Audit Focus and Scope of Given Audit Report

Verified

Added on  2023/01/11

|11
|2639
|78
AI Summary
This document provides an overview of the audit focus and scope of the given audit report. It discusses the high risk IT issues in the NSW city councils and describes the audit findings related to IT governance, IT general controls, and cyber security management. The document also includes references for further reading.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
REPORT

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
Table of Contents
INTRODUCTION...........................................................................................................................3
1. Identify audit focus and scope of the given audit report.............................................................3
2. Describe high risk IT issues in the NSW city councils...............................................................4
3. Describe audit findings related to IT governance in the NSW city councils...............................7
4. Describe audit findings related to IT general controls in the NSW city councils.......................7
5. Describe audit findings related to cyber security management in the NSW city councils..........9
REFERENCING............................................................................................................................11
Document Page
INTRODUCTION
A meeting of the evaluator is obviously not the location of the collection center. The law that
almost everyone is authenticated, the manager has all submitted. The assessor waives the law to
remedy the policy that aligns the law of the tax statutes and the law with which they are made. In
congressional jurisprudence we call this law.
1. Identify audit focus and scope of the given audit report
Audit Focus:
An audit offers auditors a "reasonable" assurance in support of their audit opinion. This is a high
level of validation, but not above, which means that there is an inevitable risk that some
significant errors will not be identified in a properly conducted study. The UK assessment
guidelines express its entire unprovoked existence outside the realm of imagination due to the
inherent limitations of the review, which involves the legal and executive undergoing a
validation review, as well as the timing and costs of the restriction.
It is not necessary for the assessors to recognize that they have no audit evidence; despite what
might be expected, in the absence of a valid audit validation, auditors must - it is not allowed -
justify their audit report. The report similarly reflects the improvements in the interpretation and
budget management of the lines of action in all rooms. Fewer errors have been identified. There
are multiple rooms with audit fees, risk and fiduciary administration and internal audit capability.
The officer saw the work on it, including the false representation of the control panels, developed
in a similar way. These are very satisfactory indicators of strengthening the management and
monitoring of money in the area. I have to recognize that the profiling rooms have collaborated
with the Audit Office to improve the consistency of training and overall responsibility.
Audit Scope:
Investigators look for any errors, without much regard to how they are caused. If they accept that
false misrepresentations could be the result of substantial misrepresentations, rather than
fundamental errors, which are much more likely to be covered, then they must use a completely
different strategy to show an assembly here. In addition, the consistency of content with the laws
Document Page
and guidelines, including the legality of profits, is always relevant to the study if the wrong
values arising from the revolution may arise out to be relevant.
2. Describe high risk IT issues in the NSW city councils
In previous years, auditors announced the need to develop administrative committees and IT
controls to monitor key financial frameworks. This section shows the progress made by the
boards in the management of the main IT risks and controls, with particular attention to digital
security. Below is a part of the risk assessment:
Low risk
The information and middle managers are delegated to low risk unless considered moderate or
high risk and:
1. Information is given for the open presentation, no
2. Loss of privacy, honesty or access to information or framework would not adversely affect our
strategies, assets or reputation.
Medium risk
Risk and information are delegated to information and managers unless they are considered high
risk and:
1. The information is generally not accessible to society at large, or
2. Loss of privacy, instability or access to information or the framework can adversely affect our
strategy, account or reputation.
High risk
Information and cadres are high risk delegates if:
1. The protection of information is legally required / direct,
2. Stanford must self-report to the legislator and also inform the person if the information is
obtained improperly, or

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
3. The loss of privacy, trust or access to information or to the structure could materially and
negatively influence our vital, our accounts or our reputation.
The examples of each type of risk were examined below:
Low risk
Applications that take into account low risk data
Online maps
Common problems classified as moderate or low risk include:
• Free recognition of performance improvements in performance records.
• Excel spreadsheets that provide information about resources outside of supervisor resources
without audits to ensure the information is accurate.
• Used resources not found from convenient building.
• Balance sheets with the benefit of the frame are not accepted.
• Actions listed in the wrong resource classes in benefit tables.
• Resource logs with copy resources.
• Multiple resource records maintained to record different classes of resources
• Property, equipment and hardware are not regularly controlled.
Medium risk
Applications that take into account moderate risk data
Human resource application that stores payment data
Directory containing phone numbers, email locations and titles
A company application that releases data in an emergency
Online application for poor certifications
Document Page
High risk
High risk data related applications
Human Resource application that stores representative SSNs
The land source application organizes public data
An application that collects the individual data of the colleague, former student or another
An application that controls MasterCard allowances
The evaluators identified 575 problems identified by data innovation (numbers 2017-2018: 448).
Sixty-eight percent identified by the customer come to the table (2017–18: 60 percent). While its
control over the total required in detail in our management letters has expanded and been
compared the year before, the total number of high-risk problems has declined. Our audits
identified 299 issues related to asset management (2017–18: 291 issues). There was a reduction
in high risk matters reported in our management letters compared to the previous year.
Some of the risks have been discussed below:
The high probability problems reported above are characterized by:
Lack of key IT supplies and systems.
Minority IT fault or risk used by managers.
The consumer comes to studies on key unsecured monetary frameworks.
Shared user accounts.
Segregation of obligations that have not been appropriately implemented in the major
monetary frameworks.
The privileged client becomes unrestricted and overlooked enough to identify weak or
uncontested secret movements.
Use of the system with missing documents, approvals and uncertain deformities.
3. Describe audit findings related to IT governance in the NSW city
councils
He is sure that he is now sure to claim. If not prepared and pre-IT it is every night and the whole
nightmare. Request the legal judicial commissions that protect you from his IT watchdog. IT
police influence within:
Document Page
In 2017-18; a law that makes it unquestionably 41% of a comet when.
In that law, 22% of boards that are not informed of the law and legal entities are not.
Little progress has been made by the committees that formalize their IT strategies and commit
themselves to be examined normally:
• From complete cards; 71% have no IT strategies in at least one of the accompanying areas:
 IT security
 IT to change the card
 program the IT and lay out the card
 Disaster recovery
 Business continuity
• 25% of accessible IT techniques are not displayed on the card's scheduled date based on the
room reservation check date to ensure they are modern.
4. Describe audit findings related to IT general controls in the NSW city
councils
General IT controls are the techniques and exercises aimed at ensuring the classification and
honesty of managers and information. These checks support the dignity of financial details. Our
cash-related reviews that incorporate general survey checks identified with key monetary
frameworks to support the resolution of the board's balance sheet reports tended to:
• The user arrives at the table.
• The private messenger comes to limitation and observation.
• Delivery, modification and maintenance of the system program.
• Fixed disaster recovery.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
We have not studied all the IT frameworks of the theaters. For example, the IT frameworks used
to assist with administrative management are usually outside the scope of our money audit. In
any case, boards of directors should consider the importance of what we find in these contexts.
Data innovation is critical to the way committees provide administrations. Although IT can
improve administrative behavior, the growing dependence on innovation means that committees
face risks of unilateral access and abuse.
The main areas of powerful customers are:
• Adequate support for new logins and changes in access to IT frameworks
• Timely implementation to access IT frameworks
• Effective secret word controls to keep the strategic distance from customer elimination
• A courier periodically receives a survey to identify any differences
• Restrict useful access to interested staff
• Monitor access to exercises.
The cards have improved their access. However, additional updates are needed to keep track of
beneficial tutorials on the customer's account and occasional checks on customer access.
Changes to IT programs and their core departments must be approved before deployment. This
