IT Audit Findings in Different Firms
Added on 2023-01-11
11 Pages2785 Words34 Views
Report
Contents
Introduction......................................................................................................................................3
Determine audit focus as well as scope of audit report..........................................................3
Illustrate audit findings in the RAMS....................................................................................3
Show audit findings in Horizon Power..................................................................................5
Demonstrate audit findings in PRS & PRX...........................................................................5
Illustrate audit findings in NRL-T..........................................................................................6
Responsibilities of an IT Auditor...........................................................................................7
Conclusion.......................................................................................................................................9
Reefrences......................................................................................................................................10
Introduction......................................................................................................................................3
Determine audit focus as well as scope of audit report..........................................................3
Illustrate audit findings in the RAMS....................................................................................3
Show audit findings in Horizon Power..................................................................................5
Demonstrate audit findings in PRS & PRX...........................................................................5
Illustrate audit findings in NRL-T..........................................................................................6
Responsibilities of an IT Auditor...........................................................................................7
Conclusion.......................................................................................................................................9
Reefrences......................................................................................................................................10
Introduction
The examination as well as assessment of firm’s information technology policies, operations
and infrastructure is referred to as IT audit. It is liable for identification of IT controls which
protects assets as well as makes sure data integrity along with aligning their operations with their
goals (Bentley, Lambert and Wang, 2020). This report is based on different firms, audit is being
carried out via a two important steps, they are collection of knowledge and analyse current
system for internal regulations. This report comprises of audit finding of RAMS, Horizon Power,
PRS along with PRX and NRL-T. Furthermore, it will also furnish adequate knowledge related
with legal, ethical and professional liabilities of IT auditor.
Determine audit focus as well as scope of audit report.
The emphasis is laid on examination of key business applications of state government
organisations. Each aspect is crucial for operations of entity and also creates a relevant impact on
stakeholders. The four applications that are being covered in this report are: Recruitment
advertisement management system (RAMS) which is a public sector commission, advanced
metering infrastructure (Horizon Power), Pensioner Rebate Scheme & Exchange (Office of State
Revenue) and New Land Register. For ensuring that systems are being operated as an anticipated
then it is necessary that precise as well as accurate information is furnished (Bradford and et. al,
2020).
Illustration 1: Findings Per Application
The examination as well as assessment of firm’s information technology policies, operations
and infrastructure is referred to as IT audit. It is liable for identification of IT controls which
protects assets as well as makes sure data integrity along with aligning their operations with their
goals (Bentley, Lambert and Wang, 2020). This report is based on different firms, audit is being
carried out via a two important steps, they are collection of knowledge and analyse current
system for internal regulations. This report comprises of audit finding of RAMS, Horizon Power,
PRS along with PRX and NRL-T. Furthermore, it will also furnish adequate knowledge related
with legal, ethical and professional liabilities of IT auditor.
Determine audit focus as well as scope of audit report.
The emphasis is laid on examination of key business applications of state government
organisations. Each aspect is crucial for operations of entity and also creates a relevant impact on
stakeholders. The four applications that are being covered in this report are: Recruitment
advertisement management system (RAMS) which is a public sector commission, advanced
metering infrastructure (Horizon Power), Pensioner Rebate Scheme & Exchange (Office of State
Revenue) and New Land Register. For ensuring that systems are being operated as an anticipated
then it is necessary that precise as well as accurate information is furnished (Bradford and et. al,
2020).
Illustration 1: Findings Per Application
The application reviews focus on systematic processing as well as handling of data with
respect to different control categories, they are: policies & procedures, security of sensitive data,
data input, backup & recovery, data output, data processing, segregation of duties, audit trail,
masterfile maintenance, interface controls and data preparation.
For this, sample of key controls along with processes for attaining reasonable assurance
with respect to that whether applications are working as per desired standards and information
contained id secured, reliable and accessible. Testing is being carried out to identify the
weaknesses that exist within control design or the ways in which they are implemented that
enhances risk for compromise.
Illustrate audit findings in the RAMS.
WA makes use of Recruitment Advertisement Management System for managing their
employee recruitment as well as redevelopment and recording severance details (Western
Australian Auditor General’s Report, 2019). The Commission has not received or undertaken
any independent assurance in context of managed data security protocols along with this, there is
no surety with respect to availability, confidentiality and integrity. Certain findings have been
illustrated below:
Commission do not have relevant assurance on vendor controls: There is no
declaration that data in RAMS is secured and certain deficiencies have been identified in them:
Unsupported software: Some components which are used in applications do not have
support from vendors. Furthermore, 1 component did not has software updates which is
being applied for fixing security vulnerabilities.
Outdated technical specification: The documentation did not describe current application
environment. This does not ascertain that all the relevant controls are in place for
protecting applications (Bratten, Causholli and Sulcaj, 2020).
Lack of risk assessment leads to insufficient IS needs: The information security risks
were not accessed by Commission towards application and information of RAMS when contract
was made. Key conditions as well as terms were not adequately specified and their weaknesses
were:
respect to different control categories, they are: policies & procedures, security of sensitive data,
data input, backup & recovery, data output, data processing, segregation of duties, audit trail,
masterfile maintenance, interface controls and data preparation.
For this, sample of key controls along with processes for attaining reasonable assurance
with respect to that whether applications are working as per desired standards and information
contained id secured, reliable and accessible. Testing is being carried out to identify the
weaknesses that exist within control design or the ways in which they are implemented that
enhances risk for compromise.
Illustrate audit findings in the RAMS.
WA makes use of Recruitment Advertisement Management System for managing their
employee recruitment as well as redevelopment and recording severance details (Western
Australian Auditor General’s Report, 2019). The Commission has not received or undertaken
any independent assurance in context of managed data security protocols along with this, there is
no surety with respect to availability, confidentiality and integrity. Certain findings have been
illustrated below:
Commission do not have relevant assurance on vendor controls: There is no
declaration that data in RAMS is secured and certain deficiencies have been identified in them:
Unsupported software: Some components which are used in applications do not have
support from vendors. Furthermore, 1 component did not has software updates which is
being applied for fixing security vulnerabilities.
Outdated technical specification: The documentation did not describe current application
environment. This does not ascertain that all the relevant controls are in place for
protecting applications (Bratten, Causholli and Sulcaj, 2020).
Lack of risk assessment leads to insufficient IS needs: The information security risks
were not accessed by Commission towards application and information of RAMS when contract
was made. Key conditions as well as terms were not adequately specified and their weaknesses
were:
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
IT Audit: Focus, Scope, and Findingslg...
|9
|2497
|89
Scope and Findings of IT Audit Reportlg...
|9
|2587
|27
IT Audit and Controllg...
|8
|2403
|88
Audit Findings in RAMS, Horizon Power, PRS and PRX, NRL-Tlg...
|10
|2929
|69
IT Audit and Controlslg...
|10
|2980
|83
Audit Findings for Information Systemslg...
|9
|2676
|69