SBM4302 IT Audit & Controls: Cyber Security in NSW City Councils
VerifiedAdded on 2023/01/11
|11
|2390
|52
Report
AI Summary
This report presents an analysis of an IT audit conducted on NSW City Councils, focusing on key areas such as audit scope and focus, high-risk IT issues, IT governance, IT general controls, and cybersecurity management. The audit identifies deficiencies in IT governance, including a lack of formal IT procedures and periodic reviews. High-risk IT issues include inadequate IT frameworks, shortages of IT resources, and reliance on non-cash structures. The report also highlights findings related to IT general controls, such as insufficient monitoring of client access and non-consensual changes to systems. Finally, it addresses cybersecurity management, emphasizing the need for robust measures to ensure data classification, integrity, and accessibility. This document is a student contribution available on Desklib, a platform offering a range of study tools and resources for students.
ASSESSMENT 5
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Table of Contents
INTRODUCTION...........................................................................................................................3
1. Identify audit focus and scope of the given audit report.............................................................3
2. Describe high risk IT issues in the NSW city councils...............................................................4
3. Describe-audit-findings-related-to-IT-governance-in-the-NSW-city councils...........................7
4. Describe audit findings related to IT general controls in the NSW city councils.......................7
5. Describe-audit-findings-related-to-cyber-security-management-in-the NSW-city-councils......9
INTRODUCTION...........................................................................................................................3
1. Identify audit focus and scope of the given audit report.............................................................3
2. Describe high risk IT issues in the NSW city councils...............................................................4
3. Describe-audit-findings-related-to-IT-governance-in-the-NSW-city councils...........................7
4. Describe audit findings related to IT general controls in the NSW city councils.......................7
5. Describe-audit-findings-related-to-cyber-security-management-in-the NSW-city-councils......9
INTRODUCTION
It is clear that the evaluator's collection is not a classification option. Almost all the laws that
have been enacted have been presented by the administrator. The expert interprets the law in a
way that changes the law of duty secrets and the law they create. In conventional law we call this
law. The review extension should be the subject of the review topic. It should identify the review
points of review. It can be a society, an internal division of the society, a commercial approach,
an application framework or innovation support, for example a particular stage or network.7 The
step call should be the same in the long run. Under consideration and when the study was
conducted. For in-depth reading, the extension of the review should show the typical scope of the
review work and the areas of guaranteed points.
Review results are reported in the review report when action is required to address
incompatibilities in procedure or related studies.15 The five main components or indicators to be
addressed is given when introducing feedback on a review.
1. Identify audit focus and scope of the given audit report
Audit-Focus:
Reporters give assessors "reasonable" assurance about the audit assessment aspect. While doing
this project there was high probability that some errors may not be fixed and identified in a given
period of time and duration of study. This audit mainly focuses on facts and figures shown in
given case study and analyzes the basic tools adopted by auditors to study given case. It also
focuses on IT criteria to analyze its costs and revenues for entire year. Report has some
limitations based on relevance and authenticity of person who take on audit tasks. Get permit
survey, much like the plan and the costs of the restriction.
The assessors may not see that they do not have refresher tests; whatever may be normal, without
a meaningful audit permit, the assessors must - not be allowed - to make their inspection report
valid. The report incompletely reveals the improvements in understanding and consuming the
useful line graph in each room. Fewer errors were recognized. Several rooms having audit
expenses, high chances and trust association and internal audit capabilities are there. The auditor
It is clear that the evaluator's collection is not a classification option. Almost all the laws that
have been enacted have been presented by the administrator. The expert interprets the law in a
way that changes the law of duty secrets and the law they create. In conventional law we call this
law. The review extension should be the subject of the review topic. It should identify the review
points of review. It can be a society, an internal division of the society, a commercial approach,
an application framework or innovation support, for example a particular stage or network.7 The
step call should be the same in the long run. Under consideration and when the study was
conducted. For in-depth reading, the extension of the review should show the typical scope of the
review work and the areas of guaranteed points.
Review results are reported in the review report when action is required to address
incompatibilities in procedure or related studies.15 The five main components or indicators to be
addressed is given when introducing feedback on a review.
