Assessment 5: Report-2
Page | 1 Asia Pacific International College Pty Ltd. Trading as Asia Pacific International College 55 Regent Street, Chippendale, Sydney 2008: 02-9318 8111 PRV12007; CRICOS 03048D Approved: 13/02/2019, Version 1
Unit Code and Title: SBM4302 IT Audit and Controls
Assessment Information
Assessment Task
Weighting Due Length ULO
Assessment 1: Quiz Quiz covering delivery material week 1 - week 3 to identify further support needs.
10% Week 4 30 mins
ULO-1 ULO-3
Assessment 2: Case Study An individual work pertaining to real world case study
20% Week 7 2000 words ULO-1 ULO-2 ULO-3 ULO-4 ULO-5
Assessment 3: Report-1 An individual report based on an IT audit report
30%
Week 9
2500 words
ULO-1 ULO-2 ULO-3 ULO-4 ULO-5 ULO-6 ULO-7
Assessment 4: Tutorial Participation and Submission Weekly exercises assess students’ ability to understand theoretical materials.
10%
Week 1, 2, 3, 4, 5, 6, 7, 8, 9,
10
N/A ULO-1 ULO-2 ULO-3 ULO-4 ULO-5 ULO-6 ULO-7
Assessment 5: Report-2 An individual report based on an IT audit report
30% Week 12 2500 words
ULO-3 ULO-4 ULO-5 ULO-6 ULO-7
Assessment Details
Page | 2 Asia Pacific International College Pty Ltd. Trading as Asia Pacific International College 55 Regent Street, Chippendale, Sydney 2008: 02-9318 8111 PRV12007; CRICOS 03048D Approved: 13/02/2019, Version 1
Assessment 1: Quiz
Due date: Week 4
Group/individual: Individual
Word count / Time provided: 30 minutes
Weighting: 10%
Unit Learning Outcomes: ULO-1, ULO-3
Assessment Details:
This test will assess your knowledge of key content areas (Week 1, 2 and 3 contents) and to identify
further support needs. For successful completion of the quiz, you are required to study the material
provided (lecture slides, tutorials, and reading materials), engage in the unit’s activities, and in the
discussion forums. The prescribed textbook is the main reference along with the recommended
reading material. By completing this assessment successfully, you will be able to identify key aspects
of IT Audit and controls.
Marking Information: The quiz will be marked out of 100 and will be weighted 10% of the total
unit mark.
Assessment 2: Case Study
Due date: Week 7
Group/individual: Individual
Word count / Time provided: 2000 words
Weighting: 20%
Unit Learning Outcomes: ULO1, ULO2, ULO3, ULO4, ULO5
Assessment Details:
This assessment is designed to assess students’ ability to apply theoretical learning to practical, real
world situations. In this assessment students are given a sample case study and asked to comment
upon it. In particular, emphasis on the reason(s) behind the situation that unfolded and actions that
could have been taken to prevent such incidents from occurring.
Case Study: NAB Data Breach
On the 26th July 2019, National Australia Bank (NAB) which is the 4th largest bank in Australia,
contacted approximately 13,000 customers to advise that some personal information provided when
their account was set up was uploaded, without authorisation, to the servers of two data service
companies. NAB’s security teams have contacted the companies, who advise that all information
provided to them is deleted within two hours.
NAB Chief Data Officer, Glenda Crisp, said the compromised data included customer name, date of
birth, contact details and in some cases, a government-issued identification number, such as a driver’s
licence number. “We take the privacy and the protection of customer information extremely seriously
and I sincerely apologise to affected customers. We take full responsibility,” she said. “The issue was
human error and in breach of NAB’s data security policies.” Ms Crisp said it was not a cyber-security
issue. No NAB log-in details or passwords have been compromised – and NAB’s systems remain secure.
Page | 3 Asia Pacific International College Pty Ltd. Trading as Asia Pacific International College 55 Regent Street, Chippendale, Sydney 2008: 02-9318 8111 PRV12007; CRICOS 03048D Approved: 13/02/2019, Version 1
“Our number one priority is to support our customers. We are moving quickly to proactively contact
every person affected.”
