IT Audit and Control: Analysis, Findings, Strategies, and Recommendations

Verified

Added on  2023/01/11

|10
|3122
|62
AI Summary
This report analyzes an IT audit report of Western Australia Auditor General Report, highlighting the irregularities found and providing strategies and recommendations to overcome them. The report emphasizes the importance of IT controls and security in protecting corporate assets and ensuring data integrity.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
IT AUDIT AND CONTROL

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
TABLE OF CONTENTS
Table of Contents.............................................................................................................................2
INTRODUCTION...........................................................................................................................3
MAIN BODY...................................................................................................................................3
Analysis of audit report..........................................................................................................3
Audit findings and irregularities found in report....................................................................5
Audit strategies and actions....................................................................................................6
Recommendation to overcome Irregularities.........................................................................8
CONCLUSION................................................................................................................................8
REFERENCES................................................................................................................................1
Document Page
INTRODUCTION
Information Technology audit termed out as evaluation and examination of the organisation IT
policies, infrastructure and operations (Sennewald and Baillie, 2020). Thus, IT controls and aids
to protect corporate assets and aids to ensure data integrity and these all needs to be aligned with
overall goals of business. Hence, IT audit and security mainly considered the process that assist
to collect and evaluate evidence to determine that whether computer system safeguarding assets,
allows entities goals to accomplished effectively, helps to maintain data integrity and also
supports to uses resources efficiently ( Isinkaye, Soyemi and Arowosegbe, 2020).
The present report is based on to analyse the IT audit report of Western Australia Auditor
General Report. Furthermore, report will cover the irregularities found in report of Audit. Also,
discussion will be conducted on possible strategies that aids to cope up irregularities found in
report. Also, recommendation will be outlined in order to cope up the future source of actions.
MAIN BODY
Analysis of audit report
An audit report termed out to be opinion of auditor that relates with concerning the
examination of entity financial statement.
Audit focus and scope-:
The major focus is on the key business application at number of state government
entities. Hence, each application is crucial to undertake processes of entity. This affects
stakeholder together with the public if application and processes not managed properly. Thus, 4
applications are as RAMS, Pensioner Rebate scheme and exchange, Advanced Metering
infrastructure and New land register (Vedadi and Warkentin, 2020).
Audit findings in RAMS- Western Australian government bodies mainly uses the system that
called out as RAMS. In addition to this, RAMS is application that is termed out as the
government e-recruitment solution. It is system that managed by their that called as SaaS. This
contains personal identifiable, complex information such as address, qualification, work history
etc. As per the audit findings it has been found out that commission do not have guarantee that
information contained in RAMS is protected to safeguard its truthfulness, availability and
confidentiality ( Bezzaoucha and Voos, 2020). Thus, deficiencies in this system are as there is
outdated technical specification documentation, unverified software, tragedy retrieval not tested
Document Page
and also there is no specific right to command to collect security inspections of RAMS
environments. Hence, commission has the partial ability to validate security controls.
Audit finding in Horizon power- In this, Audit focused on application within advanced
metering infrastructure that used by corporation as regional power that trending as Horizon
power. It is the application that aids to cover sensitive information of client such as customer
name, address and date of birth etc. By audit findings it has been found out that Horizon has
effective procedures that systematically assist to detect and cure consumption errors before bills
are issued but the value of error is quite high (Pasupuleti and Varma, 2020). This tool does not
have insufficient security such as human resource and contractor access management. Herein,
system information is at risk of faults and unintended disclosure. With help of findings, it has
been found out that Horizon has a mature vulnerability management process and this is the
process that leave system and information at risk of exposure.
Describe audit findings in PRS- The office of state revenue process the local legal authority
bodies that claim for repayment of concession with help of which they estimate the amounts that
needs to be paid to the qualified pensioners and senior through retiree’s rebate scheme. Hence,
this can be stated that PRS and PRX effective provide proper assistance and support state
revenue and local government to process the reimbursement claims (Rijayanti, Hendayun,
Suharto and Hwang, 2020). Hence, state revenue does not have suitable user contact or security
controls in terms to collecting the private and trusted information in PRS and PRX. As per the
audit findings, the following feebleness are identified due to which there is needs to compromise
the confidentiality and integrity of information. This has inadequate user access controls and
reviews that do not continually review the PRX and PSR user accounts. Therefore, the large
number of the user has access to unprotected sensitive information. Also, this has been found out
that security vulnerabilities are not well managed and that leaves PRS and PRX exposed to
attack. Hence, audit findings also assist to found out that state income do not able to recover the
PRS and PRX that following the major event and disruption.
Audit findings in NRL-T- The application such as New Land registry used by the Western
Australian authority such as Land information. Therefore, the main purpose is to use this
application is to manage belongings ownership and records of location data for western Australia
(Rijayanti, Hendayun, Suharto and Hwang, 2020). Thus, NLR-T works as to systematises the
earlier paper based land registration process. This was established and sustained as part of an

