IT Audit Control Report: SBM 4302, Sydney Bank West Case Study
VerifiedAdded on 2022/12/16
|8
|1676
|131
Report
AI Summary
This report provides an in-depth analysis of IT audit controls, focusing on a case study involving Sydney-based Bank West. It begins with an introduction to IT audits, explaining their purpose and objectives in safeguarding corporate assets and ensuring data integrity. The report then presents a case stu...
IT Audit Control
IT Audit and Controls (SBM 4302)
1
IT Audit and Controls (SBM 4302)
1
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
IT Audit Control
Table of Contents
Introduction
Case study 2
Weakness in Audit control in Case study 3
Risk Assessment in Audit control 4
Methodology 5
Impact of IT Audit control 6
Professional , legal and ethical duties of Auditor……………………………………………………………………………………7
Conclusion……………………………………………………………………………………………………………………………………………….8
2
Table of Contents
Introduction
Case study 2
Weakness in Audit control in Case study 3
Risk Assessment in Audit control 4
Methodology 5
Impact of IT Audit control 6
Professional , legal and ethical duties of Auditor……………………………………………………………………………………7
Conclusion……………………………………………………………………………………………………………………………………………….8
2
IT Audit Control
1.0 Introduction
The IT Audit is a process of evaluating and examining the Organization’s Information
technology policies , operations and Infrastructure. The main purpose of Audit Information
technology is to determine whether the IT control protects the corporate assets or not, it provides
the data integrity in the well versed form or not according to the business goals. In this process
the auditors not only check the security processes but also the overall business processes of the
business and financial controls that involve the Information technology systems.
The key objectives of performing the IT Audit are as follows-
To evaluate the key processes and system that are involved in securing the company data.
It helps in determining the risks for the company assets and propose the methods for
minimizing these risks.
It also helps in ensuring that the Information mangement processes comply to the IT-
Specific laws, standards and policies
IT audit also attempts to determine the inefficiencies in the IT system and the associated
mangement.
2.0 Case Study Background
Bank west is a bank that is based in Sydney Australia , This bank provides the services for the
Saving Account , Term Deposit ,Share trading and Financial advice to its customers. In the year
2008 the bank was in news due to an IT scam based on fake SMS that came from the
unauthorized source and then it takes to the fake verification page . posing as an mail from the
bank. This makes the users to post their PAN details in their fake login page and they used this
detail for their unauthorized work. this was noticed by some customers who were technical
savvy that the pages they were asked to login were quite different from the previous login pages
and procedure was also different , they reported this matter to the authority of the bank . Then
the IT vigilance department looked in this matter and found that the issues raised by the
customers were correct and lot of customers reported the transaction of their account without
their consent and knowledge had been done.
3
1.0 Introduction
The IT Audit is a process of evaluating and examining the Organization’s Information
technology policies , operations and Infrastructure. The main purpose of Audit Information
technology is to determine whether the IT control protects the corporate assets or not, it provides
the data integrity in the well versed form or not according to the business goals. In this process
the auditors not only check the security processes but also the overall business processes of the
business and financial controls that involve the Information technology systems.
The key objectives of performing the IT Audit are as follows-
To evaluate the key processes and system that are involved in securing the company data.
It helps in determining the risks for the company assets and propose the methods for
minimizing these risks.
It also helps in ensuring that the Information mangement processes comply to the IT-
Specific laws, standards and policies
IT audit also attempts to determine the inefficiencies in the IT system and the associated
mangement.
2.0 Case Study Background
Bank west is a bank that is based in Sydney Australia , This bank provides the services for the
Saving Account , Term Deposit ,Share trading and Financial advice to its customers. In the year
2008 the bank was in news due to an IT scam based on fake SMS that came from the
unauthorized source and then it takes to the fake verification page . posing as an mail from the
bank. This makes the users to post their PAN details in their fake login page and they used this
detail for their unauthorized work. this was noticed by some customers who were technical
savvy that the pages they were asked to login were quite different from the previous login pages
and procedure was also different , they reported this matter to the authority of the bank . Then
the IT vigilance department looked in this matter and found that the issues raised by the
customers were correct and lot of customers reported the transaction of their account without
their consent and knowledge had been done.
3
IT Audit Control
Though Bank immediately took required steps and develop a complete strategy to eliminate
this problem. But this resulted to huge financial loss for the customers as well for the bank. This
not only resulted to the financial loss for the bank but also raised question mark to the security
policies , data control and other audit concentration issues of the bank. This scam also let loss of
customers believe on bank system and the lost of reputation too.
The Bank took the effective steps to develop the strong IT audit system for its department as
well. Along with this the bank developed the social engineering schemes to mange this fraud.
Along with developing the strong schemes the Bank also focused on providing the training
programs for its staff and general awareness program for its customers too.
2.0 The weakness in Organizations IT audit system
The first loop hole is in the Customer data record management system , how can the
emails and phone number of customers can be leaked out.
