As the IT audit senior of the engagement, you are presenting to the IT manager and partner

Question:

As the IT audit senior of the engagement, you are presenting to the IT manager and partner (as part of the planning meeting) the results of the risk assessment performed in Exhibit 3.3.

Exhibit 3.3.

Financial Application Financial Application #1 (FA1) IT Area / Vulnerability IS Operations / There is no

Based on such results (look at Exhibit 3.3, under the “Risk Rating” and “Action Priority” columns), it seems clear that the audit should focus on Financial Application #2 (FA2). Nevertheless, the IT manager and partner, based on previous relevant experience, believe that the audit should be performed on Financial Application #1 (FA1). The planning meeting is over, and you still feel doubtful on the decision just made. Your task: Prepare a two-page memo to the audit manager (copying the partner) stating your reasons why FA2 should be audited first. In order to convince the audit manager and partner, you are to think “outside the box.” In other words, think of additional information not necessarily documented in the risk assessment shown in Exhibit 3.3, and document in your memo information related to:

a. Any additional vulnerabilities or weaknesses that may currently be in place affecting FA2 

b. Any additional threat-sources that can trigger the vulnerabilities or weaknesses you just identified for FA2 

c. Any additional risks or situations involving exposure to loss for the financial information in FA2 

d. Any additional controls or procedures that should be implemented to mitigate the risks just identified

Fantastic news! We've Found the answer you've been seeking!

Step by Step Answer:

Related Book For  book-img-for-question
Question Posted: