Audit Plan Template: Risk-Based Strategy for Gail Industries (BSA/505)

Verified

Added on 2022/11/29

AI Summary

This assignment presents an audit plan template for Gail Industries, a company that manages digital transactions for clients like the city of Smallville. The plan involves developing a risk-based audit strategy, analyzing potential risks such as uncontrolled access to data centers, facilities, and network infrastructure, as well as unauthorized changes in system management, insecure data transmission, and unprocessed deposits. The assignment requires the inclusion of controls and corresponding audit strategies to mitigate these risks. The provided solution outlines specific strategies, like two-factor authentication, access control systems, environmental safeguards, and email encryption, to ensure data security and compliance with NIST 800-53 standards. The audit plan aims to cover the period from January 1, 2018, to December 31, 2018, with fieldwork commencing on January 3, 2019. The plan emphasizes the importance of secure data handling, access controls, and the integrity of financial transactions within Gail Industries' operations.

BSA/505 v4
Audit Plan Template
Complete the table below to develop a risk-based audit strategy for Gail Industries. Be sure to
also include any uncontrolled risks in the table. Add additional rows to the table as needed.
Risk Control Audit Strategy
Uncontrolled access to
datacenter
Physical control within data
center should be restricted to
accredited as well as proper
personnel.
Two-factor authentication
such as a badge access card
and biometric credential by
retinal eye scanner should be
implemented
Uncontrolled access to
facility
Facilities require access
control to handle that who
can enter the facilities and at
what timings.
The door badge access
system is involved to control
access within facilities.
Risk of environmental
safeguard
Environmental controls
should be implemented to
secure assets
The smoke detectors and
halon-free fire suppression
system should be used to
secure datacenter.
Unauthorized change in
management
The changes to system
software and network
infrastructure are required to
be documented
The detailed testing is
required to have control over
unauthorized change in
management
Unauthorized access to
network infrastructure
The operating system
resources should be allowed
to the appropriate user.
The information security
policies should be updated as
well as documented to help
the workers.
Unauthorized payment
process
The payment processing
policy is required to be
documented.
The physical access privilege
of data entry workforces is
separated from balancing as
well as mailroom personnel
Unsecure data transmission
Data transmission is required
to be secure by additional
security.
The E-mail encryption can be
best audit strategy.
Unprocessed deposits
The deposits should be
processed on time and at
accurate basis.
The supply schedule should
be continued in the mailroom.
Copyright© 2018 by University of Phoenix. All rights reserved.