NAB called, emailed or written to each impacted customer individually. A dedicated, specialist support
team was in place, available to them 24/7. If government identification documents need to be
reissued, NAB would cover the cost. NAB would also cover the cost of independent, enhanced fraud
detection identification services for affected customers. Importantly there is no evidence to indicate
that any of the information has been copied or further disclosed.
NAB is advising impacted customers that they do not need to take any action with their account. “We
have reviewed these customers’ accounts, over and above our rigorous normal checks, and have not
identified any unusual activity. We will continue to monitor 24/7 to protect our customers’ accounts,”
Ms Crisp said. NAB also notified and was working with industry regulators, including the Office of the
Australian Information Commissioner. Ms Crisp said: “We take full responsibility. We can assure you
that we understand how this happened and we are making changes to ensure this does not happen
again.”
On further development, NAB CEO admitted that it is difficult to invest huge amount of money in
information security compared to the industry leaders like Microsoft, Google, Amazon. His opinion
was to leverage on the infrastructure created by these companies i.e. through cloud computing.
Marking Information: The case study will be marked out of 100 and will be weighted 20% of the
total unit mark
Marking Criteria Not satisfactory
(0-49%) of the criterion mark)
Satisfactory
(50-64%) of the criterion mark
Good
(65-74%) of the criterion mark
Very Good
(75-84%) of the criterion mark
Excellent
(85-100%) of the criterion mark
Overview of the addressed problem (20 marks)
Inadequate overview of the addressed problem
Basic level overview of the addressed problem
Moderate level overview of the addressed problem
Accurate and detailed overview of the addressed problem
Displays exceptional level overview of the addressed problem
Describe common security issues that an auditor needs to investigate (30 marks)
Inadequate description of common security issues
Basic description of the common security issues
Moderate level description of the common security issues
Accurate and detailed description of the common security issues
Displays exceptional level description of the common security issues
Describe NAB’s response to the data breach (10 marks)
Inadequate description of the NAB’s response to the data breach
Basic description of the NAB’s response to the data breach
Moderate level description of the NAB’s response to the data breach
Accurate and detailed description of the NAB’s response to the data breach
Displays exceptional level description of the NAB’s response to the data breach
Page | 4 Asia Pacific International College Pty Ltd. Trading as Asia Pacific International College 55 Regent Street, Chippendale, Sydney 2008: 02-9318 8111 PRV12007; CRICOS 03048D Approved: 13/02/2019, Version 1
Propose information security measures NAB should adopt (30 marks)
Inadequate description of the information security measures
Basic description of the information security measures
Moderate level description of the information security measures
Accurate and detailed description of the information security measures
Displays exceptional level description of the information security measures
Describe the role of cloud computing in information security (10 marks)
Inadequate description of the role of cloud computing in security
Basic description of the role of cloud computing in security
Moderate level description of the role of cloud computing in security
Accurate and detailed description of the role of cloud computing in security
Displays exceptional level description of the role of cloud computing in security
Assessment 3: Report-1
Due date: Week 9
Group/individual: Individual
Word count / Time provided: 2500
Weighting: 30%
Unit Learning Outcomes: ULO-1, ULO-2, ULO-3, ULO-4, ULO-5, ULO-6, ULO-7
Course Learning Outcomes: CLO-1, CLO-6, CLO-8, CLO-9
Assessment Details:
This assessment is designed to assess students’ ability to apply theoretical learning to practical, real
world situations. In this assessment students are given a sample IT audit report and asked to comment
upon it. Students are expected to identify and discuss any irregularities found in the report, for
example, securing and preserving evidence. They should discuss possible audit strategies used to
produce the report and what actions, recommendations, or sanctions might be included in the report
as a result of the identification of irregularities. In completing this assessment successfully, you will be
able to learn how to analyse an IT audit report, learn relevant legislation, generally accepted auditing
standards and ISACA’s CORBIT framework, which will help in achieving ULO1, ULO-2, ULO-3, ULO-4,
ULO-5, ULO-6, and ULO-7.
