SBM4302 IT Audit and Controls: Analysis of Satyam (2009) Scandal

Verified

Added on 2023/06/07

AI Summary

This report provides a comprehensive analysis of the IT audit and control failures at Satyam Computer Services Ltd. in 2009. It begins with an introduction to IT audits and controls, emphasizing their importance in managing organizational and managerial risks, particularly in the context of the Satyam scandal. The report identifies key risks such as cyber-security, information security, and IT skill gaps. It then details the audit methodology and design, including planning, control evaluation, testing, and reporting. The classification of basic IT controls, including data governance and privacy regulations, is discussed, along with their impact on data loss prevention. Furthermore, the report classifies organizational, operational, and network communication security controls. The requirement for IT audits is demonstrated through data forensic audits and the investigation of fraud. The report also appraises emerging industry trends in IT auditing and control, emphasizing the increasing importance of IT audits in the business process. Finally, the report discusses the professional, legal, and ethical responsibilities of an IT auditor, concluding with the significance of IT audits in ensuring network security and maintaining financial integrity.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

IT Audit and controls – Satyam Computer Services Ltd. (2009)
0 | P a g e

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Table of Contents
Introduction.................................................................................................................................................2
Identification of organisational and managerial risk....................................................................................2
Description of audit methodology and design.............................................................................................3
Classification of basic IT control and their impact......................................................................................3
Classification of organizational, operation, and network communication security control..........................4
Demonstration for the requirement of IT audit............................................................................................4
Appraise emerging industry trends in IT auditing and control.....................................................................4
Discussion on the professional, legal, and ethical responsibilities of an IT auditor.....................................5
Conclusion...................................................................................................................................................5
References...................................................................................................................................................6
1 | P a g e

Introduction
The information technology audit or IT audit is the process of examination as well as evaluation
of the organisational IT infrastructure, operation as well as policies. To understand the use of use
and impact of IT audit and control on the business the scandal of Satyam Computer Service audit
report is being considered. This is one of the biggest scandals that took place in an IT company
and for that effective audit report needs to be performed to understand the reason and the cause
of scam and also its impact on the firm. The primary purpose of a paper is to provide
understanding regarding IT audit and control planning.
Identification of organisational and managerial risk
Information technology is the rapidly growing technology in the world and for that, it also has
various risk associated with the process. Information technology audit is the best way for the
management control to maintain all the risk that is being faced by the management of the firm
(Suryanto, 2016). The most common risk that could be identified in the organisational, as well as
the managerial context that is relevant to IT audit, is the cyber-security, information security,
mobile computing, IT skill within the internal auditors and the board along with the audit
committee technology awareness. These are the vital risk that has a huge implication on the IT
audit system and due to lack of this process, Satyam CEO has the equal chance to perform fraud
in accounting for the continuous 7 years (Satyam Computer Services, 2018). It is highly essential
for maintaining the internal control system of organisational and management actions to provide
valuable security for the process. These risks are highly effective for the IT audit control to
maintain the working function and the activity effectively in the IT firm.
The IT audit and control is essential for Satyam Computer service to maintain the information
and the process of cyber-security (Thompson, Ravindran, & Nicosia, 2015). The information, the
system was not safe and secure within the company as it can be seen that from almost 7 years the
fraud took place. This is one of the biggest fraud in the history that made by the CEO of the firm.
Proper planning of IT audit and control is essential for proper IT control activity and also the
business process. It also helps to analyse the data integrity with the business goals and objective
(Balachandran, 2015). In this process, the IT auditors generally examine the physical security
controls along with the financial and the business control that is associated with the IT system. In
general, the IT auditor has to face some of the challenges regarding the technology to perform
2 | P a g e

their activity within the firm. In the case of Satyam Computer service the risk that is associated
with the IT audit and control activity is the process of cloud computing, then the big data
analytics, regulatory compliance, infrastructure management along with the cyber-security.
Description of audit methodology and design
The methodology and the design of IT Audit provide an effective view of the process and the
working function that internal audit performs to maintain the business from fraudulent. The
primary process that could be visualised within the IT audit is the planning internal audit, then
studying as well as evaluating the control. After that testing as well as evaluating the controls,
then reporting, follow-up and the reports. It is eventually followed by the PwC for the internal
audit process when the scandal of Satyam computer service in their account book broke
(Dowling, & Leech, 2014). Maintaining the regulatory environment and the standard Accounting
standard for the process of account bookkeeping is vital for auditing. The methodology of the
auditing is effective for understanding the flaw and the risk that is generally associated with the
IT Company. It is one of the best ways to figure out the scandal that took place in Satyam
Computer Service. The auditor generally expresses their opinion on the annual accounts
regarding the current state affair of the financial position of the firm. In the case of Satyam
Computer Service, this effectively helps to understand the internal condition of the firm that they
did not maintain the code of conduct and also utilised investor money for the personal business.
Classification of basic IT control and their impact
Information technology controls are quite essential for the firm to protect their assets, then the
customers, partners as well as the sensitive information of the firm. One of the basic IT control
action is to prevent the data loss as well as the privacy. The audit that makes a huge impact on
the process is the data governance as well as the classification of the audit (Chen, Smith, Cao, &
Xia, 2014). Another impact that is created on the data privacy is the audit of privacy regulation.
Another IT control that is highly effective for the business is the IT asset management and the
software management. In this process, the audit which makes an effective impact are the process
and audit control then the review regarding the software licence and also the contract
management assessment in the IT sector.
3 | P a g e

