this is irrelevant. Logging the entry attempts may be of limited value. The biggest risk is from unauthorized individuals who can enter the data center, whether they are employees or not. Thus, a process of deactivating lost or stolen badges is important. The configuration of the system does not change frequently, therefore frequent backup is not necessary. 20. Which of the following would impair the independence of a quality assurance team? A. Ensuring compliance with development methods B. Checking the testing assumptions C. Correcting coding errors during the testing process D. Checking the code to ensure proper documentation ANSWER: C NOTE: Correction of code should not be a responsibility of the quality assurance team as it would not ensure segregation of duties and would impair the teams independence. The other choices are valid quality assurance functions. 1. Which of the following is the BEST type of program for an organization to implement to aggregate, correlate and store different log and event files, and then produce weekly and monthly reports for IS auditors? A. A security information event management (SIEM) product B. An open-source correlation engine C. A log management tool D. An extract, transform, load (ETL) system A NSWER: C NOTE: A log management tool is a product designed to aggregate events from many log files (with distinct formats and from different sources), store them and typically correlate them offline to produce many reports (e. . , exception reports showing different statistics including anomalies and suspicious activities), and to answer time-based queries (e. g. , how many users have entered the system between 2 a. m. and 4 a. m. over the past three weeks? ). A SIEM product has some similar features. It correlates events from log files, but does it online and normally is not oriented to storing many weeks of historical information and producing audit reports. A correlation engine is part of a SIEM product. It is oriented to making an online correlation of events. An extract, transform, load (ETL) is part of a business intelligence system, dedicated to extracting operational or production data, transforming that data and loading them to a central repository (data warehouse or data mart); an ETL does not correlate data or produce reports, and normally it does not have extractors to read log file formats. 22. To ensure authentication, confidentiality and integrity of a message, the sender should encrypt the hash of the message with the senders: A. public key and then encrypt the message with the receivers private key. B. private key and then encrypt the message with the receivers public key. C. public key and then encrypt the message with the receivers public key. D. private key and then encrypt the message with the receivers private key. ANSWER: B NOTE: Obtaining the hash of the message ensures integrity; signing the hash of the message with the senders private key ensures the authenticity of the origin, and encrypting the resulting message with the receivers public key ensures confidentiality. The other choices are incorrect. 23. An IS auditor observes a weakness in the tape management system at a data center in that some parameters are set to bypass or ignore tape header records. Which of the following is the MOST effective compensating control for this weakness? A. Staging and job set up B. Supervisory review of logs C. Regular back-up of tapes D. Offsite storage of tapes ANSWER: A NOTE: If the IS auditor finds that there are effective staging and job set up processes, this can be accepted as a compensating control. Choice B is a detective control while choices C and D are corrective controls, none of which would serve as good compensating controls. 24. What is the MOST prevalent security risk when an organization implements remote virtual private network (VPN) access to its network? A. Malicious code could be spread across the network B. VPN logon could be spoofed C. Traffic could be sniffed and decrypted D. VPN gateway could be compromised ANSWER: A NOTE: VPN is a mature technology; VPN devices are hard to break. However, when remote access is enabled, malicious code in a remote client could spread to the organizations network. Though choices B, C and D are security risks, VPN technology largely mitigates these risks. 25. The activation of an enterprises business continuity plan should be based on predetermined criteria that address the: A. duration of the outage. B. ype of outage. C. probability of the outage. D. cause of the outage. ANSWER: A NOTE: The initiation of a business continuity plan (action) should primarily be based on the maximum period for which a business function can be disrupted before the disruption threatens the achievement of organizational objectives. 26. After observing suspicious activities in a server, a manager requests a forensic anal ysis. Which of the following findings should be of MOST concern to the investigator? A. Server is a member of a workgroup and not part of the server domain B. Guest account is enabled on the server C. Recently, 100 users were created in the server D. Audit logs are not enabled for the server ANSWER: D NOTE: Audit logs can provide evidence which is required to proceed with an investigation and should not be disabled. For business needs, a server can be a member of a workgroup and, therefore, not a concern. Having a guest account enabled on a system is a poor security practice but not a forensic investigation concern. Recently creating 100 users in the server may have been required to meet business needs and should not be a concern. 27. Minimum password length and password complexity verification are examples of: A. etection controls. B. control objectives. C. audit objectives. D. control procedures. ANSWER: D NOTE: Control procedures are practices established by management to achieve specific control objectives. Password controls are preventive controls, not detective controls. Control objectives are declarations of expected results from implementing controls and audit objectives a re the specific goals of an audit. 