1. Identify audit focus and scope of the given audit report
Audit-Focus:
Reporters give assessors "reasonable" assurance about the audit assessment aspect. While doing
this project there was high probability that some errors may not be fixed and identified in a given
period of time and duration of study. This audit mainly focuses on facts and figures shown in
given case study and analyzes the basic tools adopted by auditors to study given case. It also
focuses on IT criteria to analyze its costs and revenues for entire year. Report has some
limitations based on relevance and authenticity of person who take on audit tasks. Get permit
survey, much like the plan and the costs of the restriction.
The assessors may not see that they do not have refresher tests; whatever may be normal, without
a meaningful audit permit, the assessors must - not be allowed - to make their inspection report
valid. The report incompletely reveals the improvements in understanding and consuming the
useful line graph in each room. Fewer errors were recognized. Several rooms having audit
expenses, high chances and trust association and internal audit capabilities are there. The auditor
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
recognizes the procedure on it, also includes a fake image of the audit control, done in the same
method. It can be interesting suggestions for a combination of board money and territorial
control. If a user has viewed a specific document or deleted an item from their mailbox, you can
use the Security and Compliance Center to search the unified audit log and view the activity of
users and administrators in the organization.
Audit-Scope:
Manufacturers find mistakes, which are desperately needed because they are caused. If they
recognize that false accusations can lead to extreme bias, then there would normally be
appropriate errors, which are far more likely to be defended, therefore, all that is thought that
they should have used a completely natural framework for comparison here. Furthermore, the
consistency of the material with the laws and guidelines, including the veracity of the benefits, is
regularly relevant to verify if the quality of bad advice can emerge from the format - to change as
something important.
2. Describe high risk IT issues in the NSW city councils
An auditor has conducted research aimed at identifying the most frequent factors at the origin of
problems in the management of IT operations. In general, the data that indicate the problems are
more related to the human factor and regulatory needs, or, for example, poor understanding of
the real-time management component required. for performing certain tasks, which leads to work
organization problems associated with times other than those measured. First, among the ten
responses typically given statistically, there is a lack of involvement in IT work in business
projects, with responsibility for too short periods of time to make system changes, updates,
changes etc., too often reported on short notice and poor understanding of the technical
constraints required by IT departments. This “cultural” deficit of many managers needs to be felt
in reality, as it also overcomes the harmful problems of adequate budgets or short-term (second)
spending cuts, usually on the complaint by Italian IT managers. Thirdly there are constraints
within the company, which make IT decisions more complex if not properly designed; a reason
that goes hand in hand with the increase in regulatory and administrative complexity. The
following is part of the risk assessment:
method. It can be interesting suggestions for a combination of board money and territorial
control. If a user has viewed a specific document or deleted an item from their mailbox, you can
use the Security and Compliance Center to search the unified audit log and view the activity of
users and administrators in the organization.
Audit-Scope:
Manufacturers find mistakes, which are desperately needed because they are caused. If they
recognize that false accusations can lead to extreme bias, then there would normally be
appropriate errors, which are far more likely to be defended, therefore, all that is thought that
they should have used a completely natural framework for comparison here. Furthermore, the
consistency of the material with the laws and guidelines, including the veracity of the benefits, is
regularly relevant to verify if the quality of bad advice can emerge from the format - to change as
something important.
2. Describe high risk IT issues in the NSW city councils
An auditor has conducted research aimed at identifying the most frequent factors at the origin of
problems in the management of IT operations. In general, the data that indicate the problems are
more related to the human factor and regulatory needs, or, for example, poor understanding of
the real-time management component required. for performing certain tasks, which leads to work
organization problems associated with times other than those measured. First, among the ten
responses typically given statistically, there is a lack of involvement in IT work in business
projects, with responsibility for too short periods of time to make system changes, updates,
changes etc., too often reported on short notice and poor understanding of the technical
constraints required by IT departments. This “cultural” deficit of many managers needs to be felt
in reality, as it also overcomes the harmful problems of adequate budgets or short-term (second)
spending cuts, usually on the complaint by Italian IT managers. Thirdly there are constraints
within the company, which make IT decisions more complex if not properly designed; a reason
that goes hand in hand with the increase in regulatory and administrative complexity. The
following is part of the risk assessment:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
High-risk
The risk analysis and assessment phase was divided into two sub-phases:
a) The collection of information and data;
b) Weighting and risk assessment.