The second loop hole is monitoring of the website usage statistics .
The IT control department must have known before the customers report that some other
site is using its name for collecting the details of the account through customers.
Then it is weakness in its own online services that is so common and had security
breaches that led customers do not recognize the difference.
3.0Risks associated with planning and conducting the audit and control
activities
Audit risks put the deep impact on the working of the organization. It is required to consider all
the possible . For proper planning it is required to collect all the details and access the all
possible risks that can create the problem in audit control system. It is required to develop the
systematic policies for controlling the risks associated. The various risks associated with
planning and conducting the audit and control activities are as follows-
I. Inherent Risk- This risk is involved in understanding the nature of business and
transaction processing. For example the transactions step are larger in cash payment
rather than check issue.
II. Control Risk- This refers to the not proper assessment of the weakness in the internal
audit control system of the organization. For example if the delegation of work
4
Though Bank immediately took required steps and develop a complete strategy to eliminate
this problem. But this resulted to huge financial loss for the customers as well for the bank. This
not only resulted to the financial loss for the bank but also raised question mark to the security
policies , data control and other audit concentration issues of the bank. This scam also let loss of
customers believe on bank system and the lost of reputation too.
The Bank took the effective steps to develop the strong IT audit system for its department as
well. Along with this the bank developed the social engineering schemes to mange this fraud.
Along with developing the strong schemes the Bank also focused on providing the training
programs for its staff and general awareness program for its customers too.
2.0 The weakness in Organizations IT audit system
The first loop hole is in the Customer data record management system , how can the
emails and phone number of customers can be leaked out.
The second loop hole is monitoring of the website usage statistics .
The IT control department must have known before the customers report that some other
site is using its name for collecting the details of the account through customers.
Then it is weakness in its own online services that is so common and had security
breaches that led customers do not recognize the difference.
3.0Risks associated with planning and conducting the audit and control
activities
Audit risks put the deep impact on the working of the organization. It is required to consider all
the possible . For proper planning it is required to collect all the details and access the all
possible risks that can create the problem in audit control system. It is required to develop the
systematic policies for controlling the risks associated. The various risks associated with
planning and conducting the audit and control activities are as follows-
I. Inherent Risk- This risk is involved in understanding the nature of business and
transaction processing. For example the transactions step are larger in cash payment
rather than check issue.
II. Control Risk- This refers to the not proper assessment of the weakness in the internal
audit control system of the organization. For example if the delegation of work
4
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
IT Audit Control
responsibilities are not well defined than the possibility of internal audit control risk
is higher in comparison to other possible risks.
III. Detection Risks – This refers to the failure of audit detection methods in finding the
possible material error or fraud. The detection error can be raised due to sampling
error or due to non-sampling error too.
4.0IT Audit Methodologies required to be adopted – single Audit
Methodology
This methodology follows the principle of established principles and takes use of cut edge
technologies. Along with this it concentrates on improving the work processes within the
organization. Here the main focus is given on managing the risks and designing the appropriate
control policies . The steps took in this methodology are as follows-
Step-1 -Planning
In this phase the expert audit team firstly understand the operations , internal controls and
information system of the organization. Then audit time table is developed according to the
organization requirements.
Step2 –Risk Assessment
In this phase the potential risks that could arise are assessed. The business critical areas are
evaluated and the impact is fore sighted. Here the main objective is to identify the risk issues
early so that they can be controlled or mitigated at the early basis .
Step3 – Evaluating the Internal control
Developing the robust internal control is the key to the stable organization. The internal control
methods are evaluated in this step and the scope for improvement is identified. Later the
suggestion to improve the control processes is given .
Step4 – Testing the Audit
In this step the expert team uses the advance tools such as data interrogation software for
analyzing the audit trials conducted in the organization. Then it guides to enhance the
5
responsibilities are not well defined than the possibility of internal audit control risk
is higher in comparison to other possible risks.
III. Detection Risks – This refers to the failure of audit detection methods in finding the
possible material error or fraud. The detection error can be raised due to sampling
error or due to non-sampling error too.
4.0IT Audit Methodologies required to be adopted – single Audit
Methodology
This methodology follows the principle of established principles and takes use of cut edge
technologies. Along with this it concentrates on improving the work processes within the
organization. Here the main focus is given on managing the risks and designing the appropriate
control policies . The steps took in this methodology are as follows-
Step-1 -Planning
In this phase the expert audit team firstly understand the operations , internal controls and
information system of the organization. Then audit time table is developed according to the
organization requirements.
Step2 –Risk Assessment
In this phase the potential risks that could arise are assessed. The business critical areas are
evaluated and the impact is fore sighted. Here the main objective is to identify the risk issues
early so that they can be controlled or mitigated at the early basis .
Step3 – Evaluating the Internal control
Developing the robust internal control is the key to the stable organization. The internal control
methods are evaluated in this step and the scope for improvement is identified. Later the
suggestion to improve the control processes is given .