28. Which of the following is an advantage of the top-down approach to software testing? A. Interface errors are identified early B. Testing can be started before all programs are complete C. It is more effective than other testing approaches D. Errors in critical modules are detected sooner ANSWER: A NOTE: The advantage of the top-down approach is that tests of major functions are conducted early, thus enabling the detection of interface errors sooner. The most effective testing approach is dependent on the environment being tested. Choices B and D are advantages of the bottom-up approach to system testing. 29. After initial investigation, an IS auditor has reasons to believe that fraud may be present. The IS auditor should: A. expand activities to determine whether an investigation is warranted. B. report the matter to the audit committee. C. report the possibility of fraud to top management and ask how they would like to proceed. D. consult with external legal counsel to determine the course of action to be taken. ANSWER: A NOTE: An IS auditors responsibilities for detecting fraud include evaluating fraud indicators and deciding whether any additional action is necessary or whether an investigation should be recommended. The IS auditor should notify the appropriate authorities within the organization only if it has determined that the indicators of fraud are sufficient to recommend an investigation. Normally, the IS auditor does not have authority to consult with external legal counsel. 30. As a driver of IT governance, transparency of ITs cost, value and risks is primarily achieved through: A. performance measurement. B. strategic alignment. C. value delivery. D. resource management. ANSWER: A NOTE: Performance measurement includes setting and monitoring measurable objectives of what the IT processes need to deliver (process outcome) and how they deliver it (process capability and performance). Strategic alignment primarily focuses on ensuring linkage of business and IT plans. Value delivery is about executing the value proposition throughout the delivery cycle. Resource management is about the optimal investment in and proper management of critical IT resources. Transparency is primarily achieved through performance measurement as it provides information to the stakeholders on how well the enterprise is performing when compared to objectives. 31. A technical lead who was working on a major project has left the organization. The project manager reports suspicious system activities on one of the servers that is accessible to the whole team. What would be of GREATEST concern if discovered during a forensic investigation? A. Audit logs are not enabled for the system B. A logon ID for the technical lead still exists C. Spyware is installed on the system D. A Trojan is installed on the system ANSWER: A NOTE: Audit logs are critical to the investigation of the event; however, if not enabled, misuse of the logon ID of the technical lead and the guest account could not be established. The logon ID of the technical lead should have been deleted as soon as the employee left the organization but, without audit logs, misuse of the ID is difficult to prove. Spyware installed on the system is a concern but could have been installed by any user and, again, without the presence of logs, discovering who installed the spyware is difficult. A Trojan installed on the system is a concern, but it can be done by any user as it is accessible to the whole group and, without the presence of logs, investigation would be difficult. 32. When using a universal storage bus (USB) flash drive to transport confidential corporate data to an offsite location, an effective control would be to: A. carry the flash drive in a portable safe. B. assure management that you will not lose the flash drive. C. equest that management deliver the flash drive by courier. D. encrypt the folder containing the data with a strong key. ANSWER: D NOTE: Encryption, with a strong key, is the most secure method for protecting the information on the flash drive. Carrying the flash drive in a portable safe does not guarantee the safety of the information in the event that the safe is stolen or lost. No matter what measures you take, the chance of losing the flash drive still exists. It is possible that a courier might lose the flash drive or that it might be stolen. 33. The FIRST step in a successful attack to a system would be: A. gathering information. B. aining access. C. denying services. D. evading detection. ANSWER: A NOTE: Successful attacks start by gathering information about the target system. This is done in advance so that the attacker gets to know the target systems and their vulnerabilities. All of the other choices are based on the information gathered. 34. An IS auditor finds that conference rooms have active network ports. Which of the following is MOST important to ensure? A. The corporate network is using an intrusion prevention system (IPS) B. This part of the network is isolated from the corporate network C. A single sign-on has been implemented in the corporate network D. Antivirus software is in place to protect the corporate network ANSWER: B NOTE: If the conference rooms have access to the corporate network, unauthorized users may be able to connect to the corporate network; therefore, both networks should be isolated either via a firewall or being physically separated. An IPS would detect possible attacks, but only after they have occurred. A single sign-on would ease authentication management. Antivirus software would reduce the impact of possible viruses; however, unauthorized users would still be able to access the corporate network, which is the biggest risk. 5. While observing a full simulation of the business continuity plan, an IS auditor notices that the notification systems within the organizational facilities could be severely impacted by infrastructural damage. The BEST recommendation the IS auditor can provide to the organization is to ensure: A. the salvage team is trained to use the notification system. B. the notification system pro vides for the recovery of the backup. C. redundancies are built into the notification system. D. the notification systems are stored in a vault. ANSWER: C NOTE: If the notification system has been severely impacted by the damage, redundancy would be the best control. The salvage team would not be able to use a severely damaged notification system, even if they are trained to use it. The recovery of the backups has no bearing on the notification system and storing the notification system in a vault would be of little value if the building is damaged. 