Question
You are an information technology auditor employed in the internal audit department of Alpha Corporation. You have been assigned the task of conducting a general
You are an information technology auditor employed in the internal audit department of Alpha Corporation. You have been assigned the task of conducting a general controls review.
The Alpha Corporation is a large retailer of fine clothing. It has recently fired its Information Systems Director after experiencing several years of budget overruns in systems development and computer operations. An internal auditor with computer management experience has been appointed as acting Information Systems Director.
A significant obstacle to your review has been the lack of written information about the activities of the department or the policies under which it was managed. The previous director apparently managed in an informal manner, communicating assignments, standards, and performance evaluations to his employees verbally.
An IT Governance Committee is established, which is a sub-committee of the Corporate Governance Committee, established by the Board. The members of the IT Governance Committee consist of: three board members; Vice Presidents on the business side as well as Vice Presidents on the IT side; the chief financial officer; other stakeholders as appropriate. Any major IT capital expenditure and computer developments that exceed $500,000 have to be approved by the IT Governance Committee who in turn recommend them to the Board of Directors for approval.
During initial discussions with information systems personnel, you note the following:
A new outsourced information systems project is currently underway to improve the functionality of the company's sales web site which is 6 to 10 weeks behind schedule. The Alpha project leader, Ermen, has reassured you that he has never missed a deadline in his 30 years of work and knows that the programmers are always overestimating the time that Information Systems takes to test the new system. You are surprised upon hearing about this new project since the internal audit department had not heard of this major undertaking.
When asked for the business case for the web site project Ermen mumbled that the business case needed to be changed some time after the contract was signed, however he's too busy to get the case for you. Ermen indicated that Hugo Consultants, a third party, will host the new web site for Alpha. Ermen is excited about Hugo's new technology which is not well understood at Alpha. Hugo representatives have assured him that additional resources will be made available to the Alpha project since some of Hugo's bigger clients are expected to have their projects completed soon. Ermen notes that the coding phase of the web site project has started since business specifications are almost 50% complete.
Users have complained about reporting problems in the inventory system, so a meeting was set up with Edmonds, a very knowledgeable programmer, to try to pinpoint the cause of these difficulties. Edmonds is frustrated with the number of source code changes that he needs to implement to meet user reporting requirements. He would like computer operations to become more involved, but is concerned as new operations staff do not even know how to move source code into production. He notes that this doesn't matter much since most of the changes are treated as emergency changes. All emergency changes are verbally approved.
The computer operations manager gave you a tour of the area. You note that backup tapes are kept in the file cabinet in her office. The manager was complaining about not being able to monitor all her staff after recent company cutbacks.
Required:
Evaluate three strengths and three weaknesses of the IT governance at Alpha Corp. Conclude on the effectiveness of IT governance at the company. (6 marks)
Based on the Canadian audit standards, why are auditors required to understand the information systems and related business processes? (5 marks)
How does the quality of the IT governance affect your ability to conduct an information systems audit of general controls? (Address both financial statement and operational audits.) (5 marks)
Explain four characteristics of the computer environment that may impact the control environment. (4 marks)
The CEO would like to you to compare and contrast the COSO and COBIT models. Provide three similarities and three differences between the models. (6 marks)
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started