Audit Findings in RAMS, Horizon Power, PRS and PRX, NRL-T
Verified
Added on  2023/01/11
|10
|2929
|69
AI Summary
This report discusses the audit findings in Recruitment Advertisement Management System (RAMS), Horizon Power, Pensioner Rebate Scheme (PRS) and Exchange (PRX), and NRL-T. It also covers the professional, legal, and ethical responsibilities of an IT Auditor.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Case study (Assessment 3)
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Contents INTRODUCTION...........................................................................................................................3 TASK...............................................................................................................................................3 Audit focus and scope of audit report.....................................................................................3 Audit findings in the RAMS...................................................................................................4 Audit findings in the Horizon Power......................................................................................4 Audit findings in the PRS and PRX.......................................................................................6 Audit findings in the NRL-T..................................................................................................7 Professional, legal, and ethical responsibilities of an IT Auditor...........................................8 CONCLUSION................................................................................................................................9 REEFRENCES..............................................................................................................................10
INTRODUCTION An IT audit can indeed be described as every examination containing an analysis and assessment of integratedIT systems, associatednon-automatedprocesses and interactions between these systems (Chou, 2015). Two crucial steps are required for preparing the IT audit. The first approach is to collect knowledge and prepare the second option is to think about the current system of internal regulation. More and more companies are implementing a risk assessment methodology that is used to evaluate risks and to support an IT auditor determine whether to administer compliance checks or to execute rigorous testing. In this report, audit finding of Recruitment Advertisement Management System, Horizon Power, Pensioner Rebate Scheme and Exchange and NRL-T is discussed. TASK Audit focus and scope of audit report. The main focus and scope of this report is to agencies examine key business applications at several state government. Every application is essential to the activities of the organization and can impact customers, such as the public where it is not adequately handled by the client and related procedures. Auditor check was a time measurement in the entire report for all the companies. In order to ensure that the systems operated as expected and that the details and report they provided were accurate, obtained and protected, they examined a sampling of main controls and procedures(Groomer and Murthy, 2018). Moreover checks of expose flaws in the architecture or execution of controls that raise the likelihood of misuse for knowledge in an application. Auditor does not however plan their testing to determine whether knowledge has been influenced. 1.Policies and processes:effective and efficient information retrieval is sponsored. 2.Sensitiveinformationmanagement:safeguardsoperatetoensurethe information is still important, protected and accessible 3.Data entry:correct, full and approved information is inserted 4.Backup and repair: in case of a catastrophe correct and in location. 5.Data results: Correct and full electronic or hard copy files 6.Data processing:as expected, in the appropriate period data is analysed. 7.Task division: No workers carry out conflicting roles or can carry them out
8.Trail Analysis: Transaction log reviews maintain a clear and accurate history 9.Masterfilemanagement,systemprocessingdevicemonitoringanddata monitoring: Document management processes, source record compilation and delivery ensure that the material is reliable, full and appropriate before the submission is submitted. Audit findings in the RAMS. The Committee did not conduct or provide independent guarantees of the adequacy and efficacy of major vendor’s network security measures. As a consequence, the Committee has no confidencethatRAMSmaterialissafeguardedtoguaranteeitssecurity,honestyand accessibility. Since the program was launched in 2003, RAMS has effectively supported a considerable amount of recruiting procedures. Nonetheless, auditors have found a range of areas to improve program management. There has been no clear reassurance of the Public Service Commission (the Commission) that the main vendor's administration of data security tests is sufficient and practical to protect the secrecy, credibility and accessibility of RAMS. Un-supporting software: the designers of the products don't hesitate to support any of the program's components. In addition,variable was not subject to any new functionality to fix known vulnerabilities in protection. Unfounded and out-dated technology increases the risk that criminals exploit known vulnerabilities, such that sensitive knowledge systems are leaked or disrupted. Riskmanagementnotevaluated:Thedisasterresponseevaluationhasnotbeen performed by the manufacturer since 2015. The Committee could not be sure that perhaps the request will be retrieved as necessary(Reichborn-Kjennerud, 2015). Out-dated documents on design specifications: The technical documents detailing the program do not represent the actual world of implementation. The Council can never be assured that the requirement would be covered by all necessary measures. Audit findings in the Horizon Power. Horizon has effective systems for identifying and correcting customer readings system errors. Every day for all network monitoring meters, customer readings are visible. The Velocity Program notes major billing adjustments for early remedying activities where necessary and until they are delivered to business clients, project managers evaluate billing. Horizon addressed mistakes of 1,43 billion dollars in 2017-18 (Figure 6). That included 1.42 billion dollars for a