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Classification of organizational, operation, and network communication security control
Organisational, operational and the network communication security is the most essential part
within the business to perform their duty and also to provide the valuable working function. It
can be seen that organisation like the information technology service provider need to maintain
their network security control with an effective communication process to maintain the
information. In the case of Satyam Computer services the major security control that needs to be
provided for auditing process are the secure coding, then the security by design and also the
proper encryption (Alreemy, Chang, Walters, & Wills, 2016). It is one of the most vital activities
in the field of IT audit to maintain the organisational as well; as the operational function of the
firm. The control system of the IT audit is performed effectively with the help of effective
network security along with the business process within the field.
Demonstration for the requirement of IT audit
IT audit is one of the most effective and valuable processes within the corporate financial
reporting system. It gradually helps to provide the valuable information regarding the financial
condition of the firm and also its economic condition within the market. The data forensic audit
allows the auditor for investigating the fraud that took place within the firm (Alles, Brennan,
Kogan, & Vasarhelyi, 2018). In the case of Satyam computer services, it can be seen that the
auditor have the lookout for the conflicts of interest for their data forensic audit. They also have
to look for the system of bribery as well as extortion case within the firm. The data forensic help
to understand the working process and the financial condition of the firm throughout the
beginning of the firm. In the audit report, this is one of the vital aspects as this show the financial
condition of the firm for each year. The data forensic audit system allows understanding the
selling rate and also the rate of a share of the firm in the New York Stock Exchange.
Appraise emerging industry trends in IT auditing and control
Information technology auditing is rapidly increasing within the world as this provide effective
control for the business to deal with their financial value and also with the working process. It is
one of the most effective and vital processes for the business to make their decision on the
various factors. IT audit process effectively allows the firm to understand the process of input
and the output data and also help in providing an effective view on the data security (Byrnes et
al., 2018). In the term of Satyam Computer Service, the IT audit was the most effective and the
4 | P a g e

vital function to maintain their fraud and also manage the information in the most secure way. It
is clear from the numerous facts that the IT audit in the recent world has a huge impact on the
industry and the business process to make valuable decision numerous activity within the field.
Discussion on the professional, legal, and ethical responsibilities of an IT auditor
The IT auditor has to maintain the legal as well as the ethical responsibility for performing their
activity within the field. For performing the audit process it is essential to maintain the code of
ethics as well as the legal attributes to provide effective document and report on the financial
condition of the firm. The primary responsibility of the IT auditor in the audit process is to
access all the legal documents and also effective information for the business process and all this
need to be kept confidential while performing the reporting system (Yu et al., 2016). Security is
the vital aspect of the firm in the term of IT audit and also for the auditors the network security
and the cloud computing process is essential.
Conclusion
The paper eventually concludes the fact that in the business process the IT audit is essential to
perform the activity for understanding the network security within the firm. Moreover, it is also
concluded that Satyam Computer Services would effectively develop their business process to
maintain the activity and the working function of the firm in term of financial and economic
condition.
5 | P a g e

References
Alles, M., Brennan, G., Kogan, A., & Vasarhelyi, M. A. (2018). Continuous monitoring of
business process controls A pilot implementation of a continuous auditing system at
Siemens. In Continuous Auditing: Theory and Application (pp. 219-246). Emerald
Publishing Limited.
Alreemy, Z., Chang, V., Walters, R., & Wills, G. (2016). Critical success factors (CSFs) for
information technology governance (ITG). International Journal of Information
Management, 36(6), 907-916.
Balachandran, M. (2015). The Satyam scandal: How India’s biggest corporate fraud unfolded.
Retrieved from https://qz.com/india/379877/the-satyam-scandal-how-indias-biggest-
corporate-fraud-unfolded/
Byrnes, P. E., Al-Awadhi, A., Gullvist, B., Brown-Liburd, H., Teeter, R., Warren Jr, J. D., &
Vasarhelyi, M. (2018). Evolution of Auditing: From the Traditional Approach to the
Future Audit 1. In Continuous Auditing: Theory and Application (pp. 285-297). Emerald
Publishing Limited.
Chen, Y., Smith, A. L., Cao, J., & Xia, W. (2014). Information technology capability, internal
control effectiveness, and audit fees and delays. Journal of Information Systems, 28(2),
149-180.
Dowling, C., & Leech, S. A. (2014). A Big 4 firm's use of information technology to control the
audit process: How an audit support system is changing auditor behavior. Contemporary
Accounting Research, 31(1), 230-252.
Satyam Computer Services(Merged) History | Satyam Computer Services(Merged) Information -
The Economic Times. (2018). Economictimes.indiatimes.com. Retrieved 11 September
2018, from https://economictimes.indiatimes.com/satyam-computer-services-
ltd(merged)/infocompanyhistory/company-11407.cms
Suryanto, T. (2016). Dividend policy, information technology, accounting reporting to investor
reaction and fraud prevention. International Journal of Economic Perspectives, 10(1),
138.
6 | P a g e

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Thompson, N., Ravindran, R., & Nicosia, S. (2015). Government data does not mean data
governance: Lessons learned from a public sector application audit. Government
information quarterly, 32(3), 316-322.
Yu, Y., Xue, L., Au, M. H., Susilo, W., Ni, J., Zhang, Y., ... & Shen, J. (2016). Cloud data
integrity checking with an identity-based auditing mechanism from RSA. Future
Generation Computer Systems, 62, 85-91.
7 | P a g e