Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Audit Findings in RAMS, Horizon Power, PRS and PRX, NRL-T

Verified

Added on 2023/01/11

AI Summary

This report discusses the audit findings in Recruitment Advertisement Management System (RAMS), Horizon Power, Pensioner Rebate Scheme (PRS) and Exchange (PRX), and NRL-T. It also covers the professional, legal, and ethical responsibilities of an IT Auditor.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Case study
(Assessment 3)

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Contents
INTRODUCTION...........................................................................................................................3
TASK...............................................................................................................................................3
Audit focus and scope of audit report.....................................................................................3
Audit findings in the RAMS...................................................................................................4
Audit findings in the Horizon Power......................................................................................4
Audit findings in the PRS and PRX.......................................................................................6
Audit findings in the NRL-T..................................................................................................7
Professional, legal, and ethical responsibilities of an IT Auditor...........................................8
CONCLUSION................................................................................................................................9
REEFRENCES..............................................................................................................................10

INTRODUCTION
An IT audit can indeed be described as every examination containing an analysis and
assessment of integrated IT systems, associated non-automated processes and interactions
between these systems (Chou, 2015). Two crucial steps are required for preparing the IT audit.
The first approach is to collect knowledge and prepare the second option is to think about the
current system of internal regulation. More and more companies are implementing a risk
assessment methodology that is used to evaluate risks and to support an IT auditor determine
whether to administer compliance checks or to execute rigorous testing.
In this report, audit finding of Recruitment Advertisement Management System, Horizon
Power, Pensioner Rebate Scheme and Exchange and NRL-T is discussed.
TASK
Audit focus and scope of audit report.
The main focus and scope of this report is to agencies examine key business applications at
several state government. Every application is essential to the activities of the organization and
can impact customers, such as the public where it is not adequately handled by the client and
related procedures. Auditor check was a time measurement in the entire report for all the
companies. In order to ensure that the systems operated as expected and that the details and
report they provided were accurate, obtained and protected, they examined a sampling of main
controls and procedures (Groomer and Murthy, 2018). Moreover checks of expose flaws in the
architecture or execution of controls that raise the likelihood of misuse for knowledge in an
application. Auditor does not however plan their testing to determine whether knowledge has
been influenced.
1. Policies and processes: effective and efficient information retrieval is sponsored.
2. Sensitive information management: safeguards operate to ensure the
information is still important, protected and accessible
3. Data entry: correct, full and approved information is inserted
4. Backup and repair: in case of a catastrophe correct and in location.
5. Data results: Correct and full electronic or hard copy files
6. Data processing: as expected, in the appropriate period data is analysed.
7. Task division: No workers carry out conflicting roles or can carry them out

8. Trail Analysis: Transaction log reviews maintain a clear and accurate history
9. Masterfile management, system processing device monitoring and data
monitoring: Document management processes, source record compilation and
delivery ensure that the material is reliable, full and appropriate before the
submission is submitted.
Audit findings in the RAMS.
The Committee did not conduct or provide independent guarantees of the adequacy and
efficacy of major vendor’s network security measures. As a consequence, the Committee has no
confidence that RAMS material is safeguarded to guarantee its security, honesty and
accessibility. Since the program was launched in 2003, RAMS has effectively supported a
considerable amount of recruiting procedures. Nonetheless, auditors have found a range of areas
to improve program management. There has been no clear reassurance of the Public Service
Commission (the Commission) that the main vendor's administration of data security tests is
sufficient and practical to protect the secrecy, credibility and accessibility of RAMS.
Un-supporting software: the designers of the products don't hesitate to support any of the
program's components. In addition, variable was not subject to any new functionality to fix
known vulnerabilities in protection. Unfounded and out-dated technology increases the risk that
criminals exploit known vulnerabilities, such that sensitive knowledge systems are leaked or
disrupted.
Risk management not evaluated: The disaster response evaluation has not been
performed by the manufacturer since 2015. The Committee could not be sure that perhaps the
request will be retrieved as necessary (Reichborn-Kjennerud, 2015).
Out-dated documents on design specifications: The technical documents detailing the
program do not represent the actual world of implementation. The Council can never be assured
that the requirement would be covered by all necessary measures.
Audit findings in the Horizon Power.
Horizon has effective systems for identifying and correcting customer readings system
errors. Every day for all network monitoring meters, customer readings are visible. The Velocity
Program notes major billing adjustments for early remedying activities where necessary and until
they are delivered to business clients, project managers evaluate billing. Horizon addressed
mistakes of 1,43 billion dollars in 2017-18 (Figure 6). That included 1.42 billion dollars for a