In general, the analysis methodology used by the NSW city councils is inspired by the principles
of the ISO 31000 standard, of which it traces the main steps and takes into consideration, with
some modifications that will be widely discussed in the following paragraphs, the suggestions
contained in the annexes. 1 and 5 of the National Anti-Corruption Plan.
The issues of each type of risk were examined below:
Regular problems listed as moderate or corrected include:
• Used funds not found by a charity.
The risk analysis and assessment phase was divided into two sub-phases:
a) The collection of information and data;
b) Weighting and risk assessment.
In general, the analysis methodology used by the NSW city councils is inspired by the principles
of the ISO 31000 standard, of which it traces the main steps and takes into consideration, with
some modifications that will be widely discussed in the following paragraphs, the suggestions
contained in the annexes. 1 and 5 of the National Anti-Corruption Plan.
The issues of each type of risk were examined below:
Regular problems listed as moderate or corrected include:
• Used funds not found by a charity.
• Financial statements are not recognized for the benefit of the position.
• Transactions classified into asset classes not active in performance records.
• Resource log with duplicate resources.
• Multiple asset registers managed to register different asset classes
• Properties, tools and equipment are not regularly checked.
High-risk
Some of the risks were discussed below:
The high probability cases mentioned above are represented by:
No provision and major IT frameworks.
Shortage or risk of minority IT used by management.
The client focuses on key non-cash structures.
Consensus courier account.
Isolation of commitments not realized in the main financial structures.
The particular client becomes endless and without enough attention to distinguish
subtle or controversial secret developments.
Use of the framework with missing reports, approvals and questionable deformations.
• Transactions classified into asset classes not active in performance records.
• Resource log with duplicate resources.
• Multiple asset registers managed to register different asset classes
• Properties, tools and equipment are not regularly checked.
High-risk
Some of the risks were discussed below:
The high probability cases mentioned above are represented by:
No provision and major IT frameworks.
Shortage or risk of minority IT used by management.
The client focuses on key non-cash structures.
Consensus courier account.
Isolation of commitments not realized in the main financial structures.
The particular client becomes endless and without enough attention to distinguish
subtle or controversial secret developments.
Use of the framework with missing reports, approvals and questionable deformations.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3. Describe-audit-findings-related-to-IT-governance-in-the-NSW-city
councils
It certainly looks promising, if it is not solved and before it is solved every night and all bad
dreams. Look for legitimate legal fees that protect you from his IT protection dog. Internal cyber
police effects:
In 2017-18; a law that indisputably makes 41% of a comet when.
In that law, 22% of nonprofit organizations and materials instructed by law are certainly
not valid.
Limited progress has been made with recommendations that formalize their IT procedures and
recognize periodic review:
Sustainable business management is responsible for configuring the council's risk
management frameworks (ERM - Enterprise Risk Management) and internal control
system (SCI - Internal Control System).
Risk Management and Control refers to procedures accessible to a group of managers to
modernize the management of the company and fulfill its obligations to appropriately
manage the interests of investors and partners. Thus ERM and SCI are operating tools
and pillars of business administration
The important structure used for the plan and the achievement of internal control and risk
frameworks for the board of directors and the appropriateness and effectiveness of the
frameworks that the organization receives are, respectively, the COSO I Report (SCI) and
the Report COSO II (ERM).
Rename the switchboard in internal control and endanger the onboard system
Transforming elements of strategy and practice from one perspective, and elements of
management and control over the other
Redefining the hierarchical position and strengthening functionality and operating tools
councils
It certainly looks promising, if it is not solved and before it is solved every night and all bad
dreams. Look for legitimate legal fees that protect you from his IT protection dog. Internal cyber
police effects:
In 2017-18; a law that indisputably makes 41% of a comet when.
In that law, 22% of nonprofit organizations and materials instructed by law are certainly
not valid.
Limited progress has been made with recommendations that formalize their IT procedures and
recognize periodic review:
Sustainable business management is responsible for configuring the council's risk
management frameworks (ERM - Enterprise Risk Management) and internal control
system (SCI - Internal Control System).