Page | 5 Asia Pacific International College Pty Ltd. Trading as Asia Pacific International College 55 Regent Street, Chippendale, Sydney 2008: 02-9318 8111 PRV12007; CRICOS 03048D Approved: 13/02/2019, Version 1
Marking Criteria and Rubric: The assessment will be marked out of 100 and will be weighted 30%
of the total unit mark
Marking Criteria Not satisfactory
(0-49%) of the criterion mark)
Satisfactory
(50-64%) of the criterion mark
Good
(65-74%) of the criterion mark
Very Good
(75-84%) of the criterion mark
Excellent
(85-100%) of the criterion mark
Identify the audit focus and scope of the given audit report (10 marks)
Inadequate identification of audit focus and scope from the report
Basic level identification of audit focus and scope from the report
Moderate level identification of audit focus and scope from the report
Accurate and detailed identification of audit focus and scope
Displays exceptional level identification of audit focus and scope
Describe audit findings in the RAMS (20 marks)
Inadequate description of the findings inside RAMS
Basic description of the findings within RAMS
Moderate level description of the findings within RAMS
Accurate and detailed description of the findings in RAMS
Displays exceptional level description of the findings in RAMS
Describe audit findings in the Horizon Power (20 marks)
Inadequate description of the findings inside Horizon Power
Basic description of the findings within Horizon Power
Moderate level description of the findings within Horizon Power
Accurate and detailed description of the findings in Horizon Power
Displays exceptional level description of the findings in Horizon Power
Describe audit findings in the PRS and PRX (20 marks)
Inadequate description of the findings inside PRS and PRX
Basic description of the findings within PRS and PRX
Moderate level description of the findings within PRS and PRX
Accurate and detailed description of the findings in PRS and PRX
Displays exceptional level description of the findings in PRS and PRX
Describe audit findings in the NRL-T (20 marks)
Inadequate description of the findings inside NRL-T
Basic description of the findings within NRL-T
Moderate level description of the findings within NRL-T
Accurate and detailed description of the findings in NRL-T
Displays exceptional level description of the findings in NRL-T
Describe and discuss the professional, legal, and ethical responsibilities of an IT Auditor (10 marks)
Inadequate understanding of the professional, legal, and ethical responsibilities of an IT Auditor; cannot discuss concepts in own words.
Basic knowledge of the professional, legal, and ethical responsibilities of an IT Auditor.
Exhibits breadth and depth of understanding of the professional, legal, and ethical responsibilities of an IT Auditor.
Exhibits accurate and detailed breadth and depth of understanding professional, legal, and ethical responsibilities of an IT Auditor.
Displays exceptional understanding of concepts and their practical application of the professional, legal, and ethical responsibilities of an IT Auditor
Page | 6 Asia Pacific International College Pty Ltd. Trading as Asia Pacific International College 55 Regent Street, Chippendale, Sydney 2008: 02-9318 8111 PRV12007; CRICOS 03048D Approved: 13/02/2019, Version 1
Assessment 4: Tutorial Participation and Submission
Due date: Week 1, 2, 3, 4, 5, 6, 7, 8, 9, 10
Group/individual: Individual
Word count / Time provided: N/A
Weighting: 10%
Unit Learning Outcomes: ULO-1, ULO-2, ULO-3, ULO-4, ULO-5, ULO-6, ULO-7
Course Learning Outcomes: CLO-1, CLO-2, CLO-3, CLO-4, CLO-5, CLO-7
Assessment Details:
Different exercises assess students’ ability to understand theoretical materials on a weekly basis.
Students will be given simple activities each week and will be required to provide answers and
achieve identified outcomes.
Students will not be assessed on work that the tutor has not seen them produce in class so that
attendance is required as part of this assessment. Students are required to submit the work that
they have completed during the tutorial session. The details of the tutorial work and requirements
are provided on the online learning system.
