.Internal controls and computer controls can mitigate threats that a company faces effectively. Internal control is defined as the plan of organization and the methods a business uses to safeguard assets, provide accurate and reliable information, promote and improve operational efficiency, and encourage adherence to managerial policies (Romney and Steinbart,2000). Internal control can be used as a guideline to protect its information system and data. Internal control consists of five interrelated components which are Control environment, Risk assessment, Control activities, Information and communication, and Monitoring. Control environment constructs the foundation for the entire internal control system; it provides the discipline and structure as well as the climate which influences the overall quality of internal control. Control environment consists of Many factors, such as commitment to integrity and ethical values, which is basically recording honest reports rather than favorable. Then managements philosophy and operating style, the more responsible it is, the more responsible the employees will be towards the company objectives. The other factors include organization structure (overall framework for planning, directing, and controlling its operations) and an audit committee (provide an independent review of the actions of corporate managers). Risk assessment is about being aware of the risk associated and how to deal with them. It must establish mechanisms to identify, analyze, and mange the related risk. One of strategy that can mitigate risk is through internal control activities. Control activities can be Preventive or Detective. Here preventive controls are implemented so that it stops from threats occurring, but if the threats are materialized, the Firm should have controls to detect. Finally Corrective actions are a necessary complement to internal control activities in order to achieve the objectives ( proper authorization of transactions and activities, segregation of duties< no single employee to have too much responsibility>, safeguards of assets and records, and independent checks on performance). Information and communication should be effective and is vital for an entity to run and control its operations. Entity management needs access to relevant, complete, reliable, correct and timely communication related to internal as well as external events. Finally monitoring of the internal control is very important, as internal control is a dynamic process that has to be adapted continuously to the risks and changes an organization faces (effective supervision and responsibility accounting). The cost of implementing these should not exceed the benefits in order to attain cost effectiveness. Internal control can provide reasonable but not absolute assurance because internal control depends on the human factor; it is subject to flaws in design, errors of judgment or interpretation, misunderstanding, carelessness, fatigue, distraction, collusion, abuse or override. Another limiting factor is that the design of an internal control system faces resource constraints.

THREATS NATURAL AND POLITICAL DISASTERS SOFTWARE ERRORS AND EQUIPMENT MALFUNCTIONS UNINTENTIONAL ACTS INTENTIONAL ACTS ( COMPUET FRUAD)Henry (1997) conducted a survey on 261 companies to determine the nature of their accounting systems and security in use. He found out that there were seven basic security method and these included Encryption, password access, back up of data, virus protection, and authorization for system changes, physical system security, and periodic audits. Some of the basic computer controls that can help to mitigate threats within a company are firewall, data encryption, biometric identification including password access, and cloud computing. A firewall basically entails protection from online threats, namely infiltration from hackers, trojans or worms that cause database corruption and even viable DOS (Denial of Service) attacks that may disrupt outgoing data traffic. Data encryption is a method of ciphering information to avoid it falling in the wrong hands or prying eyes of unauthorized parties. This is implemented using advanced mathematical equations and algorithms that are responsible for this transformation or masking of data. Biometric identification is a form of device that identifies the user with physical characteristics that is unique to that particular user, such as fingerprints and retina scan. Cloud computing is a form of backing up data using remote servers hosted on the internet, rather than a local sever or computer. This computer control allows back up of data and also allows accessing those data from different location for emergency situation. COST BENEFIT CONCEPTUnder this concept, a cost benefit analysis is performed on every control procedure being considered for implementation by comparing the expected cost of designing, implementing and operating each control to the controls expected benefit. There is the benefit exceeds the cost or at least equals, the control should be implemented.For example- when no additional control is implementing, shoplifting amounts to $120000. Two alternative control procedures being considered. 1St is 8 security guards, and annual salary totaling up to $240000 with 0 shoplifting. 2ND procedure 2 security guards and installation of several cameras, and cost totaling up to $ 66000 and shoplifting reduced to $ 25000. Alternative 2 should be implemented and explain why.Another approach to cost benefit is reduction of risk associated with data error. If the benefit gained is greater than cost in implementing a new control, then go for it. For example risk is reduced from 15% to 1%. Give an example of costs being applied