Answered step by step
Verified Expert Solution
Question
1 Approved Answer
An extract of the audit report is included below. Summary of audit findings Recognition needs to be given to the management of the IT department.
An extract of the audit report is included below.
Summary of audit findings
Recognition needs to be given to the management of the IT department. The management team is doing good work and managed to formally document policies and procedures. The security policy includes all aspects of the change management process and reflects current and leading practices. In line with good practice relating to production migration, positive assurance may be provided that programmers who develop or modify configuration items do not have the ability to access and migrate changes into the production environment.
In our opinion, the security team is making a mess of managing the risks that the organisation are exposed to The following each have a RED criticality relating to Cybersecurity risk which pose a significant level of exposure to the achievement of the protection of information security of process level objectives. Each of the five deficiencies identified needs immediateurgent management attention at the process level:
Firewalls are not configured in line with good practice
Twofactor authentication is not in place.
Required
Evaluate the summary included above against the seven characteristics that internal audit reports must adhere to Provide a motivation to substantiate your evaluation.
Your Answers
Characteristics Evaluation Motivation
Accurate
Objective
Clear
Concise
Constructive
Complete
Timely
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started