Risk Management and Control refers to procedures accessible to a group of managers to
modernize the management of the company and fulfill its obligations to appropriately
manage the interests of investors and partners. Thus ERM and SCI are operating tools
and pillars of business administration
The important structure used for the plan and the achievement of internal control and risk
frameworks for the board of directors and the appropriateness and effectiveness of the
frameworks that the organization receives are, respectively, the COSO I Report (SCI) and
the Report COSO II (ERM).
Rename the switchboard in internal control and endanger the onboard system
Transforming elements of strategy and practice from one perspective, and elements of
management and control over the other
Redefining the hierarchical position and strengthening functionality and operating tools
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4. Describe audit findings related to IT general controls in the NSW city
councils
Conventional IT controls are the existing strategies and capabilities to ensure the range and
character of clothing and information. These studies confirm the pride of the nuances of money.
Our budget reviews were generally accompanied by general reviews of the main financial
frameworks to assist the reporting objectives of the board's activities:
The customer appears at the table.
The private person presents himself in prison and understanding.
Moving, modification and backup of the structure program.
Fixed the crash case.
In this way, the code shows - in addition to the way in which all supporters intend to implement
risk management and analysis (creation of capabilities or functions integrated in a single
Manager). engaged in this option) - the next level capabilities will be monitored by their general
internal audit function, to ensure the operational capacity and the productivity of the controls in
some specialized units and, consequently, the 'committed to the simplicity of the framework as a
whole; unlike the main characters on the screen and the administration who tend to oversee the
configuration of corporate controls, the modification of the Code of Conduct sees the internal
audit function.
The basic areas of modern customers are:
Prevent useful access to smart employees
Opportunity screen to calculate.
Direct goals of specific or different problems identified by a specific item /
administration,
Online access to certain data or other data provided by the organization
Ability to offer intelligent assistance.
The cards improved the entrance. Be that as it may, expect additional updates to monitor client
exercises to be beneficial to the client and rarely monitor client access.
councils
Conventional IT controls are the existing strategies and capabilities to ensure the range and
character of clothing and information. These studies confirm the pride of the nuances of money.
Our budget reviews were generally accompanied by general reviews of the main financial
frameworks to assist the reporting objectives of the board's activities:
The customer appears at the table.
The private person presents himself in prison and understanding.
Moving, modification and backup of the structure program.
Fixed the crash case.
In this way, the code shows - in addition to the way in which all supporters intend to implement
risk management and analysis (creation of capabilities or functions integrated in a single
Manager). engaged in this option) - the next level capabilities will be monitored by their general
internal audit function, to ensure the operational capacity and the productivity of the controls in
some specialized units and, consequently, the 'committed to the simplicity of the framework as a
whole; unlike the main characters on the screen and the administration who tend to oversee the
configuration of corporate controls, the modification of the Code of Conduct sees the internal
audit function.
The basic areas of modern customers are:
Prevent useful access to smart employees
Opportunity screen to calculate.
Direct goals of specific or different problems identified by a specific item /
administration,
Online access to certain data or other data provided by the organization
Ability to offer intelligent assistance.
The cards improved the entrance. Be that as it may, expect additional updates to monitor client
exercises to be beneficial to the client and rarely monitor client access.
The type and content of the collaboration offered by these data frameworks largely depends on
the level and level of input provided by the business association to the collaboration levels as
follows. :
1. Article data: this is the simplest form of access provided by an association of companies
without the ability to collaborate.
2. Objectives of the case: in this particular type of unusual correspondence, the client can present
special questions / requests mainly for specific cases.
3. Access to people: this entry level refers to the ability to communicate with specific
departments or organizational staff. In any case, however, no company can succeed. 4. Access to
the process: these are the most unpredictable types of letters. Strengthen collaboration and allow
customers to receive and receive data on the organization's administrative procedures (resolution
and monitoring of applications, monitoring of exchanges and so on.)
In addition, headquarters should be established prior to the organization. The delicate contrast in
the image controls the panels at risk:
Non-consensual and misleading changes to structures or campaigns..
Errors in reservoir circulation.
the level and level of input provided by the business association to the collaboration levels as
follows. :
1. Article data: this is the simplest form of access provided by an association of companies
without the ability to collaborate.
2. Objectives of the case: in this particular type of unusual correspondence, the client can present
special questions / requests mainly for specific cases.