36. The human resources (HR) department has developed a system to allow employees to enroll in benefits via a web site on the corporate Intranet. Which of the following would protect the confidentiality of the data? A. SSL encryption B. Two-factor authentication C. Encrypted session cookies D. IP address verification ANSWER: A NOTE: The main risk in this scenario is confidentiality, therefore the only option which would provide confidentiality is Secure Socket Layer (SSL) encryption. The remaining options deal with authentication issues. 37. Regarding a disaster recovery plan, the role of an IS auditor should include: A. identifying critical applications. B. determining the external service providers involved in a recovery test. C. observing the tests of the disaster recovery plan. D. etermining the criteria for establishing a recovery time objective (RTO). ANSWER: C NOTE: The IS auditor should be present when disaster recovery plans are tested, to ensure that the test meets the targets for restoration, and the recovery procedures are effective and efficient. As appropriate, the auditor should provide a report of the test results. All other choices are a responsibility of management. 38. Which o f the following is the BEST practice to ensure that access authorizations are still valid? A. Information owner provides authorization for users to gain access B. Identity management is integrated with human resource processes C. Information owners periodically review the access controls D. An authorization matrix is used to establish validity of access ANSWER: B NOTE: Personnel and departmental changes can result in authorization creep and can impact the effectiveness of access controls. Many times when personnel leave an organization, or employees are promoted, transferred or demoted, their system access is not fully removed, which increases the risk of unauthorized access. The best practices for ensuring access authorization is still valid is to integrate identity management with human resources processes. When an employee transfers to a different function, access rights are adjusted at the same time. 39. The application systems of an organization using open-source software have no single recognized developer producing patches. Which of the following would be the MOST secure way of updating open-source software? A. Rewrite the patches and apply them B. Code review and application of available patches C. Develop in-house patches D. Identify and test suitable patches before applying them ANSWER: D NOTE: Suitable patches from the existing developers should be selected and tested before applying them. Rewriting the patches and applying them is not a correct answer because it would require skilled resources and time to rewrite the patches. Code review could be possible but tests need to be performed before applying the patches. Since the system was developed outside the organization, the IT department may not have the necessary skills and resources to develop patches. 40. Which of the following is a prevalent risk in the development of end-user computing (EUC) applications? A. Applications may not be subject to testing and IT general controls B. Increased development and maintenance costs C. Increased application development time D. Decision-making may be impaired due to diminished responsiveness to requests for information ANSWER: A NOTE: End-user developed applications may not be subjected to an independent outside review by systems analysts and frequently are not created in the context of a formal development methodology. These applications may lack appropriate standards, controls, quality assurance procedures, and documentation. A risk of end-user applications is that management may rely on them as much as traditional applications. End-user computing (EUC) systems typically result in reduced application development and maintenance costs, and a reduced development cycle time. EUC systems normally increase flexibility and responsiveness to managements information requests. 41. The MAJOR consideration for an IS auditor reviewing an organizations IT project portfolio is the: A. IT budget. B. existing IT environment. C. business plan. D. investment plan. ANSWER: C NOTE: One of the most important reasons for which projects get funded is how well a project meets an organizations strategic objectives. Portfolio management takes a holistic view of a companys overall IT strategy. IT strategy should be aligned with the business strategy and, hence, reviewing the business plan should be the major consideration. Choices A, B and D are important but secondary to the importance of reviewing the business plan. 42. Which of the following is an attribute of the control self-assessment (CSA) approach? A. Broad stakeholder involvement B. Auditors are the primary control analysts C. Limited employee participation D. Policy driven ANSWER: A NOTE: The control self-assessment (CSA) approach emphasizes management of and accountability for developing and monitoring the controls of an organizations business processes. The attributes of CSA include empowered employees, continuous improvement, extensive employee participation and training, all of which are representations of broad stakeholder involvement. Choices B, C and D are attributes of a traditional audit approach. 