Assignment 1
Questing 1: Answer all questions: 1. Task 1: Answer the following question after reading Q.2.pdf. Suppose you are conducting external audit for a company. Your client asks for advice to design staff. Would you give advice or not? Justify your answer. 2. Task 2: The more you know about your organization, the better prepared you’ll be for conducting an information systems audit. What can you tell us about the context of the organization in which you are working? 3. Task 3: Please read the article “Information System Audit - An Overview Study in E-Government of Nepal” and critically evaluate the author’s suggestions related to IS audit for e- government system. Also explain the importance of IS audit to executive management of Nepal’s e-government.
Questing 2: Answer all questions: Domain 1 – IS Audit Process Case Study The IS auditor has been ask to perform preliminary work that will assess the readiness of the organization for a review to measure compliance with new regulatory requirements. These requirements are designed to that management is taking an active role in setting up and maintain a well-controlled environment and accordingly, will assess management’s review and testing of the general IT control environment. Areas to be assessed including logical and physical security, change management, production control and network management, It governance, and end user computing. The IS auditor has been given six months to perform this preliminary work, so sufficient time should be available. It should be noted that in previous years, repeated problems have been identified in the area of logical security and change management, so these areas most likely require some degree of remediation. Logical security deficiencies noted included the sharing of administrator accounts and failure to enforce adequate controls over passwords. Change management deficiencies included improper segregation of incompatible duties and failure to document all changes. Additionally, the process of deploying OS updates to servers was found to be only partially effective. In anticipation of the work to be performed by the IS auditor, the chief information officer (CIO) requested direct reports to develop
narratives and process flow describing the major activities for which IT is responsible. These were completed, approved by the various process owners and the CIO, and then forwarded to the IS auditor for examination. Case Study Questions: Select the correct answer and also justify your answer. Task1. What should the IS auditor should do FIRST? A. Perform an IT risk assessment. B. Perform a survey audit of logical access controls. C. Revise the audit plan to focus on risk-based auditing. D. Begin testing controls that the IS auditor feels are most critical. Task2. When testing program change management, how should the sample be tested? A. Change management documents should be selected at random and examined for appropriateness. B. Changes to production code should be sampled and traced to appropriate authorizing documentation. C. Change management documents should be selected based on system criticality and examined for appropriateness. D. Changes to production code should be sampled and traced back to system-produced logs indicating the data and time of the change. Document Requirements
❖ The assignment is submitted electronically through Blackboard. Each late assignment will be penalized 1 point per late working day. ❖ The format of document : ✓ Softcopy of report as DOCX file and source code file. Name your file as < assignment _ID>. send me it By using blackboard ✓ Cover page with the members’ names, ID ✓ Text times roman font 12 or equivalent ✓ Line spacing 1.5 and must include page numbering ✓ Properly bound (Do not submit loose pages in folders. The instructor will not be responsible if any of the pages are missing). ✓ Indent the first line of all paragraphs ✓ Justify all paragraphs ✓ At least 5 References (Harvard Styles)