3. Access to people: this entry level refers to the ability to communicate with specific
departments or organizational staff. In any case, however, no company can succeed. 4. Access to
the process: these are the most unpredictable types of letters. Strengthen collaboration and allow
customers to receive and receive data on the organization's administrative procedures (resolution
and monitoring of applications, monitoring of exchanges and so on.)
In addition, headquarters should be established prior to the organization. The delicate contrast in
the image controls the panels at risk:
Non-consensual and misleading changes to structures or campaigns..
Errors in reservoir circulation.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
5. Describe-audit-findings-related-to-cyber-security-management-in-the
NSW-city-councils
By information security we mean rather than providing measures and tools designed to guarantee
and save the classification, respect and accessibility of data. Data security is therefore a broader
idea that grasps the security of data resources as a whole, referring to information security in any
structure, including non-advanced ones and, more in that regard, incorporating both corporate
and authoritative security aspects. Obviously, at the same time in history, when the computer is
day-to-day bread, Cyber and Intelligence usually merge into a security idea in which innovation
takes on ever-increasing pressures.
Despite the nurses charged, we return to the main motivation behind this guide: to offer a
complete picture on the topic of information security to societies intending to address the issue. a
largely unknown digital risk. One thing is for sure, regardless of whether we're talking Cyber
Security or even more for most information security, the "data" is the real hero.
Studying IT security in a society basically involves acquiring data resources and thus obtaining
the organization's IT information. Be that as it may, how can we guarantee that PC information is
accurate and satisfactory? Exercises, jobs, and skills can be unique, but every Cyber Security
mechanism is always based on three key rules that must be sought in all security agreements,
also considering risks and vulnerabilities..
An advanced security botch can open cards to a wide range of risks. Impacts can include:
Corporate information stealing and money release as well as development
Make money
Authoritative refusal
Deleting data
Costs for the creation of interested structures, structures and tools
Three full-scale areas are prescribed in the model:
1. Security management: Tools to help manage modules.
2. Venture Solutions: Security solutions for validating computer development schemes.
NSW-city-councils
By information security we mean rather than providing measures and tools designed to guarantee
and save the classification, respect and accessibility of data. Data security is therefore a broader
idea that grasps the security of data resources as a whole, referring to information security in any
structure, including non-advanced ones and, more in that regard, incorporating both corporate
and authoritative security aspects. Obviously, at the same time in history, when the computer is
day-to-day bread, Cyber and Intelligence usually merge into a security idea in which innovation
takes on ever-increasing pressures.
Despite the nurses charged, we return to the main motivation behind this guide: to offer a
complete picture on the topic of information security to societies intending to address the issue. a
largely unknown digital risk. One thing is for sure, regardless of whether we're talking Cyber
Security or even more for most information security, the "data" is the real hero.
Studying IT security in a society basically involves acquiring data resources and thus obtaining
the organization's IT information. Be that as it may, how can we guarantee that PC information is
accurate and satisfactory? Exercises, jobs, and skills can be unique, but every Cyber Security
mechanism is always based on three key rules that must be sought in all security agreements,
also considering risks and vulnerabilities..
An advanced security botch can open cards to a wide range of risks. Impacts can include:
Corporate information stealing and money release as well as development
Make money
Authoritative refusal
Deleting data
Costs for the creation of interested structures, structures and tools
Three full-scale areas are prescribed in the model:
1. Security management: Tools to help manage modules.
2. Venture Solutions: Security solutions for validating computer development schemes.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
3. Security Foundation: Articles and administrations for observing the system and performing
specific exercises
After explaining the hidden perceptions and standards of Cyber Security, the opportunity came to
identify the exact location of the actions and figures of experts leading an organization engaged
in digital security. We start from the “core”, two well-known operations above all: the CISO
(Chief Information Security Officer), with responsibility for overall security, and the DPO (Data
Protection Officer), basic according to ongoing presentation the GDPR.
specific exercises
After explaining the hidden perceptions and standards of Cyber Security, the opportunity came to
identify the exact location of the actions and figures of experts leading an organization engaged
in digital security. We start from the “core”, two well-known operations above all: the CISO
(Chief Information Security Officer), with responsibility for overall security, and the DPO (Data
Protection Officer), basic according to ongoing presentation the GDPR.
1 out of 11
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.