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

corporate company and 8.5 million dollars for other corporate customers. The 1.42 billion dollars
mistake emerged out of the client's meter's manually reading without the use of a portable unit.
Variables like inaccurate payment prices, wrong data and program adjustments were blamed for
resulting errors. The procedures and systems of Horizon involve no review of the criminal
records of employees. Auditor noticed new workers with unrestricted access to essential
electricity infrastructures and facilities without criminal background checks. Furthermore, daily
inspections are not done on key workers. Although recruiting procedures include identification
and credential reviews and medical assessments, criminal background reviews are not used in the
method. Workers may be appointed to confidence roles for which they are inappropriate without
adequate screening procedures (Popescu and Popescu, 2018).
They examined screening policies for 9 main staff and noticed that 8 were not properly
screened for 3 to 14 months, given their duties. This result concerns the exclusive access to the
energy distribution system as well as other primary networks by these workers. They also
noticed that, because of the inaccuracy of the HR reports, Horizon access control is not
successful for private company contractor workers. Auditor examination of six contracting
records found that three were former suppliers leaving Horizon one to three months ago. Horizon
has exported the bulk of ICT services and has provided connectivity to network and main
infrastructure for over 300 contractors. There is an improved threat that such accounts will be
used to target the Horizon IT infrastructure and services without an appropriate mechanism to
remove contractor access. Horizon conducts periodic network usage checks for user verification
and illness not used for 60 days. Among reports, furthermore, Horizon providers may manage
network connectivity and programs.
System information is at risk of errors and unintentional disclosure
Until entering information in databases, Horizon depends on manual forms to log critical
meter deployment information’s. The probability of imprecise knowledge accessing the systems
is raised by manual business processes. Although Horizon told us that a data validation method
has been in place for the method inserted into the requests, it's not clear whether the procedure is
being conducted because the report is not available. When data review procedures are not
consistently implemented, the data mistakes will be ignored and will have an effect on software
security.

Network access passwords are not adequately handled: For a long time a password was
not updated to a highly protected Administrator account. Despite the protected accounts,
attackers are one of the most attacked, as they enable high accessibility rates. They have found
that 9 were retired workers and suppliers and were not incapacitated on a list of 16 access control
accounts. Three of these devices are remotely open to ICT applications. The risk of unwanted or
improper exposure to the whole infrastructure rises without adequate controls (Mukhina, 2015).
Audit findings in the PRS and PRX
State income may not carry out property ownership and residency restrictions under the
Act. State income from LGs in 2003, but started carrying out searches in 2005. Proper testing
procedures help to raising the chance of erroneous compromises to pensioners and disabled
persons. Tax revenue informed us that reviews were suspended because a large number of
payment requests were wrongly dismissed in LG requests files and government revenue reports
due to incorrect land occupation and possession details. LGs were not told by State Revenue that
restrictions had been halted until June 2018. They noted in 2010 that PRS didn't carry out
property ownership and occupancy restrictions on property records in a similar way. The role
was not set until 15 years back. Tax revenue has informed us that by June 2019 it would then
repair issues.
Inadequate controls may lead to unauthorised use of information
 Insufficient monitoring and evaluations of user usage: State income will not routinely
monitor online profiles in PRS and PRX. They found so many user profiles with rights as
administrators. Furthermore, other PRX customer profiles, particularly privileged ones,
have no 12-months network access. Admin credentials permit a high degree of
accessibility and offenders are the most vulnerable. In August 2018, tax revenue launched
a PRX user accounts review, but is restricted to foreign LG customers and will not
include internal network income user accounts.
 Several people have classified information that is non-protected: They 60 people,
including app engineers; have been reported with direct access to registration records,
reimbursement data, and termination records for pensioners. This raises the risk of
unwanted entry, identity modifications and fraudulent payments. Auditor also found that:
payments documents in clear text are not sufficient for payment authentication. It is not
observable if specifics of the payee accounts in the transaction document have also been

