IT Audit and Control

Verified

Added on 2023/01/12

AI Summary

This assignment focuses on the importance of IT audit and control in organizations. It analyzes the findings and irregularities in a sample IT audit report and discusses the strategies used for conducting the audit. The report covers various applications and their vulnerabilities, as well as the professional, legal, and ethical responsibilities of IT auditors.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

IT AUDIT AND CONTROL

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

TABLE OF CONTENTS
INTRODUCTION...........................................................................................................................3
MAIN BODY...................................................................................................................................3
Analysis of audit report and review of findings and irregularities found in report................3
Audit strategies and actions....................................................................................................7
CONCLUSION................................................................................................................................7
REFERENCES................................................................................................................................1

INTRODUCTION
IT audit can be defined as an examination and evaluation of organization’s information
technology application, infrastructure, management, data use, policies, operational processes,
procedure against recognized and established standards and policies (Rusmin and Evans, 2017).
IT audit is one of the most important factors which is required for organizations to conduct as it
helps companies to evaluating controls to protect information technology assists in order to
ensure integrity and their effectiveness so that it can be verified that such assets are aligned with
overall organizational goals and objectives. It helps in assuring that all the computer systems are
well assigned and safeguard assets and are integrated in a well- defined manner. It further helps
in effectively and accurately and if there is any kind of issue or problem with the IT system then
those issues can be identified in a timely manner so that solution for the same can be identified
properly. This assignment is based upon assessment of sample IT audit report of Western
Australia Auditor General Report. This assignment will also lay emphasis on audit focus and
scope of audit report, audit findings in RAMS system, audit findings in Horizon power, audit
findings in PRS and PRX, audit findings in NRL-T, professional, legal and ethical
responsibilities of an IT auditor, strategy used to produce the report, recommendations included
within the report as future source of action.
MAIN BODY
Analysis of audit report and review of findings and irregularities found in report
There are various kinds of issues or irregularities that were found within the report that
can impact overall government entities and their work (Hassan, 2016). It can impact overall
integrity of the system as well as can reduce overall security of the data stored within the
application systems as well.
Audit focus and scope-:
This audit report majorly focuses on business applications that are used at numerous state
government entities. Each of these applications plays a vital role in completing various
operations of government entities in a much better and appropriate manner. It helps in analysing
whether the applications and processes related to it are managed in an appropriate manner or not.
Four main types of applications that has been covered in this audit report are: Recruitment
Advertisement Management System which is a public sector commission application, Pensioner
Rebate Exchange and Scheme, Advanced Metering Infrastructure which is a Horizon Power

application and lastly, New Land Register which is a Western Australian Land Information
Authority application. Audit review majorly focused on systematic handling and processing of
data that comes in some pre- defined categories such as: data input, data output and many more.
It was important to audit these applications because if there is any kind of issue problem in these
applications then it can impact all the stakeholders associated with the entities including public.
In order to conduct this audit, scope was also defined. In this audit at 47 state government
entities was conducted.
Audit findings in RAMS:
Western Australian Land Information Authority majorly uses RAMS application. This
application is majorly used for selection and recruitment of staff members other than this it is
also used for recording severance details and for redevelopment. This application is externally
hosted and managed by a third- party vendor in SaaS. Since the application was implemented i.e.
2003, it has successfully facilitated various number of recruitment processes. However, from this
audit report it was identified that there are numerous kinds of issues or flaws within the system
that can work as an opportunity for improvement. First of all, they do not have independent
assurance that vendor is managing their information security controls and ensuring integrity,
confidentiality and availability of information within the system. From this report it was also
identified that there was a risk of insufficient business continuity planning because of which their
recruitment activities are getting impacted within whole organization. It was also identified that
their user management is also poor because of which exposure of sensitive and personal
information can be increased because of which it can be misused. It is one of the major risks for
the system because this government entity. Main protection control of the system is in the hands
of the vendor, security responsibility such as: middleware, runtime, virtualization, operating
system and data. If these security issues are not addressed then sensitive and personal
information such as history, employee’s information, client’s information and many more can be
compromised. Other than this, there are many other kinds of issues or risk that can impact the
government entity and stakeholders associated with it. These issues or risk are due to
carelessness of the entity such as: unsupported software, outdated technical specification
documentation, lack of testing on disaster recovery and backup and commission do not have
specific rights to conduct audit of RAMS system environment because of which their control
over verifying security of the application is extremely low.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

Audit finding in Horizon power:
Here audit report has focused on AMI application used by Regional Power Corporation
who trade as Horizon power. They sue this application for recording and monitoring bill of
electricity consumption. This application is used recording and storing sensitive client
information like their name, address, location of electric meters and many more. For this audit it
was identified that the application holds various kinds of confidentiality and integrity risk
because of improper background check. They also need to strengthen their database and network
security controls so that integrity of the system can be strengthened. Their system also had defect
in detection in consumption errors before the bill is issued and because of this many time value
of error is extremely high. It does not have appropriate contractor access management and also
have issues or errors in human resource security. Due to these issues overall information security
of the system is at risk that can further create various kinds of errors and sometimes can create
unintentional disclosure. But overall risk to information is high because they manually store
information within their systems due to which chances for inaccuracy of the information
increases. They do not have an appropriate process of documentation as a result data with issues
or errors goes unnoticed.
Describe audit findings in PRS:
PRS is an application system which is used by office of state revenue government entity.
This entity processes all kinds of claims of government entities, concessions reimbursement
which is paid by them to eligible seniors or pensioners with the help of PRX and PRS system
interface. It was identified that local entities and PRX system exchange all kinds of claim
information with state revenue. PRX and PRS were developed and maintained by state revenue.
One of the major flaws in this system was that state revenue had not performed any kind of land
occupancy and ownership check since 2005 due to which risk of concessions being paid to all
kinds of individuals who are ineligible increases. They also do not have proper and appropriate
user access and security control when it comes to collection of confidential and personal
information in both the system. There were many other weaknesses of the system that can create
various kinds of risk for the government entity. All the users whose sensitive and personal
information is stored within the system is completely unprotected. This clearly explains that all
the information stored within the system are not well managed and as a result their
vulnerabilities associated with it increases that can leave both the system at risk of hacker’s