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
contract out ICT plan that uses the public cloud infrastructure. With the help of audit findings,
this has been found out that inappropriate and insufficient user contact control can lead to illegal
right to use or misappropriation of the data. Hence, access of the controls poses an enlarged risk
of unauthorised access and misuse of information. Therefore, it has been found out that lack of
outside web diffusion may results in the vulnerabilities that going to unobserved. Thus, failure of
these controls has highly impacted the privacy, truthfulness and accessibility of land information
(Rijayanti, Hendayun and Hwang, 2020). Thus, testing procedure needs to be conducted in the
steady manner to keep step with developing cyber threats. Therefore, this has been found out
that credit care data is at the risk of high exposure.
Discussion on skilled, legal and ethical duties of IT auditor.
The responsibilities of auditor are to express a view on whether the administration has
equitably obtainable the data in the financial statements. In order to do it properly, the auditor
gathers proof that allows to obtain reasonable declaration that defines that accounts are free of
substantial misstatement (Rijayanti, Hendayun and Hwang, 2020). Thus, IT auditor needs to
professionally accepted the standards of personal, business behaviour, guiding principles and
values. Hence, this encompasses the personal, organisational and corporate standards. Therefore,
truthfulness, impartiality, professional capability, confidentiality and professional behaviour are
some of practices and behaviour that must be in IT auditor.
Audit findings and irregularities found in report.
From the report, the number of the irregularities have been found out with that are
impacting the working of enterprise in huge aspect. Thus, issues have been occurred as there
were not effective management process are applied. Hence, this can be stated that processes such
as ad -hoc and overall management is totally disorganised. In order to manage the all information
effectively there is needs to have effective process to investigate the all threats. Without effective
process to investigate, access, address appropriate weaknesses in timely manner.
There is huge risk that system will not be sufficiently sheltered against the probable
threats. In addition to this, it can be stated that these kind of the vulnerabilities may result in
unauthorised access to IT system and information. Thus, one issues also have been found out that
multifactorial authentication for undertaking remote access has enhanced the risk of unauthorised
access to entity IT system.
Document Page
Adequate assurance on vendor controls was not sought: it was identified that some of the
software components were unsupported or it can also be said that they did not support
software vendors. From past many years disaster recovery system was not tested, not only
this their technical specification documentation was outdated and was not updated from a
long time.
Reduced amount of risk assessment led to lack in IS requirement in contract: commission has
not been provided with a specific right to conduct security audit of RAMS environment.
Process to report breech in security is not proper and specific. Most of the data stored is not
encrypted, not only this their backups have also not been specified. All the information has
been retained within the system and are not backup because of which if any critical situation
arises then all the information or data can be lost.
Improper access control lead to risk of unauthorised access: Access control are not proper
such as there is no policy for password configuration and user account management is quite
lower and all kinds of generic accounts can access all kinds of information and they do not
require to authorize their accounts.
Improper business continuity arrangements: they have not updated their business continuity
plant for quite long. Not changes within critical business objectives and operations have been
done.
Vendor compliance not monitored in a proper manner in order to ensure entities’ needs are
meet of RAMS: All the issues faced by commission do not receive contracted services and
are not aware of issues with service delivery of vendors.
Lack of proper application management processes that increased risk of unplanned system
downtime: if there is requirement to make any changes within the system then those changes
are not managed properly. Not only this, if any kind of incident occurs then those incidents
are not recorded properly and a formal procedure is not used.
Audit strategies and actions
In order to identify appropriate strategy, it is important for auditor to identify
characteristics of their engagement and scope of the audit (Porumb and et. al., 2019). It is
extremely important to identify and focus on this point before focusing on further works. Then
on the basis of the main objectives of the report so that auditor can identify nature of the
communication which is required to be established. It is one of the main parts of audit strategy to
Document Page
identify key factors or areas in audit engagement that requires high professional judgement. The
main purpose of audit strategy is to set scope of the audit engagement, manage and arrange the
audit effectively and correctly, establish the time frame of the audit, set right audit approach and
document about audit methodologies (Abernathy and et. al., 2017). It is important to review
business applications as each application is important for operation of entity as it might affect all
the stakeholders.
An audit strategy is a set of timing, direction and scope of the audit. These audit strategies
are used to generate guidelines when an audit plan is being generated (Habib and et. al., 2019).
Audit strategy document generally includes statement of key directions that are required to be
improved properly. So, this audit report has been based upon following considerations: scope and
objectives of the report. Scope of this audit report will be focusing on four main applications:
RAMS, Pensioner Rebate Scheme, Advanced Metering Infrastructure and Exchange and New
Land Register application. In order to review such application a systematic process was followed
that focuses on: Security of sensitive information that exist to ensure integrity, confidentiality
and availability of information at all times, Policies and procedures for reliable processing of
system, Data input in order to ensure authentic and authorized data, Backup and recovery, data
processing, data output, audit trail, Segregation of duties and Masterfile maintenance, interface
controls, data preparation. Nature of the communication. All the communication was done
formally in which procedure of the whole report was defined properly. Various categories were
defined with the help of which rating scale and criteria was defined. On the basis of these
criteria’s information security weaknesses potentially compromise entities’ systems were studied
(Abbott and et. al., 2018). Then results of preliminary activities is checked. From the preliminary
activities it was identified that there was small increase in entities. Only information security and
business continuity were the entities that showed little improvement. It was also identified that
the majority of issues identified could be easily addressed with a better information security
management and keeping processes to recover data and operations in the event of an incident up
to date. It is important to prioritized security and continuity of information systems so that
confidentiality and integrity of the information cannot be compromised (Abbott and et. al.,
2018).
So from the above discussion it can be said that audit strategy that was focused on in this
for identification of irregularities is: Identify scope of the report and audit focus, description of

