Auditing

(40 Marks) 1. Tsogo Company is dealing in the information systems audit. The audit of an IS environment to evaluate the systems, practices and operations may include one or both of the following: - Assessment of internal controls within the IS environment to assure validity, reliability, and security of information. - Assessment of the efficiency and effectiveness of the IS environment in economic terms. The IS audit process is to evaluate the adequacy of internal controls with regard to both specific computer programs and the data processing environment as a whole. This includes evaluating both the effectiveness and efficiency. The focus (scope and objective) of the audit process is not only on security which comprises confidentiality, integrity and availability but also on effectiveness (result-orientation) and efficiency (optimum utilization of resources). Read the above carefully and answer the following: (a) The audit objective and scope has a significant bearing on the skill and competence requirements of an IS auditor. There is a set of skills that is generally expected from an IS auditor. Discuss 5 of Explain 5 various costs involved in the implementation and controls. [10] (c) Discuss 5 controls to consider when reviewing the organization and management controls in an Information System. [10] (d) While reviewing the adequacy of data security controls, Explain five items which need to be evaluated by an IS auditor? [10]