attack. They also do not perform continuous access security check and it was identified that
almost 46 percent users of PRX – State Revenue system have not accessed their account. Almost
7 percent users of have not accessed their account.
Audit findings in NRL-T:
It is an application system which is being used by Western Australian Land Information
Authority in order to management ownership of the land, information related to location records,
of whole western Australia. This system helps in partially automating paper-based land
registration process. It was mainly developed as a result of outsourced ICT arrangement by using
public cloud infrastructure. This application successfully helps in managing land title
transactions. From this audit report it was identified that there was a need and requirement of
protecting integrity and confidentiality of information stored within the system. There was also a
requirement of reviewing external network and data verification will further strengthen overall
security of the system. These improvement within the system are required because there are
various issues and flaws within the system that can be resolved with the help of these
improvements such as any kind of changes done to land information are nor reviewed because of
risk of inappropriate chances increases. Improper user access control can increase risk of
unauthorized user access because of which risk of information misuse can increase. It was also
found that external network penetration testing was also not done because of which various kinds
of vulnerabilities can go undetected. It is important to work on such issues because of these
issues risk of credit card data theft can be increased. All kinds of IT services that have been
identified are not reviewed even after the time period of 12 months.
Discussion on professional, legal and ethical responsibilities of IT auditor:
There are various kinds of legal, professional and ethical responsibilities that are required
by the auditor as it helps them to evaluate whether the organization has presented all kinds of
information in an adequate manner and also verify whether there are any kind of issues or flaws
within applications or systems used by the organization (Menon and Williams, 2016). IT auditor
has some code of ethics that are required to followed by them. These codes of ethics consist of
four rules: client expects that IT auditors will uphold all kinds of industry guidelines and
principles. IT auditors are required to perform all kinds of services without any partiality and
biasness. Auditors are required to share only that information that are required to be highlighted

and are authorized by stakeholders. They should also go through continuous professional
development so that they can remain knowledgeable and required skills can be developed within
them. It professional are required to accept all kinds of standards professionally related to
business behaviour, guiding values and principles (Chang, Choy and Duh, 2020). These
standards not only help the IT auditor to fulfil their needs and requirements professional
responsibilities but it also helps them to fulfil their legal and ethical responsibility.
Audit strategies and actions
There are various kinds of strategies that can be used by IT auditors to conduct an audit.
These strategies helped in completing the audit in a successful and appropriate manner. First of
all, IT auditor identified focus and scope of the Audit report so that the main objectives of the
report can be confirmed (Habib and et. al., 2019). This helps the auditor to identify set scope of
the audit, fix time frame within which audit is required to be conducted, approaches and
methodologies that are required to be used within the audit. After setting up scope and objectives
of the report evaluation of all the four chosen system was done in which background use of the
system, issues within the system and conclusion was done (Riordan and et. al., 2017). After this
recommendation for all the four system were provided so that improvement within all the three
applications can be brought. In order to identify flaws and issues within the system few
considerable factors were identified on the basis if which irregularities within the system were
identified and measured. This helped in identifying opportunities through which security of all
the four systems can be enhanced.
CONCLUSION
From the above audit report analysis it has been summarized that in order to maintain
integrity, confidentiality and security of the system it is important for organizations to conduct
audit or review their system within a fixed interval of time so that time to time review will help
in identifying issues or irregulates within the system in an appropriate manner. This further helps
in maintaining needs and requirements of the system users, data integrity, enhanced performance
and security of the system.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

REFERENCES
Books and Journals
Chang, W.C., Choy, H.L. and Duh, R.R., 2020. The Effect of Audit Report Failures on Audit
Partner Reputation. Available at SSRN 3569427.
Habib, A., and et. al., 2019. Determinants of audit report lag: A meta‐analysis. International
Journal of Auditing. 23(1). pp.20-44.
Hassan, Y.M., 2016. Determinants of audit report lag: evidence from Palestine. Journal of
Accounting in Emerging Economies.
Menon, K. and Williams, D.D., 2016. Audit report restrictions in debt covenants. Contemporary
Accounting Research. 33(2). pp.682-717.
Riordan, F., and et. al., 2017. Audit Report of the HSE Midland Diabetes Structured Care
Programme.
Rusmin, R. and Evans, J., 2017. Audit quality and audit report lag: case of Indonesian listed
companies. Asian Review of Accounting.
1

1 out of 8

+13062052269

info@desklib.com

IT Audit and Control

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Related Documents

IT Audit and Control: Analysis, Findings, Strategies, and Recommendations

IT Audit: Focus, Scope, and Findings

IT Audit Findings in Different Firms

Analysis of IT Audit Report on Local Government 2019

Scope and Findings of IT Audit Report

IT Audit and Control