University of Professional Studies (UPSA) planning to expand and restructure its Internal Awit (LA) function. Dr. Akrofi who serves as director of Internal Audit reports to the corporate controller, whose responsibility is to have all internal audit reports received and reviewed. Dr. Akril also forward to the audit committee of the board of directors and to the manager directly responsible for the function being audited copies of the internal adit. There portains a concem among the management team as to which department or function Dr. Akron should report. The Vice Chancellor wants to ensure that SOX is complied with and that the department responsible for internal auditing is structured such that it strengthens UPSA's internal control system. Also, a central objective for the reorganized audit function is that the external auditors are able to depend on the internal modit department's work to a considerable degree wton In relation to internal audit function elaborate on independence. 14 Murks b. According to the case study explain whether the university's internal audit independence will be materially compromisod? [6 Marks) 6. Explain where the Dr. Akrofi (Internal Auditing director) should report for independence to be maintained? [6 Marks d. The case study stated that the Vice Chancellor wants SOX complied with Discuss whether por international auditing standards this a good idea [4 Maris) 2. UPSA Audit Class Company Limited (UACCL) is into Advertisement and branding, and has its business processes being automated. Their company depends on Information Technology for various operations and services. With the usage of internet by UACCL in varying business models it is assumed that data or information needed by the company is available constantly, accurate, reliable and confidential. Practically, organizations or companies that depend on technology for their day to day operations are susceptible to security threats compared to non-technology based companies. Question 1. Does the company have a security objective Explain your Answer [10 Marks] DC: ACD01-F001P TOYOTA . Prior to developing a security policy for the company, what is the main task undertaken? to be Explain required 15 Marks Which entities or individuals are to play a role in the structuring of the security [5 Marks) policy? 3. Stonebwoy is expanding his Burniton group of companies and adding information system as part of the expansion. The Bariton soup have approached you as an Intamal IT Auditor, to be part of the forthcoming implementation of a new information system. The system to be implemented is required to automate the company's operations and is to be operationalised within 3 months. The group wants the implemented system be ready for the next IT external audit Oestion In order for you as an IT Internal Auditor to provide quality audit on the development of the information system for Burnitoin Company what skills are you required to have? 15 Marties) b. In developing controls (Management and Organizational) for the proposed system to be implemented what should be considered? 15 Marks to c. Because the company will be dealing with data on their system there will be the need to review the capability of data security controls, what are you as an IT auditor required evaluate? 15 Marts d In Puture Burnion Company will be adopting cloud computing for both Storage and other services. Explain to the company issues related to the adaptation of cloud computing 15 Marts 4 Shaxi Company Limited is into ride hailing services. There have requested our company to undertake an dit process for all their information systems (ES). We are to evaluate their internal controls adequacy, effectiveness and efficiency. The primary scope of the audit DC: ACD02-FO01 Page process is not only on security which comprises confidentiality, integrity and availability (CIA) but also on effectiveness and efficiency Question 2. In evaluating the is for the company the system administrator wants to know their internal controls risk will affect controls risk and inherent risk. [5 Marks) b. Will there be a need for substantive testing after the audit? Explain [5 Marks) c. What will be detection risk's role during the audit process [5 Marks) d. Explain to the company is controls groupings under COSO [5 Marks] Ho Application mint General Controls End of paper