Marking Criteria and Rubric: The assessment will be marked out of 100 and will be weighted 10%
of the total unit mark
Marking Criteria Not satisfactory
(0-4) mark
Satisfactory
(5-8) mark
Excellent
(9-10) mark
Week-1 (marked 0 - 10) (10%)
Attendance and no submission
Attendance and satisfactory submission
Attendance and excellent submission
Week-2 (marked 0 - 10) (10%)
Attendance and no submission
Attendance and satisfactory submission
Attendance and excellent submission
Week-3 (marked 0 - 10) (10%)
Attendance and no submission
Attendance and satisfactory submission
Attendance and excellent submission
Week-4 (marked 0 - 10) (10%)
submission satisfactory submission
excellent submission
Week-5 (marked 0 - 10) (10%)
Attendance and no submission
Attendance and satisfactory submission
Attendance and excellent submission
Week-6 (marked 0 - 10) (10%)
Attendance and no submission
Attendance and satisfactory submission
Attendance and excellent submission
Week-7 (marked 0 - 10) (10%)
Attendance and no submission
Attendance and satisfactory submission
Attendance and excellent submission
Page | 7 Asia Pacific International College Pty Ltd. Trading as Asia Pacific International College 55 Regent Street, Chippendale, Sydney 2008: 02-9318 8111 PRV12007; CRICOS 03048D Approved: 13/02/2019, Version 1
Week-8 (marked 0 - 10) (10%)
Attendance and no submission
Attendance and satisfactory submission
Attendance and excellent submission
Week-9 (marked 0 - 10) (10%)
Attendance and no submission
Attendance and satisfactory submission
Attendance and excellent submission
Week-10 (marked 0 - 10) (10%)
Attendance and no submission
Attendance and satisfactory submission
Attendance and excellent submission
Assessment 5: Report-2
Due date: Week 12
Group/individual: Individual
Word count / Time provided: 2500 words
Weighting: 30%
Unit Learning Outcomes: ULO3, ULO4, ULO5, ULO6, ULO7
Assessment Details:
This assessment is designed to assess students’ ability to apply theoretical learning to practical, real
world situations. In this assessment students are given a sample IT audit report and asked to comment
upon it. Students are expected to identify and discuss any irregularities found in the report, for
example, securing and preserving evidence. They should discuss possible audit strategies used to
produce the report and what actions, recommendations, or sanctions might be included in the report
as a result of the identification of irregularities. In completing this assessment successfully, you will be
able to learn how to analyse an IT audit report, learn relevant legislation, generally accepted auditing
standards and ISACA’s CORBIT framework, which will help in achieving ULO-3, ULO-4, ULO-5, ULO-6,
and ULO-7.
Marking Criteria and Rubric: The assessment will be marked out of 100 and will be weighted 30%
of the total unit mark
Marking Criteria Not satisfactory
(0-49%) of the criterion mark)
Satisfactory
(50-64%) of the criterion mark
Good
(65-74%) of the criterion mark
Very Good
(75-84%) of the criterion mark
Excellent
(85-100%) of the criterion mark
Identify the audit focus and scope of the given audit report (10 marks)
Inadequate identification of audit focus and scope from the report
Basic level identification of audit focus and scope from the report
Moderate level identification of audit focus and scope from the report
Accurate and detailed identification of audit focus and scope
Displays exceptional level identification of audit focus and scope
Describe high risk IT issues in the NSW city councils (20 marks)
Inadequate description of the high risk IT issues
Basic description of the high risk IT issues
Moderate level description of the high risk IT issues
Accurate and detailed description of the high risk IT issues
Displays exceptional level description of the high risk IT issues
Page | 8 Asia Pacific International College Pty Ltd. Trading as Asia Pacific International College 55 Regent Street, Chippendale, Sydney 2008: 02-9318 8111 PRV12007; CRICOS 03048D Approved: 13/02/2019, Version 1
Describe audit findings related to IT governance in the NSW city councils (20 marks)
Inadequate description of the findings related to IT governance
Basic description of the findings related to IT governance
Moderate level description of the findings related to IT governance
Accurate and detailed description of the findings related to IT governance
Displays exceptional level description of the findings related to IT governance
Describe audit findings related to IT general controls in the NSW city councils (30 marks)
Inadequate description of the findings related to IT general controls
Basic description of the findings related to IT general controls
Moderate level description of the findings related to IT general controls
Accurate and detailed description of the findings related to IT general controls
Displays exceptional level description of the findings related to IT general controls
Describe audit findings related to cyber security management in the NSW city councils (20 marks)
Inadequate description of the findings related to cyber security management
Basic description of the findings related to cyber security management
Moderate level description of the findings related to cyber security management
Accurate and detailed description of the findings related to cyber security management
Displays exceptional level description of the findings related to cyber security management