Green Limited $($Green$)$ is a small trading company in the country. Green sells fash$-$ionable, stylish shoes at affordable prices through various retail shops to the public.The head office is situated in Johannesburg and functions such as marketing, human resources and accounting are centralised. Green has a board of directors, a chief executive officer $($CEO$),$ a chief information officer $($CIO$)$ and an audit commit$-$tee. All transactions of Green are computerised and therefore Green will have to ensure that the current facilities, hardware and software infrastructure will be sufficient to handle all computerised activities and transactions.Two months ago, the CIO requested the internal audit function to do a complete general control review of the existing information technology $($IT$)$ infrastructure before the additional computer hardware and software that will be required for the tolling system, is added. This engagement was therefore a special management request and included all the general IT departmental activities pertaining to facilities and hardware for the financial year ending $30$ June $20$X$1.$ The objective of the audit engagement was to evaluate the adequacy and effectiveness of the general controls surrounding the IT facilities and hardware. You were appointed as the auditor$-$in$-$charge of this engagement. The two internal auditors that report to you have completed the engagement, based on the risk assessment and engagement work programme you prepared. According to the internal audit engagement file, the following was noted during the engagement:$1.$ Green's IT infrastructure is mostly centralised at head office with two servers each hosting a large database. The two servers are situated at the back of the building in a room that has been constructed with thick, windowless walls and air conditioning. Fire extinguishing sprinkler systems are situated throughout the building, except for the server room, which has been fitted with a halogen gas fire extinguishing system. These systems are also tested on a regular basis. $2.$ The server room is always securely locked and access can only be gained by means of magnetic staff cards. The server room can therefore only be accessed by the employees of Green.Green is insured by RR Matnas Limited. According to the insurance policy, the company is comprehensively insured for the following:$*$ Loss of and damage to computer hardware.$*$ Damage to records, files and other consumables.$*$ Loss of business and$/$or income as a result of a natural disaster$\mathrm{.}1.$ During a discussion, the IT manager, Mr Dell Apple indicated that several computer system breakdowns, such as system crashes have occurred in the past resulting in system activities being down for two to three days. Numerous complaints were received from other business units, but according to Mr Apple, there is nothing else the IT department can do$,$ as they already do everything as required by organisational policies$\mathrm{.}2.$ A recovery plan has been formally documented which outlines the potential impacts that a disaster could have on resources, as well as the tasks and responsibilities of the recovery team. The plan is tested on a six$-$monthly basis and is safely stored in the ClO's office. In order to ensure that the plan is adequately safeguarded against unauthorised access, only the CIO has access to the plan.The CIO also keeps a copy of the plan at her private residence.YOU ARE REQUIRED TO:For each of the findings above, indicate how you would incorporate it in the internal audit engagement report in such a way that the engagement report complies with all relevant internal audit Standards. In addition to reporting the criteria, condition, cause and effect, provide recommendation$/$s for each of the findings.Note:Where the criteria and$/$or causes of findings cannot be derived from the information above you should provide your own relevant criteria $($in line with best practice$)$ and cause$($s$).$