ensures that the changes are appropriate and consistent with business needs. The sensitive change
of picture controls the committees at risk:
• Unauthorized and off-base modifications to frameworks or projects.
• Problems with accuracy and reliability of information.
• Unexpected changes to the way projects are run or data communicated.
• Errors in publishing funds.
The Disaster Recovery Agency (DRP) encourages commissions to prevent business disputes in
the event of significant cessation of charges or other debacles. Without identified monitoring and
Document Page
resolution, it is likely that the meetings will not be able to anticipate the effects of the disturbance
identify the most appropriate black spots or recover the underlying structures in the event of a
disaster.
General IT controls (ITGC) are the basic controls that can be applied to IT frameworks, such
as applications, frameworks, databases and basic IT support. The goals of ITGC are to ensure the
reliability of the information and procedures supported by the frameworks. “Internal controls”
refers to these exercises within an organization that has been instituted by the administration to
minimize the risks that could prevent the system from occurring organization from reaching its
goals.
Control conditions of the organization at the highest levels of management in terms of controls.
This includes, for example, the "tone up" components and adequacy of the board's audit board in
its high-level control of money communication. This part is called the control environment. An
assessment of the risks of various approaches and variables that prevent the organization from
achieving its goals. For example, an approach that is particularly vulnerable to misrepresentation
would be seen as a high probability field.
5. Describe audit findings related to cyber security management in the
NSW city councils
At state government level, NSW's Cyber Security Policy states that "effective digital security is
an important part of NSW's digital governance strategy. The term digital security encompasses
all estimates used to ensure that cadres and data are prepared, transmitted or otherwise provided
on these frameworks from a matter of privacy, respect and accessibility. ”Although committees
are no longer required to adhere to the state government's digital security provisions, the
collections may find it helpful to refer to the strategy for further indications.
Mismanagement of digital security can expose cards to a wide range of risks, including monetary
misfortune, damage to reputation and incoming information. Effects can include:
• Theft of corporate data and permitted currency and innovation
• Stealing money
Document Page
• Administrative refusal
• Cancellation of information
• Costs for the installation of affected frameworks, systems and tools
• Legal costs plus legitimate doom actions resulting from denial of administrative attacks that
cause a personal time frame in the base cadres.
• Third party misfortune when individual data sent to government structures is used for criminal
purposes.
We carried out an advanced level assessment to determine whether collections and indoor
collections require management to monitor digital security.
The digital security of collection managers needs to improve, as most committees have not yet
implemented the basic components of administration, such as a digital security approach or
system. This will continue to be a central area, with an upcoming exhibition scheduled for a
digital security role.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
REFERENCING
Books and Journals
Bierstaker, J.L., Bedard, J.C. and Biggs, S.F., 1999. The role of problem representation shifts in
auditor decision processes in analytical procedures. Auditing: A Journal of Practice &
Theory, 18(1), pp.18-36.
Brody, R.G. and Lowe, D.J., 2000. The new role of the internal auditor: Implications for internal
auditor objectivity. International Journal of Auditing, 4(2), pp.169-176.
Guedhami, O. and Pittman, J.A., 2006. Ownership concentration in privatized firms: The role of
disclosure standards, auditor choice, and auditing infrastructure. Journal of Accounting
Research, 44(5), pp.889-929.
Guedhami, O., Pittman, J.A. and Saffar, W., 2009. Auditor choice in privatized firms: Empirical
evidence on the role of state and foreign owners. Journal of Accounting and
Economics, 48(2-3), pp.151-171.
Gul, F.A., Fung, S.Y.K. and Jaggi, B., 2009. Earnings quality: Some evidence on the role of
auditor tenure and auditors’ industry expertise. Journal of accounting and
Economics, 47(3), pp.265-287.
Khan, M.A., 1985. Role of the Auditor in an Islamic Economy. Journal of King Abdulaziz
University: Islamic Economics, 3(1).
Lim, C.Y. and Tan, P.M., 2009. Control divergence, timeliness in loss recognition, and the role
of auditor specialization: Evidence from around the world. Journal of Accounting, Auditing
& Finance, 24(2), pp.295-332.
Messier, W.F., Glover, S.M. and Prawitt, D.F., 2008. Auditing & assurance services: A
systematic approach. Boston, MA: McGraw-Hill Irwin.
Pickett, K.S., 2011. The essential guide to internal auditing. John Wiley & Sons.
Smieliauskas, W.J., Bewley, K. and Robertson, J.C., 2013. Auditing: An international approach.
W. Ross MacDonald School Resource Services Library.
1 out of 11
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

Available 24*7 on WhatsApp / Email

[object Object]