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
audit findings in the Horizon Power, description of RAMS system audit findings, description of
audit findings in the NRL-T, description of audit findings in the PRS and PRX. then discussion
of all the findings and defining or analysing them on the basis of defined rating scale and defined
criteria. Lastly analysis of audit findings is done so that proper recommendations can be
provided in order to reduce such issues.
Recommendation to overcome Irregularities.
This audit report has helped in identifying various kinds of issues in four main categories
of system. Recommendations through which irregularities can be overcome are:
A risk assurance framework for SaaS arrangements can be implemented and on the basis of it
risk assessment of the RAMS application and information can be done. This will help them
to identify risk and update their contractual terms on the basis of those risk.
Establish a suitable feedback system for all the stakeholders so that issues and their impact
can be identified easily.
Appropriate user account management practices can be implemented and communicated to
all the entities.
CONCLUSION
From the above audit report assignment, it has been analysed that information technology
audit is one of the most important things which is required to be carried out within an
organization so that they can evaluate and examine organisation’s information technology
policies, infrastructure and operations in a proper and effective manner. It helps in ensuring and
maintaining data integrity, align needs and requirements of the organization with their main
defined goals. IT audit helps in maintaining overall process of collecting data or information
related to it, identify issues faced by them and ways in which those issues can be resolved. With
the help of this audit report various kinds of issues or irregularities within current system of
Western Australian government information systems such as irregularities within RAMS system,
Horizon power, PRS and PRE and within new land registry. All issues faced by them have been
identified and in addition to this, strategies through which such issues or irregularities can be
resolved have also been identified. Other than this, this IT audit report also identified that future
recommendations or source of actions through which improvement within such systems can be
brought is also identified.
Document Page
Document Page
REFERENCES
Books and Journals
Abbott, L., and et. al., 2018. What’s in a name? the impact of US audit partner identification on
going concern audit report modifications. The Impact of US Audit Partner Identification
on Going Concern Audit Report Modifications (January 30, 2018).
Abernathy, J.L., and et. al., 2017. An international perspective on audit report lag: A synthesis of
the literature and opportunities for future research. International Journal of Auditing.
21(1). pp.100-127.
Bezzaoucha, S. and Voos, H., 2020. A short Survey on the Cyber Security in Control Systems.
Habib, A., and et. al., 2019. Determinants of audit report lag: A meta‐analysis. International
Journal of Auditing. 23(1). pp.20-44.
Isinkaye, F.O., Soyemi, J. and Arowosegbe, O.I., 2020. An Android-based Face Recognition
System for Class Attendance and Malpractice Control. International Journal of Computer
Science and Information Security (IJCSIS). 18(1).
Pasupuleti, S.K. and Varma, D., 2020. Lightweight ciphertext-policy attribute-based encryption
scheme for data privacy and security in cloud-assisted IoT. In Real-Time Data Analytics for
Large Scale Sensor Data (pp. 97-114). Academic Press.
Porumb, V.A., and et. al., 2019. Is More Always Better? Disclosures in the Expanded Audit
Report and their Impact on Loan Contracting. Disclosures in the Expanded Audit Report
and Their Impact on Loan Contracting (March 4, 2019).
Rijayanti, R., and et. al., 2020. A Study on IT Security Control by Comparison of Secure
Software Development Process. In Information Science and Applications (pp. 551-560).
Springer, Singapore.
Sennewald, C.A. and Baillie, C., 2020. Effective security management. Butterworth-Heinemann.
Vedadi, A. and Warkentin, M., 2020. Can Secure Behaviors Be Contagious? A Two-Stage
Investigation of the Influence of Herd Behavior on Security Decisions. Journal of the
Association for Information Systems. 21(2). p.3.
1
1 out of 10
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

Available 24*7 on WhatsApp / Email

[object Object]