43. The BEST method for assessing the effectiveness of a business continuity plan is to review the: A. plans and compare them to appropriate standards. B. results from previous tests. C. emergency procedures and employee training. D. offsite storage and environmental controls. ANSWER: B NOTE: Previous test results will provide evidence of the effectiveness of the business continuity plan. Comparisons to standards will give some assurance that the plan addresses the critical aspects of a business continuity plan but will not reveal anything about its effectiveness. Reviewing emergency procedures, offsite storage and environmental controls would provide insight into some aspects of the plan but would fall short of providing assurance of the plans overall effectiveness. 4. An organization has just completed their annual risk assessment. Regarding the business continuity plan, what should an IS auditor recommend as the next step for the organization? A. Review and evaluate the business continuity plan for adequacy B. Perform a full simulation of the business continuity plan C. Train and educate employees regarding the business continuity plan D. Notify critical contac ts in the business continuity plan ANSWER: A NOTE: The business continuity plan should be reviewed every time a risk assessment is completed for the organization. Training of the employees and a simulation should be performed after the business continuity plan has been deemed adequate for the organization. There is no reason to notify the business continuity plan contacts at this time. 45. Which of the following insurance types provide for a loss arising from fraudulent acts by employees? A. Business interruption B. Fidelity coverage C. Errors and omissions D. Extra expense ANSWER: B NOTE: Fidelity insurance covers the loss arising from dishonest or fraudulent acts by employees. Business interruption insurance covers the loss of profit due to the disruption in the operations of an organization. Errors and omissions insurance provides legal liability protection in the event that the professional practitioner commits an act that results in financial loss to a client. Extra expense insurance is designed to cover the extra costs of continuing operations following a disaster/disruption within an organization. 46. An IS auditor reviewing the risk assessment process of an organization should FIRST: A. identify the reasonable threats to the information assets. B. analyze the technical and organizational vulnerabilities. C. identify and rank the information assets. D. evaluate the effect of a potential security breach. ANSWER: C NOTE: Identification and ranking of information assets- e. g. , data criticality, locations of assets- will set the tone or scope of how to assess risk in relation to the organizational value of the asset. Second, the threats facing each of the organizations assets should be analyzed according to their value to the organization. Third, weaknesses should be identified so that controls can be evaluated to determine if they mitigate the weaknesses. Fourth, analyze how these weaknesses, in absence of given controls, would impact the organization information assets. 47. An organization is using an enterprise resource management (ERP) application. Which of the following would be an effective access control? A. User-level permissions B. Role-based C. Fine-grained D. Discretionary ANSWER: B NOTE: Role-based access controls the system access by defining roles for a group of users. Users are assigned to the various roles and the access is granted based on the users role. User-level permissions for an ERP system would create a larger administrative overhead. Fine-grained access control is very difficult to implement and maintain in the context of a large nterprise. Discretionary access control may be configured or modified by the users or data owners, and therefore may create inconsistencies in the access control management. 48. The sender of a public key would be authenticated by a: A. certificate authority. B. digital signature. C. digital certificate. D. registration authority. ANSWER: C NOTE: A digital certificate is an electronic document that declar es a public key holder is who the holder claims to be. The certificates do handle data authentication as they are used to determine who sent a particular message. A certificate authority issues the digital certificates, and distributes, generates and manages public keys. A digital signature is used to ensure integrity of the message being sent and solve the nonrepudiation issue of message origination. The registration authority would perform most of the administrative tasks of a certificate authority, i. e. , registration of the users of a digital signature plus authenticating the information that is put in the digital certificate. 49. Which of the following is the MOST reliable form of single factor personal identification? A. Smart card B. Password C. Photo identification D. Iris scan ANSWER: D NOTE: Since no two irises are alike, identification and verification can be done with confidence. There is no guarantee that a smart card is being used by the correct person since it can be shared, stolen or lost and found. Passwords can be shared and, if written down, carry the risk of discovery. Photo IDs can be forged or falsified. 