BUSINESS INFORMATION SYSTEMS
Added on 2022-07-28
10 Pages1992 Words9 Views
Running head: BUSINESS INFORMATION SYSTEMS
BUSINESS INFORMATION SYSTEMS
Name of the Student
Name of the University
Author Note
BUSINESS INFORMATION SYSTEMS
Name of the Student
Name of the University
Author Note
1BUSINESS INFORMATION SYSTEMS
Discussions
Focus and Scope of Audit
The WAIS audit report reviews the important applications of business at a large number
of entities of State Governments. Every application is essential to the entities operations and
they can influence the stakeholders consisting of the public. The WAIS audit report has a
scope and focus on which it focuses (Gildenhuis and van Rensburg 2017). The scope of the
of the WAIS report include the advertisement management system of recruitment which
includes the public sector commission. The metering infrastructure that are advanced
including the horizon power, the rebate scheme and exchange of the pensioner consisting the
office of the state and the register of new land consisting of the Lan information Authority of
Western Australia.
The audit report focuses on processing those are systematic and data handling in the
control categories those are provided below:
Security of information: It controls the exist in order to make sure the confidentiality,
availability and integrity of information
Policies and procedures: these are proper and these support processing of information.
Output of data of the reports of hard copy are complete and precise
Backup and recovery is proper and in place in case of any disaster
Processing of data: the information are processed in a time those are acceptable
Separation of duties: No employees can execute incompatible duties
Maintenance of master file, preparation of data: controls over the preparation of data,
processing and collection of documents make sure that information is precise, finish and
timely before the data gets to the application
Discussions
Focus and Scope of Audit
The WAIS audit report reviews the important applications of business at a large number
of entities of State Governments. Every application is essential to the entities operations and
they can influence the stakeholders consisting of the public. The WAIS audit report has a
scope and focus on which it focuses (Gildenhuis and van Rensburg 2017). The scope of the
of the WAIS report include the advertisement management system of recruitment which
includes the public sector commission. The metering infrastructure that are advanced
including the horizon power, the rebate scheme and exchange of the pensioner consisting the
office of the state and the register of new land consisting of the Lan information Authority of
Western Australia.
The audit report focuses on processing those are systematic and data handling in the
control categories those are provided below:
Security of information: It controls the exist in order to make sure the confidentiality,
availability and integrity of information
Policies and procedures: these are proper and these support processing of information.
Output of data of the reports of hard copy are complete and precise
Backup and recovery is proper and in place in case of any disaster
Processing of data: the information are processed in a time those are acceptable
Separation of duties: No employees can execute incompatible duties
Maintenance of master file, preparation of data: controls over the preparation of data,
processing and collection of documents make sure that information is precise, finish and
timely before the data gets to the application
2BUSINESS INFORMATION SYSTEMS
Audit Findings of RAMS
No adequate assurance on control of vendors
Software unsupported: the vendors of software no longer support some of the components
of software. one of the component did not have any software update in order to fix the
security weaknesses (Wilkins 2017.)
Disaster recovery not tested: the vendors have not executed a full test of disaster recovery
since 2015
Technical specification documentation those are outdated: the technical documentation
that describes the application does not describe about the present environment of
application
Lack of Risk evaluation
No right to execute security audits: there are any particular rights for the commission to
execute audits of security of environment of RAMS. Due to this, the commission have
restricted capability to authorize the controls of security
No assurance of control: there are no requirements for the vendor to offer the commission
with assurance reports of third party that the controls are in place and they are working
appropriately (Caffieri et al 2018)
Encryption not specified: the requirements of encryption of data in order to safeguard the
information at rest or stored is not specified
Unspecified retention of data: the requirements of retention of data have not be specified.
All information since the year 2003 has been kept in the system.
Inadequate access control
Configuration of weak password: the portal of admin do not meet the requirement of for
the complexity of passwords and does not restrict the password re-use
Audit Findings of RAMS
No adequate assurance on control of vendors
Software unsupported: the vendors of software no longer support some of the components
of software. one of the component did not have any software update in order to fix the
security weaknesses (Wilkins 2017.)
Disaster recovery not tested: the vendors have not executed a full test of disaster recovery
since 2015
Technical specification documentation those are outdated: the technical documentation
that describes the application does not describe about the present environment of
application
Lack of Risk evaluation
No right to execute security audits: there are any particular rights for the commission to
execute audits of security of environment of RAMS. Due to this, the commission have
restricted capability to authorize the controls of security
No assurance of control: there are no requirements for the vendor to offer the commission
with assurance reports of third party that the controls are in place and they are working
appropriately (Caffieri et al 2018)
Encryption not specified: the requirements of encryption of data in order to safeguard the
information at rest or stored is not specified
Unspecified retention of data: the requirements of retention of data have not be specified.
All information since the year 2003 has been kept in the system.
Inadequate access control
Configuration of weak password: the portal of admin do not meet the requirement of for
the complexity of passwords and does not restrict the password re-use
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Audit Findings for Information Systemslg...
|9
|2676
|69
Scope and Findings of IT Audit Reportlg...
|9
|2587
|27
IT Audit Findings in Different Firmslg...
|11
|2785
|34
IT Audit: Focus, Scope, and Findingslg...
|9
|2497
|89
IT Audit and Controlslg...
|10
|2980
|83
IT Audit and Controllg...
|10
|2933
|385