The capabilities of computer systems have advanced rapidly over the past several decades. In many organizations, the entire data has been computerised and all the information is available only in digital media. In this changed scenario, auditors have to adapt their methodology to changed circumstances. The approach of auditors to evaluate internal controls has changed accordingly. The continual development is changing the way organization works. Many companies have introduced Information Technology (IT) audit function because it is considered to be a valuable element of management control which provides assurance to the business audit committee and management and adds to the organization's credibility with investors and creditors. Management is responsible for establishing and maintaining a system of internal financial controls and in some cases, may be required by regulators to provide written certification of the adequacy of the controls. Legal and regulatory requirements are changing fast and companies must make sure they are aware of the latest rules. Presence of controls in a computerized system is significant from the audit point of view The Business and Financial Educational Services provider Company Limited is an organizations that do not have an IT audit function. The company is considering to establish one. They are work shopping their company size and type of business, source of capital and risk factors that warrant such an investment. They agree that the potential benefits of the IT audit function should be assessed and compared against the estimated costs. IT audit function should ensure the establishment and compliance to IT Controls in the organizations computer system. They are undecidedon the decision to establish an IT audit function. They think the decision should involve the CEO, CFO, and audit committee. The following is a list of criteria they are considering: 1. The audit committee wants to get independent and objective assurance on the adequacy of internal controls from someone other than the CEO or CFO. 2. The CEO wants to get independent and objective assurance on the adequacy of internal controls from someone other than the CFO or line managers. 3. The CFO wants to get independent and objective assurance on the adequacy of internal controls from someone other than the line managers. 4. The organization gets too large or geographically dispersed for frequent and economical first-hand monitoring of controls by the audit committee, CEO or CFO. Required: 1. You are an IT Audit consultant who is familiar with the works of the company and is well connected to the company. In a meeting with the CEO, CFO, and audit committee the CEO has asked that you name and explain the broad categories of IT Audit controls (if any)that must be put in place in their work environment. 10 marks 2. Carefully consider the scenarios in the submissions provided and write out your report to be submitted to the Audit committee. From your submissions the Audit committee decided to fully contract you to support the management of the company to develop and 3 put in place some General IT control tools. You decided to constitute and hold a sub- project committee meeting to discuss the details on the following. i. IT policies and standards. 2 marks ii. Physical controls (access and environment). 2 marks iii. Logical access controls. 2 marks iv. Business continuity 2 marks Disaster recovery controls. 2 marks V. Total 20 marks