can you please justify your answer, thanks!

The extra info is up. can you please help me complete this before 5pm, would be greatly appreciated!!

Justify your answer: 6. As this is a small organization, assume the CFO performs the IO role. What should an IS auditor suggest regarding the governance structure? 7. The IS budgeting process should be integrated with business processes and aligned with organizational budget cycles. What advice would an IS auditor give to the organization to ensure the budget covers all aspects and can be accepted by the board? 8. The Internal auditor is reporting to CFO, who is the owner of IT initiatives and operations. The reporting relationship inhibits the auditor's independence. What compensating controls would you suggest to improve the audit efforts? Case Assignment 2- Ultima Fiducia Inc. An IS auditor was asked to review alignment between IT and business goals for Ultima Fiducia Inc., a small, but rapidly growing, financial institution. The IS auditor requested information including business goals and objectives and IT goals and objectives; however, these were limited to a short, bulleted list for business goals and PowerPoint slides used in reporting meetings for IT goals. It was also found in the documentation provided that over the past two years, the risk management committee (composed of senior management) met on only three occasions, and no minutes of what was discussed were kept for these meetings. When the IT budget for the upcoming year was compared to the strategic plans for IT, it was noted that several of the initiatives mentioned in the plans for the upcoming year were not included in the budget for that year. The IS auditor also discovered that Ultima Fiducia Inc, does not have a full-time CIO. The organizational chart of the entity denotes an IS manager reporting to the CFO, who, in tum, reports to the board of directors. The board plays a major role in monitoring IT initiatives in the entity and the CFO communicates on a frequent basis the progress of IT initiatives From reviewing the SoD matrix, it is apparent that application programmers are required to obtain approval from only the DBA to directly access production data. It is also noted that the application programmers have to provide the developed program code to the program librarian, who then migrates it to production. IS audits are carried out by the internal audit department, which reports to the CFO at the end of every month, as part of business performance review process, the financial results of the entity are reviewed in detail and signed off by the business managers for correctness of data contained therein