Step4 – Testing the Audit
In this step the expert team uses the advance tools such as data interrogation software for
analyzing the audit trials conducted in the organization. Then it guides to enhance the
5
IT Audit Control
performance of these audit tests. It is done by providing the proper statements for controlling the
applications by doing observations.
Step 5 – Conclusion and reporting
Here in this last step an additional check system for ensuring the accuracy of the work is
developed . According to the observed results the actions are took to provide the seamless
working at the organization.
5.0Impact of IT Audit controls on business operations
By implementing the well structured IT Audit controls on business operations the following
benefits are observed by the organization-
The organization will be capable to protect itself from the possible frauds.
Will be able to provide better services to its customers.
Will provide a standard working environment at the organization.
Will provide a better financial results for the organization.
6.0 The professional, legal, and ethical responsibilities of an IT Auditor
The auditors should perform their work in the professional manner with following the ethical
policies. The responsibilities of the IT Auditor are as follows-
To work in the principle of integrity to develop the trust on reliance of judgment.
It is required to concentrate on the objectivity of the audit system rather than collecting
other details.
It is moral duty of the Internal Auditors to maintain the principle of confidentiality of the
data , it is highly required to respect the value and ownership of the data.
Along with this the IT auditors should use their complete competency level knowledge
for accessing the work profile of the organization on not being bias for particular
organization.
Should follow all the legal norms and ethical concepts.
6
performance of these audit tests. It is done by providing the proper statements for controlling the
applications by doing observations.
Step 5 – Conclusion and reporting
Here in this last step an additional check system for ensuring the accuracy of the work is
developed . According to the observed results the actions are took to provide the seamless
working at the organization.
5.0Impact of IT Audit controls on business operations
By implementing the well structured IT Audit controls on business operations the following
benefits are observed by the organization-
The organization will be capable to protect itself from the possible frauds.
Will be able to provide better services to its customers.
Will provide a standard working environment at the organization.
Will provide a better financial results for the organization.
6.0 The professional, legal, and ethical responsibilities of an IT Auditor
The auditors should perform their work in the professional manner with following the ethical
policies. The responsibilities of the IT Auditor are as follows-
To work in the principle of integrity to develop the trust on reliance of judgment.
It is required to concentrate on the objectivity of the audit system rather than collecting
other details.
It is moral duty of the Internal Auditors to maintain the principle of confidentiality of the
data , it is highly required to respect the value and ownership of the data.
Along with this the IT auditors should use their complete competency level knowledge
for accessing the work profile of the organization on not being bias for particular
organization.
Should follow all the legal norms and ethical concepts.
6
IT Audit Control
Conclusion
The main purpose of Audit Information technology is to determine whether the IT control
protects the corporate assets or not, it provides the data integrity in the well versed form or not
according to the business goals. In this process the auditors not only check the security processes
but also the overall business processes of the business and financial controls that involve the
Information technology systems. For proper planning it is required to collect all the details and
access the all possible risks that can create the problem in audit control system. It is required to
develop the systematic policies for controlling the risks associated. It is moral duty of the
Internal Auditors to maintain the principle of confidentiality of the data , it is highly required to
respect the value and ownership of the data. Along with this the IT auditors should use their
complete competency level knowledge for accessing the work profile of the organization on not
being bias for particular organization.
7
Conclusion
The main purpose of Audit Information technology is to determine whether the IT control
protects the corporate assets or not, it provides the data integrity in the well versed form or not
according to the business goals. In this process the auditors not only check the security processes
but also the overall business processes of the business and financial controls that involve the
Information technology systems. For proper planning it is required to collect all the details and
access the all possible risks that can create the problem in audit control system. It is required to
develop the systematic policies for controlling the risks associated. It is moral duty of the
Internal Auditors to maintain the principle of confidentiality of the data , it is highly required to
respect the value and ownership of the data. Along with this the IT auditors should use their
complete competency level knowledge for accessing the work profile of the organization on not
being bias for particular organization.
7
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
IT Audit Control
Reference
Scott.H, (2012), An Introduction to the IT Audit control , Author House Publication
Pethru .R, (2013), Cloud Enterprise Architecture for Business process Management, CRC
Publication
Andrew.S, (2017), IT audit control, PACT Publishing
James. L , (2012), IT Audit control Management , Elsevier Publication
Andrew .G , (2013), IT Audit control Management, EA Publications
8
Reference
Scott.H, (2012), An Introduction to the IT Audit control , Author House Publication
Pethru .R, (2013), Cloud Enterprise Architecture for Business process Management, CRC
Publication
Andrew.S, (2017), IT audit control, PACT Publishing
James. L , (2012), IT Audit control Management , Elsevier Publication
Andrew .G , (2013), IT Audit control Management, EA Publications
8
1 out of 8
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.