50. A business application system accesses a corporate database using a single ID and password embedded in a program. Which of the following would provide efficient access control over the organizations data? A. Introduce a secondary authentication method such as card swipe B. Apply role-based permissions within the application system C. Have users input the ID and password for each database transaction D. Set an expiration period for the database password embedded in the program ANSWER: B NOTE: When a single ID and password are embedded in a program, the best compensating control would be a sound access control over the application layer and procedures to ensure access to data is granted based on a users role. The issue is user permissions, not authentication, therefore adding a stronger authentication does not improve the situation. Having a user input the ID and password for access would provide a better control because a database log would identify the initiator of the activity. However, this may not be efficient because each transaction would require a separate authentication process. It is a good practice to set an expiration date for a password. However, this might not be practical for an ID automatically logged in from the program. Often, this type of password is set not to expire. 51. Which of the following should be the MOST important consideration when deciding areas of priority for IT governance implementation? A. Process maturity B. Performance indicators C. Business risk D. Assurance reports ANSWER: C NOTE: Priority should be given to those areas which represent a known risk to the enterprises operations. The level of process maturity, process performance and audit reports will feed into the decision making process. Those areas that represent real risk to the business should be given priority. 52. An IS auditor has been asked to participate in project initiation meetings for a critical project. The IS auditors MAIN concern should be that the: A. omplexity and risks associated with the project have been analyzed. B. resources needed throughout the project have been determined. C. project deliverables have been identified. D. a contract for external parties involved in the project has been completed. ANSWER: A NOTE: Understanding complexity and risk, and actively managing these throughout a project are critical to a successful outcome. The other choices, while important during the course of the project, cannot be fully determined at the time the project is initiated, and are often contingent upon the risk and complexity of the project. 3. Which of the following would MOST effectively control the usage of universal storage bus (USB) storage devices? A. Policies that require instant dismissal if such devices are found B. Software for tracking and managing USB storage devices C. Administratively disabling the USB port D. Searching personnel for USB storage devices at the facilitys entrance ANSWER: B NOTE: Software for centralized tracking and monitoring would allow a USB usage policy to be applied to each user based on changing business requirements, and would provide for monitoring and reporting exceptions to management. A policy requiring dismissal may result in increased employee attrition and business requirements would not be properly addressed. Disabling ports would be complex to manage and might not allow for new business needs. Searching of personnel for USB storage devices at the entrance to a facility is not a practical solution since these devices are small and could be easily hidden. 54. When performing a database review, an IS auditor notices that some tables in the database are not normalized. The IS auditor should next: A. recommend that the database be normalized. B. review the conceptual data model. C. review the stored procedures. D. review the justification. ANSWER: D NOTE: If the database is not normalized, the IS auditor should review the justification since, in some situations, denormalization is recommended for performance reasons. The IS auditor should not recommend normalizing the database until further investigation takes place. Reviewing the conceptual data model or the stored procedures will not provide information about normalization. 55. Which of the following would be the GREATEST cause for concern when data are sent over the Internet using HTTPS protocol? A. Presence of spyware in one of the ends B. The use of a traffic sniffing tool C. The implementation of an RSA-compliant solution D. A symmetric cryptography is used for transmitting data ANSWER: A NOTE: Encryption using secure sockets layer/transport layer security (SSL/TLS) tunnels makes it difficult to intercept data in transit, but when spyware is running on an end users computer, data are collected before encryption takes place. The other choices are related to encrypting the traffic, but the presence of spyware in one of the ends captures the data before encryption takes place. 56. At the completion of a system development project, a postproject review should include which of the following? A. Assessing risks that may lead to downtime after the production release B. Identifying lessons learned that may be applicable to future projects C. Verifying the controls in the delivered system are working D. Ensuring that test data are deleted ANSWER: B NOTE: A project team has something to learn from each and every project. As risk assessment is a key issue for project management, it is important for the organization to accumulate lessons learned and integrate them into future projects. An assessment of potential downtime should be made with the operations group and other specialists before implementing a system. Verifying that controls are working should be covered during the acceptance test phase and possibly, again, in the postimplementation review. Test data should be retained for future regression testing. 57. While reviewing the IT infrastructure, an IS auditor notices that storage resources are continuously being added. The IS auditor should: A. recommend the use of disk mirroring. B. review the adequacy of offsite storage. C. eview the capacity management process. D. recommend the use of a compression algorithm. ANSWER: C NOTE: Capacity management is the planning and monitoring of computer resources to ensure that available IT resources are used efficiently and effectively. Business criticality must be considered before recommending a disk mirroring solution and offsite storage is unrelated to the problem. Though data compression may save disk space, it coul d affect system performance. 