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
corporate company and 8.5 million dollars for other corporate customers. The 1.42 billion dollars mistake emerged out of the client's meter's manually reading without the use of a portable unit. Variables like inaccurate payment prices, wrong data and program adjustments were blamed for resulting errors. The procedures and systems of Horizon involve no review of the criminal records of employees. Auditor noticed new workers with unrestricted access to essential electricity infrastructures and facilities without criminal background checks. Furthermore, daily inspections are not done on key workers. Although recruiting procedures include identification and credential reviews and medical assessments, criminal background reviews are not used in the method. Workers may be appointed to confidence roles for which they are inappropriate without adequate screening procedures(Popescu and Popescu, 2018). They examined screening policies for 9 main staff and noticed that 8 were not properly screened for 3 to 14 months, given their duties. This result concerns the exclusive access to the energy distribution system as well as other primary networks by these workers. They also noticed that, because of the inaccuracy of the HR reports, Horizon access control is not successful for private company contractor workers. Auditor examination of six contracting records found that three were former suppliers leaving Horizon one to three months ago. Horizon has exported the bulk of ICT services and has provided connectivity to network and main infrastructure for over 300 contractors. There is an improved threat that such accounts will be used to target the Horizon IT infrastructure and services without an appropriate mechanism to remove contractor access. Horizon conducts periodic network usage checks for user verification and illness not used for 60 days. Among reports, furthermore, Horizon providers may manage network connectivity and programs. System information is at risk of errors and unintentional disclosure Until entering information in databases, Horizon depends on manual forms to log critical meter deployment information’s. The probability of imprecise knowledge accessing the systems is raised by manual business processes. Although Horizon told us that a data validation method has been in place for the method inserted into the requests, it's not clear whether the procedure is being conducted because the report is not available. When data review procedures are not consistently implemented, the data mistakes will be ignored and will have an effect on software security.
Network access passwords are not adequately handled: For a long time a password was not updated to a highly protected Administrator account. Despite the protected accounts, attackers are one of the most attacked, as they enable high accessibility rates. They have found that 9 were retired workers and suppliers and were notincapacitatedon a list of 16 access control accounts. Three of these devices are remotely open to ICT applications. The risk of unwanted or improper exposure to the whole infrastructure rises without adequate controls(Mukhina, 2015). Audit findings in the PRS and PRX State income may not carry out property ownership and residency restrictions under the Act. State income from LGs in 2003, but started carrying out searches in 2005. Proper testing procedures help to raising the chance of erroneous compromises to pensioners and disabled persons. Tax revenue informed us that reviews were suspended because a large number of payment requests were wrongly dismissed in LG requests files and government revenue reports due to incorrect land occupation and possession details. LGs were not told by State Revenue that restrictions had been halted until June 2018. They noted in 2010 that PRS didn't carry out property ownership and occupancy restrictions on property recordsin a similar way. The role was not set until 15 years back. Tax revenue has informed us that by June 2019 it would then repair issues. Inadequate controls may lead to unauthorised use of information ď‚·Insufficient monitoring and evaluations of user usage: State income will not routinely monitor online profiles in PRS and PRX. They found so many user profiles with rights as administrators. Furthermore, other PRX customer profiles, particularly privileged ones, haveno12-monthsnetworkaccess.Admincredentialspermitahighdegreeof accessibility and offenders are the most vulnerable. In August 2018, tax revenue launched a PRX user accounts review, but is restricted to foreign LG customers and will not include internal network income user accounts. ď‚·Several people have classified information that is non-protected:They60 people, including app engineers; have been reported with direct access to registration records, reimbursement data, and termination records for pensioners. This raises the risk of unwanted entry, identity modifications and fraudulent payments. Auditor also found that: payments documents in clear text are not sufficient for payment authentication. It is not observable if specifics of the payee accounts in the transaction document have also been