modified and transaction data are kept without reasonable constraints on a private
network archive. State Tax Payments reports are created and include repayment sums and
banking information of the paying LG account. Centrelink, the Department of Veterans
Affairs as well as the Department of Community shall apply records of unemployment
and higher qualifications to the State Treasury to assess qualifying pensioners.
 Simple to recognize database passwords: They provide 10 database profiles have been
found with simple passwords as well as 70 accounts have not been updated by state gross
profits’ authentication policy for more than 12 months. For a long period of time, seven
out of 70 users have not updated their passwords. Weak authentication checks raise the
possibility of unauthorized device entry (Groomer and Murthy, 2018).
 Duties separated: They find 17 consumers who have connections to both PRS and PRX
had been able to carry out end-to-end actions during the court process. The clients may
send claims, allegations for processing and demands for payment. This is a fundamental
security precept that an individual starting a procedure must not be allowed. There is an
elevated risk of illegal or dishonest compensation without proper division of duties.
Eighteen of the 60 inappropriate privileged users may without authorisation change LG
bank information and e-mail address throughout the PRS program. When confidential
material, like bank records, is updated, the PRS program does not alert the appropriate
LGs.
Audit findings in the NRL-T.
The NLR-T program functions well and enables Landgate to handle business registration
transfers successfully. In order to preserve the security and dignity of data in the NLR-T,
Landgate can nevertheless be able to enhance user access and knowledge protection. The
framework and data management will continue to be strengthened by data analysis and on-going
network security assessments.
Changes to land information are not reviewed
Landgate may not test for consistency transfers in the NLR-T. Auditor found 2 adjustments
in land titles produced with an effective delegate from a study of 8 land transfers in 2018. It
raises the likelihood that NLR-T records can alter improperly or illegally, which infringes the
Act. They noted though, that the 2 accounts had sufficient documents to justify the
improvements.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Failure to track user access may result in unauthorized information access or abuse.
In view of the NLR-T using Cloud technology and is configured for different users, they
find poor network access restrictions which poses an that risk of unauthorized access and abuse
of data. It is important to pay particular consideration to how delegated rights of access are
handled. Throughout the following fields, they have found weak points:
Insufficient division of responsibilities: Increased powers were given to two workers to
enable them can conduct transactions with edge-to-end land titles (Mukhina, 2015). It is a
fundamental concept of protection that a person who makes an application does not approve the
same. Without sufficient separation of duties, the possibility of error is can and illegal or
illegitimate operations may arise, leading to unsuitable improvements to land title records.
Uneven user access checks: User credentials and consent privileges will not be checked
periodically to ensure they are both necessary and correct (Popescu and Popescu, 2018). This
helps users over time to gain disproportionate privileges, which may lead to unwanted or
insufficient access to data. They noticed that in one instances a former Landgate workers still had
connections to the NLR-T and network.
Professional, legal, and ethical responsibilities of an IT Auditor
Infrastructure, policy and compliance problems are usually the subject of IT auditors. An IT
inspector must investigate the following:
Internal security procedures: The internal security procedures within the company or not
as it implement its health policies properly. The IT inspector must use the latest equipment and
equipment of the organization to insure it will not pose a danger to established achievements. IT
accountants will also build approaches to push organisations towards desired protection
practices. For example, a security encryption scheme may be implemented by an IT auditor.
Regulatory compliance of the company: The problem of regulatory enforcement is
gradually being evaluated by the auditors with respect to the technology itself. That may involve
issues such as hospital care issues, in which records could be kept secret and even digitally
confidential.
Analyze account balances and financial transactions: The auditor use to audit of all
activities (economic events) involving the company to complete the accounting process. Once
any transaction has been made, the accounting equation (assets = liabilities + equity) will stay in

place, and accountants have to evaluate any transaction before reporting the deal to see if it
impacts equity and the various forms of assets and liabilities (Popescu and Popescu, 2018).
Unjustified litigation: Several third party cases remain unjustified considering the
prospective action against auditors. For instance, if an accountant is sued by a third party for not
being a viable entity, then the accountant is no longer responsible for ensuring a viable business;
it will likely remain operational for the long run. The third party has been determined not to be
accountable to the auditor. The accountant is primarily committed to ensuring the accurate
reporting of the financial results according to the correct appraisal requirements. Furthermore,
the concept of audit fraud can involve unreasonable legal proceedings.
CONCLUSION
In the conclusion of report, it is determined that IT audit process is dynamic and involves all
facets of the information system of a company. The development and design of software, devices
and networks, identification and licensing and physical protection are audited by it auditor to
make the meaningful decision. IT auditor has gathered all of the data; in order to evaluate and for
successful test and efficacy of the activity audited within an organisation.

REEFRENCES
Books and Journals
Chou, D. C., 2015. Cloud computing risk and audit issues. Computer Standards & Interfaces, 42,
pp.137-142.
Groomer, S. M. and Murthy, U. S., 2018. Continuous auditing of database applications: An
embedded audit module approach. Continuous Auditing, pp.105-124.
Mukhina, A. S., 2015. International concept of an assessment of internal control efficiency in the
conduct of an audit. Asian Social Science, 11(8), p.58.
Popescu, C. R. G. and Popescu, G. N., 2018. Risks of cyber attacks on financial audit
activity. The Audit Financiar journal, 16(149), pp.140-140.
Reichborn-Kjennerud, K., 2015. Resistance to control—Norwegian ministries’ and agencies’
reactions to performance audit. Public Organization Review, 15(1), pp.17-32.

1 out of 10

+13062052269

info@desklib.com

Audit Findings in RAMS, Horizon Power, PRS and PRX, NRL-T

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Related Documents

IT Audit Findings in Different Firms

IT Audit: Focus, Scope, and Findings

IT Audit and Controls

IT Audit and Control

IT Audit and Control: Analysis, Findings, Strategies, and Recommendations

Scope and Findings of IT Audit Report