58. Which of the following would be MOST important for an IS auditor to verify when conducting a business continuity audit? A. Data backups are performed on a timely basis B. A recovery site is contracted for and available as needed C. Human safety procedures are in place D. Insurance coverage is adequate and premiums are current ANSWER: C NOTE: The most important element in any business continuity process is the protection of human life. This takes precedence over all other aspects of the plan. 59. While reviewing sensitive electronic work papers, the IS auditor noticed that they were not encrypted. This could compromise the: A. audit trail of the versioning of the work papers. B. approval of the audit phases. C. access rights to the work papers. D. confidentiality of the work papers. ANSWER: D NOTE: Encryption provides confidentiality for the electronic work papers. Audit trails, audit phase approvals and access to the work papers do not, of themselves, affect the confidentiality but are part of the reason for requiring encryption. 60. An IS auditor reviewing an accounts payable system discovers that audit logs are not being reviewed. When this issue is raised with management the response is that additional controls are not necessary because effective system access controls are in place. The BEST response the auditor can make is to: A. review the integrity of system access controls. B. accept managements statement that effective access controls are in place. C. stress the importance of having a system control framework in place. D. review the background checks of the accounts payable staff. ANSWER: C NOTE: Experience has demonstrated that reliance purely on preventative controls is dangerous. Preventative controls may not prove to be as strong as anticipated or their effectiveness can deteriorate over time. Evaluating the cost of controls versus the quantum of risk is a valid management concern. However, in a high-risk system a comprehensive control framework is needed. Intelligent design should permit additional detective and corrective controls to be established that dont have high ongoing costs, e. g. , automated interrogation of logs to highlight suspicious individual transactions or data patterns. Effective access controls are, in themselves, a positive but, for reasons outlined above, may not sufficiently compensate for other control weaknesses. In this situation the IS auditor needs to be proactive. The IS auditor has a fundamental obligation to point out control weaknesses that give rise to unacceptable risks to the organization and work with management to have these corrected. Reviewing background checks on accounts payable staff does not provide evidence that fraud will not occur. 61. A firewall is being deployed at a new location. Which of the following is the MOST important factor in ensuring a successful deployment? A. Reviewing logs frequently B. Testing and validating the rules C. Training a local administrator at the new location D. Sharing firewall administrative duties ANSWER: B NOTE: A mistake in the rule set can render a firewall insecure. Therefore, testing and validating the rules is the most important factor in ensuring a successful deployment. A regular review of log files would not start until the deployment has been completed. Training a local administrator may not be necessary if the firewalls are managed from a central location. Having multiple administrators is a good idea, but not the most important. 62. When evaluating the controls of an EDI application, an IS auditor should PRIMARILY be concerned with the risk of: A. xcessive transaction turnaround time. B. application interface failure. C. improper transaction authorization. D. nonvalidated batch totals. ANSWER: C NOTE: Foremost among the risks associated with electronic data interchange (EDI) is improper transaction authorization. Since the interaction with the parties is electronic, there is no inherent authentication. The other choices, although risks, are not as significant. 63. The PRIMARY objective of implementing corporate governance by an organizations management is to: A. provide strategic direction. B. control business operations. C. align IT with business. D. implement best practices. ANSWER: A NOTE: Corporate governance is a set of management practices to provide strategic direction, thereby ensuring that goals are achievable, risks are properly addressed and organizational resources are properly utilized. Hence, the primary objective of corporate governance is to provide strategic direction. Based on the strategic direction, business operations are directed and controlled. 64. To determine if unauthorized changes have been made to production code the BEST audit procedure is to: A. xamine the change control system records and trace them forward to object code files. B. review access control permissions operating within the production program libraries. C. examine object code to find instances of changes and trace them back to change control records. D. review change approved designations established within the change control system. ANSWER: C NOTE: The procedure of examining object code files to establish in stances of code changes and tracing these back to change control system records is a substantive test that directly addresses the risk of unauthorized code changes. The other choices are valid procedures to apply in a change control audit but they do not directly address the risk of unauthorized code changes. 65. When reviewing an active project, an IS auditor observed that, because of a reduction in anticipated benefits and increased costs, the business case was no longer valid. The IS auditor should recommend that the: A. project be discontinued. B. business case be updated and possible corrective actions be identified. C. project be returned to the project sponsor for reapproval. D. project be ompleted and the business case be updated later. ANSWER: B NOTE: An IS auditor should not recommend discontinuing or completing the project before reviewing an updated business case. The IS auditor should recommend that the business case be kept current throughout the project since it is a key input to decisions made throughout the life of any project. 