modified and transaction data are kept without reasonable constraints on a private network archive. State Tax Payments reports are created and include repayment sums and banking information of the paying LG account. Centrelink, the Department of Veterans Affairs as well as the Department of Community shall apply records of unemployment and higher qualifications to the State Treasury to assess qualifying pensioners. Simple to recognize database passwords: They provide 10 database profiles have been found with simple passwords as well as 70 accounts have not been updated by state gross profits’ authentication policy for more than 12 months. For a long period of time, seven out of 70 users have not updated their passwords. Weak authentication checks raise the possibility of unauthorized device entry(Groomer and Murthy, 2018). Duties separated: They find 17 consumers who have connections to both PRS and PRX had been able to carry out end-to-end actions during the court process. The clients may send claims, allegations for processing and demands for payment. This is a fundamental security precept that an individual starting a procedure must not be allowed. There is an elevated risk of illegal or dishonest compensation without proper division of duties. Eighteen of the 60 inappropriate privileged users may without authorisation change LG bank information and e-mail address throughout the PRS program. When confidential material, like bank records, is updated, the PRS program does not alert the appropriate LGs. Audit findings in the NRL-T. The NLR-T program functions well and enables Landgate to handle business registration transfers successfully. In order to preserve the security and dignity of data in the NLR-T, Landgate can nevertheless be able to enhance user access and knowledge protection. The framework and data management will continue to be strengthened by data analysis and on-going network security assessments. Changes to land information are not reviewed Landgate may not test for consistency transfers in the NLR-T. Auditor found 2 adjustments in land titles produced with an effective delegate from a study of 8 land transfers in 2018. It raises the likelihood that NLR-T records can alter improperly or illegally, which infringes the Act.Theynotedthough,thatthe2accountshadsufficientdocumentstojustifythe improvements.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Failure to track user access may result in unauthorized information access or abuse. In view of the NLR-T using Cloud technology and is configured for different users, they find poor network access restrictions which poses an that risk of unauthorized access and abuse of data. It is important to pay particular consideration to how delegated rights of access are handled. Throughout the following fields, they have found weak points: Insufficient division of responsibilities: Increased powers were given to two workers to enable them can conduct transactions with edge-to-end land titles(Mukhina, 2015). It is a fundamental concept of protection that a person who makes an application does not approve the same. Without sufficient separation of duties, the possibility of error is can and illegal or illegitimate operations may arise, leading to unsuitable improvements to land title records. Uneven user access checks: User credentials and consent privileges will not be checked periodically to ensure they are both necessary and correct(Popescu and Popescu, 2018).This helps users over time to gain disproportionate privileges, which may lead to unwanted or insufficient access to data. They noticed that in one instances a former Landgate workers still had connections to the NLR-T and network. Professional, legal, and ethical responsibilities of an IT Auditor Infrastructure, policy and compliance problems are usually the subject of ITauditors. An IT inspector must investigate the following: Internal security procedures: The internal security procedures within the company or not as it implement its health policies properly. The IT inspector must use the latest equipment and equipment of the organization to insure it will not pose a danger to established achievements. IT accountantswillalsobuildapproachestopushorganisationstowardsdesiredprotection practices. For example, a security encryption scheme may be implemented by an IT auditor. Regulatory compliance of the company: The problem of regulatory enforcement is gradually being evaluated by the auditors with respect to the technology itself. That may involve issues such as hospital care issues, in which records could be kept secret and even digitally confidential. Analyze account balances and financial transactions: The auditor use to audit of all activities (economic events) involving the company to complete the accounting process. Once any transaction has been made, the accounting equation (assets = liabilities + equity) will stay in
place, and accountants have to evaluate any transaction before reporting the deal to see if it impacts equity and the various forms of assets and liabilities(Popescu and Popescu, 2018). Unjustifiedlitigation:Severalthirdpartycasesremainunjustifiedconsideringthe prospective action against auditors. For instance, if an accountant is sued by a third party for not being a viable entity, then the accountant is no longer responsible for ensuring a viable business; it will likely remain operational for the long run. The third party has been determined not to be accountable to the auditor. The accountant is primarily committed to ensuring the accurate reporting of the financial results according to the correct appraisal requirements. Furthermore, the concept of audit fraud can involve unreasonable legal proceedings. CONCLUSION In the conclusion of report, it is determined that IT audit process is dynamic and involves all facets of the information system of a company. The development and design of software, devices and networks, identification and licensing and physical protection are audited by it auditor to make the meaningful decision. IT auditor has gathered all of the data; in order to evaluate and for successful test and efficacy of the activity audited within an organisation.
REEFRENCES Books and Journals Chou, D. C., 2015. Cloud computing risk and audit issues.Computer Standards & Interfaces,42, pp.137-142. Groomer, S. M. and Murthy, U. S., 2018. Continuous auditing of database applications: An embedded audit module approach.Continuous Auditing, pp.105-124. Mukhina, A. S., 2015. International concept of an assessment of internal control efficiency in the conduct of an audit.Asian Social Science,11(8), p.58. Popescu, C. R. G. and Popescu, G. N., 2018. Risks of cyber attacks on financial audit activity.The Audit Financiar journal,16(149), pp.140-140. Reichborn-Kjennerud, K., 2015. Resistance to control—Norwegian ministries’ and agencies’ reactions to performance audit.Public Organization Review,15(1), pp.17-32.