Sign In
Not register? Register Now!
Essay Available:
Pages:
4 pages/β‰ˆ1100 words
Sources:
4 Sources
Style:
APA
Subject:
Technology
Type:
Case Study
Language:
English (U.S.)
Document:
MS Word
Date:
Total cost:
$ 24.3
Topic:

ITM537 Mod 1 Case Assignment Control Structures: Auditing

Case Study Instructions:

Module 1 - Case
Control Structures: Auditing
Assignment Overview
Effective planning and well-defined structure must be a part of an audit policy for it to work properly. As IT professionals, we do not have to monitor everything because we do not want to stress system resources with unmanageable data. Therefore, it is important to identify the most meaningful events and activities that should be audited within an organization having in mind the needs of the organization.
In this Case Assignment, you are required to read the articles listed as required in the background page about the auditing process.
When you've read the required articles and conducted additional research on the optional readings and other readings you find interesting, please compose a short (4-5 pages without counting the cover and references) paper on the topic:
How to conduct the best IT and Information Security Audits. How the Maturity Model of COBIT can help an IS Audit.
Below are some questions for you to think about to help you get started:
• Clarify the differences between information systems auditing and information security auditing.
• Explain the criteria for setting up priorities and scope for auditing
• What is COBIT? You can refer to Cobit 4 which is available for free but remember that the latest version is Cobit 5.
• How can COBIT help in the IT auditing process?
• What is the maturity model used in COBIT?
Remember, you do not have to explicitly answer these questions in your assignment. You should think about these questions and then integrate your thoughts into a well-organized paper that answers to the primary question.
Assignment Expectations
Length: Follow the number of pages required in the assignment excluding cover page and references. Each page should have about 300 words.
Your assignment will be evaluated based on the Rubric.
• Please use original writing (No Plagerism)
• Please use American URLs that can be easily verified on the web on the reference page. (Extremely Important) must be able to go directly to the PDF or body of work.
• Please include the page numbers in the in text references; APA style.
• Read the background material in the attachment titled Background. Use some of the background material as references.

Case Study Sample Content Preview:

ITM 537 MOD1 Case Control Structures: Auditing
Name
Course
Instructor
Date
Conducting IT and Information Security Audits
Incidences of accounting fraud have highlighted the case for reforms and better vigilance among system auditors when conducting security audits. Data and security audits allow the system auditors to verify the authenticity of accounting information, but they have to focus on some of the financial information by conducting security audits on samples since they are limited in resources and time. Additionally, by auditing the information system it is possible to determine whether there are other security measures required, while highlighting how different data-related activities are related. At other times, unauthorised persons might gain access to financial records and database, and distorting the information. Hence, when conducting security audits it is necessary to understand whether the system has been compromised.
Information systems audit is broader than information security audit and focuses on the network segmentation, device management, operations safety security and servers. On the other hand, security audit entails the security of data and the information as it focuses on the storage and transmission of print and electronic data. The two audits are related as auditors must first gather data that allows them to verify the information while they determine the scope that should be clear even before conducting the security audit (Bayuk, 2009). This further helps in setting the control objectives to facilitate audit testing, and the management is expected to implement the control objectives (Bayuk, 2009). This is necessary since the objectives allow the auditor to cover all aspects of the audit, but the tests may change during the auditing process.
The auditors set the priorities and scope depending on the identity being audited and purpose of conducting the audit process. The audit scope is associated with the organization, and the auditors then prepare based on the identified scope. The case for focusing on the scope that it allows the auditors to set priorities, plan and communicate what is to be expected. The IS auditor then needs to assess that the structures that support adequacy and effectiveness of the audit since prioritizing helps to determine the critical areas to be audited. Additionally, the relevant resources to conduct the audit are identified to support resource allocation and monitoring the auditing process.
There is also a need to establish security policies and standards that guide the auditors as they assess security compliance and risk level (Hayes, 2003). Technological innovations and changes are likely to overwhelm the ability of the IT staff to keep up with all the software. Many program vulnerabilities are discovered, and it is necessary to review the security and ensure that the security guidelines are adequate. IS auditors use previous audits as security baselines, and even when the audit is conducted by different audit partners, they should be able to come with similar opinions based on the risk level. Hence, to conduct IT and information security audits, security assessment is integrated into the auditing process.
When the audit is complete, it is...
Updated on
Get the Whole Paper!
Not exactly what you need?
Do you need a custom essay? Order right now:
Order

πŸ‘€ Other Visitors are Viewing These APA Case Study Samples:

HIRE A WRITER FROM $11.95 / PAGE
ORDER WITH 15% DISCOUNT!
Order Now