66. Which of the following audit techniques would BEST aid an auditor in determining whether there hav e been unauthorized program changes since the last authorized program update? A. Test data run B. Code review C. Automated code comparison D. Review of code migration procedures ANSWER: C NOTE: An automated code comparison is the process of comparing two versions of the same program to determine whether the two correspond. It is an efficient technique because it is an automated procedure. Test data runs permit the auditor to verify the processing of preselected transactions, but provide no evidence about unexercised portions of a program. Code review is the process of reading program source code listings to determine whether the code contains potential errors or inefficient statements. A code review can be used as a means of code comparison but it is inefficient. The review of code migration procedures would not detect program changes. 67. Doing which of the following during peak production hours could result in unexpected downtime? A. Performing data migration or tape backup B. Performing preventive maintenance on electrical systems C. Promoting applications from development to the staging environment D. Replacing a failed power supply in the core router of the data center ANSWER: B NOTE: Choices A and C are processing events which may impact performance, but ould not cause downtime. Enterprise-class routers have redundant hot-swappable power supplies, so replacing a failed power supply should not be an issue. Preventive maintenance activities should be scheduled for non-peak times of the day, and preferably during a maintenance window time period. A mishap or incident caused by a maintenance worker could result in unplanned downtime. 68. Which of the following is the MOST robust method for disposing of magnetic media that contains confidential information? A. Degaussing B. Defragmenting C. Erasing D. Destroying ANSWER: D NOTE: Destroying magnetic media is the only way to assure that confidential information cannot be recovered. Degaussing or demagnetizing is not sufficient to fully erase information from magnetic media. The purpose of defragmentation is to eliminate fragmentation in file systems and does not remove information. Erasing or deleting magnetic media does not remove the information; this method simply changes a files indexing information. 69. The MAIN criterion for determining the severity level of a service disruption incident is: A. cost of recovery. B. negative public opinion. C. geographic location. D. downtime. ANSWER: D NOTE: The longer the period of time a client cannot be serviced, the greater the severity of the incident. The cost of recovery could be minimal yet the service downtime could have a major impact. Negative public opinion is a symptom of an incident. Geographic location does not determine the severity of the incident. 70. During the design of a business continuity plan, the business impact analysis (BIA) identifies critical processes and supporting applications. This will PRIMARILY influence the: A. responsibility for maintaining the business continuity plan. B. criteria for selecting a recovery site provider. C. recovery strategy. D. responsibilities of key personnel. ANSWER: C NOTE: The most appropriate strategy is selected based on the relative risk level and criticality identified in the business impact analysis (BIA. ), The other choices are made after the selection or design of the appropriate recovery strategy. 71. What is the lowest level of the IT governance maturity model where an IT balanced scorecard exists? A. Repeatable but Intuitive B. Defined C. Managed and Measurable D. Optimized ANSWER: B NOTE: Defined (level 3) is the lowest level at which an IT balanced scorecard is defined. 2. During the system testing phase of an application development project the IS auditor should review the: A. conceptual design specifications. B. vendor contract. C. error reports. D. program change requests. ANSWER: C NOTE: Testing is crucial in determining that user requirements have been validated. The IS auditor should be involved in this phase and review error reports for their precision in re cognizing erroneous data and review the procedures for resolving errors. A conceptual design specification is a document prepared during the requirements definition phase. A vendor ontract is prepared during a software acquisition process. Program change requests would normally be reviewed as a part of the postimplementation phase. 73. When reviewing procedures for emergency changes to programs, the IS auditor should verify that the procedures: A. allow changes, which will be completed using after-the-fact follow-up. B. allow undocumented changes directly to the production library. C. do not allow any emergency changes. D. allow programmers permanent access to production programs. ANSWER: A NOTE: There may be situations where emergency fixes are required to resolve system problems. This involves the use of special logon IDs that grant programmers temporary access to production programs during emergency situations. Emergency changes should be completed using after-the-fact follow-up procedures, which ensure that normal procedures are retroactively applied; otherwise, production may be impacted. Changes made in this fashion should be held in an emergency library from where they can be moved to the production library, following the normal change management process. Programmers should not directly alter the production library nor should they be allowed permanent access to production programs. 4. Though management has stated otherwise, an IS auditor has reasons to believe that the organization is using software that is not licensed. In this situation, the IS auditor should: A. include the statement of management in the audit report. B. identify whether such software is, indeed, being used by the organization. C. reconfirm with management the usage of the software. D . discuss the issue with senior management since reporting this could have a negative impact on the organization. ANSWER: B NOTE: When there is an indication that an organization might be using nlicensed software, the IS auditor should obtain sufficient evidence before including it in the report. With respect to this matter, representations obtained from management cannot be independently verified. If the organization is using software that is not licensed, the auditor, to maintain objectivity and independence, must include this in the report. 75. Which of the following would be BEST prevented by a raised floor in the computer machine room? A. Damage of wires around computers and servers B. A power failure from static electricity C. Shocks from earthquakes D. Water flood damage ANSWER: A NOTE: The primary reason for having a raised floor is to enable power cables and data cables to be installed underneath the floor. This eliminates the safety and damage risks posed when cables are placed in a spaghetti-like fashion on an open floor. Static electricity should be avoided in the machine room; therefore, measures such as specially manufactured carpet or shoes would be more appropriate for static prevention than a raised floor. Raised floors do not address shocks from earthquakes. To address earthquakes, anti-seismic architecture would be required to establish a quake-resistant structural framework. Computer equipment needs to be protected against water. However, a raised floor would not prevent damage to the machines in the event of overhead water pipe leakage. 76. The network of an organization has been the victim of several intruders attacks. Which of the following measures would allow for the early detection of such incidents? A. Antivirus software B. Hardening the servers C. Screening routers D. Honeypots ANSWER: D NOTE: Honeypots can collect data on precursors of attacks. Since they serve no business function, honeypots are hosts that have no authorized users other than the honeypot administrators. All activity directed at them is considered suspicious. Attackers will scan and attack honeypots, giving administrators data on new trends and attack tools, particularly malicious code. However, honeypots are a supplement to, not a replacement for, properly securing networks, systems and applications. If honeypots are to be used by an organization, qualified incident handlers and intrusion detection analysts should manage them. The other choices do not provide indications of potential attacks. 77. The purpose of a deadman door controlling access to a computer facility is primarily to: A. prevent piggybacking. B. prevent toxic gases from entering the data center. C. starve a fire of oxygen. D. prevent an excessively rapid entry to, or exit from, the facility. ANSWER: A NOTE: The purpose of a deadman door controlling access to a computer facility is primarily intended to prevent piggybacking. Choices B and C could be accomplished with a single self-closing door. Choice D is invalid, as a rapid exit may be necessary in some circumstances, e. g. , a fire. 78. The MOST important reason for an IS auditor to obtain sufficient and appropriate audit evidence is to: A. comply with regulatory requirements. B. rovide a basis for drawing reasonable conclusions. C. ensure complete audit coverage. D. perform the audit according to the defined scope. ANSWER: B NOTE: The scope of an IS audit is defined by its objectives. This involves identifying control weaknesses relevant to the scope of the audit. Obtaining sufficient and appropriate evidence assists the auditor in not only identifying control weakness es but also documenting and validating them. Complying with regulatory requirements, ensuring coverage and the execution of audit are all relevant to an audit but are not the reason why sufficient and relevant evidence is required. 9. During the audit of a database server, which of the following would be considered the GREATEST exposure? A. The password does not expire on the administrator account B. Default global security settings for the database remain unchanged C. Old data have not been purged D. Database activity is not fully logged ANSWER: B NOTE: Default security settings for the database could allow issues like blank user passwords or passwords that were the same as the username. Logging all database activity is not practical. Failure to purge old data may present a performance issue but is not an immediate security concern. Choice A is an exposure but not as serious as B. 80. An IS auditor finds that a DBA has read and write access to production data. The IS auditor should: A. accept the DBA access as a common practice. B. assess the controls relevant to the DBA function. C. recommend the immediate revocation of the DBA access to production data. D. review user access authorizations approved by the DBA. ANSWER: B NOTE: It is good practice when finding a potential exposure to look for the best controls. Though granting the database administrator (DBA) access to production data might be a common practice, the IS auditor should evaluate the relevant controls. The DBA should have access based on a need-to-know and need-to-do basis; therefore, revocation may remove the access required. The DBA, typically, may need to have access to some production data. Granting user authorizations is the responsibility of the data owner and not the DBA. 81. What should be the GREATEST concern to an IS auditor when employees use portable media (MP3 players, flash drives)? A. The copying of sensitive data on them B. The copying of songs and videos on them C. The cost of these devices multipl