Responding to Audit

profiletrinidad301
Week4-BSA505-AuditEvidence.docx

Running head: Audit Evidence

04/06/2020

Audit Evidence

Gathering process and the sampling methodologies the auditors may use for the controls tested

For the testing controls and walkthroughs in an organization, auditors have to use appropriate methods for gathering information in the process of review. Every process and sampling methodology should produce a proper way capable of yielding relevant results (Tallyfy, n.d). When conducting an IT audit, the auditors are assisting the customer in recognizing various controls that are available and need for the implementation. The test controls demonstrate to the customers that the services they are offering certainly are safer and secure. These are some of the methods which can be used in gathering information:

Inquiry- here, the auditors opt to ask questions to the particular departments in Gail industries concerning test controls. Thus, through surveys, service organization gets to establish pertinent information (Applegate, n.d). The approach is used alongside other procedures that are more consistent.

Observation- the operations and activities taking place within the Gail Industries should be observed, and IT controls get tested. The approach is helpful whenever there is no adequate documentation of controls. Through observing that IT systems are in place dramatically assists.

Evidence inspection or examination- this method assists auditors in establishing whether the control manuals are performing or not. The auditors would be able to examine whether Gail industries have IT backups scheduled or not. The approach includes the assessment of written documentation as well as records that incorporate employees' and visitors' logins, system databases, passwords used, among other IT security measures.

CAAT- the approach assists in analyzing the sample of every transaction. Overall, the software is employed in executing CAAT that are ranging from spreadsheet use up to various specialized databases; otherwise, software which is designed for data analytic purposes.

There are multiple sampling methodologies kinds. However, for this case study, the auditors will use variable and attribute sampling. Variable sampling shall be employed for testing internal controls. Attribute sampling will be used for the proportion estimation of various items within a population having specified attributes of interest during the audit.

Preliminary findings you expect the auditors will discover based on the "Partially Collected Audit Evidence."

The data center of Gail industries is limited to right and authorized personnel. To safeguard physical assets, organizational management often documents and implement procedures of physical access to grant control as well as revoke additional accessibility of the datacenter of SCOPE. From the inquiries and observation, the datacenter possesses two authentication factors. These include biometric credentials that are accessed by the use of a retinal eye scanner. Again, there is accessibility by the use of the badge card. Employees are requested for their badges to access documents that they need. There is a standardized form completed by all employees to get approval by the department before accessing any site. Accessing the system by the use of a badge is limited only to authorize workers in the IT department. Whenever IT personnel is terminated or suspended, the privilege of badge accessibility is revoked. Besides, the IT managers often evaluate the rights of badge access every month to make sure that employees who have been terminated do not access their badges. The management implements environmental controls to safeguard physical assets in data centers as well as office facilities. These incorporate fire detections and control for suppression. The office facility is protected by visual alarms, detectors for fire, and smokes.

Gail Industries uses data capture and imaging to provide imaging, accountability, and reporting of checks and remitted payments. There is a browser-based application for internal SCOPE and Smallville staff. A separate internet-accessible payment portal allows citizens, business owners, and others to view invoices and make payments. They currently use cloud-based servers with Amazon Web Services (AWS) platform, which is internet accessible. Local servers run data capture, imaging, and the payment processing application. The local servers run both Linux and Windows operating systems. Data is stored on Microsoft SQL Server, which stores payment, image, and balancing data. CCS servers are in the data center and managed by Gail Industries' IT staff. The IT staff manages the firewall, data backup, incident management, and monitors the network.

The payments are made through the use of invoices that are sent electronically to the company (Hay, 2014). This is done via scheduled inbound and outbound transmission of data. SCOPE gets information through the use of CCS applications, thus utilizes this in processing the payments. As long as the IT auditor has gathered the preliminary report, then it would be possible to commence planning for the audit process, particularly on areas that need auditing.

Believe in every finding

Gail Industries uses cloud-based servers, which ensures that information can be accessed from anywhere with an internet connection. Data capture, imaging, and payment processing run on local servers. This is a good option, although it might be a better idea to have a cloud backup. This will ensure that if anything occurred, there is a nightly backup that happens. Servers currently run both Windows and Linux. There should be a consideration to change these systems to the same network (preferably Windows). That way keeping them updated and information speaking to each other from system to system are more natural as both operating systems work in different ways. Data is stored on the Microsoft SQL server, which should also be backed up in the cloud. Having a backup in the cloud help to ensure the information can be retrieved in case of a catastrophic event or any other type of data loss.

Firewalls are managed around the clock, which is essential as long as they are also updated and maintained. Network monitoring is done to maximize performance and uptime. This is also crucial to ensure the network is up and running not to interrupt any services. Data backup should be done nightly and should be backed up either on the cloud or off-premises. Incident management technique protocols should be written out, so everyone knows what to do and expect.

All equipment should be upgraded regularly to help improve productivity. Communication needs to advance within an organization so things can get done quickly and increase productivity. Training is essential so that all employees know what procedures to follow and what is expected. All policies should be reviewed and updated quarterly. The plans should be clear and well defined. Ensuring data is secure is an essential part of any business. Having a backup of that data is another crucial measure to take. No company ever wants to be put into a situation where they lose their data.

Additionally, any processes that can be automated should be so that there are fewer errors. Scheduling periodic maintenance is essential for a business to do. They are keeping logs to reduce downtime and scanning for viruses to ensure no extra data downtime and minimize data loss.

Keeping leadership abreast on findings

SCOPE leadership is responsible for ensuring the security of the mail that comes into the possession of all employees, subcontractors, and agents at its processing facility, located within Smallville. Controls and procedures for money and mail handling are established by SCOPE to ensure payments are accounted for, from the earliest point received through processing and deposit. Thus, the leadership should be updated on the findings to approve monetary funding needed for the project.

References

Applegate, M. (n.d.). How to Improve Information Systems at Work. Retrieved from https://smallbusiness.chron.com/improve-information-systems-work-20074.html

Hay, A. (2014). 6 Ways to Improve your Life with Information Management. Retrieved from https://www.westcanadian.com/blog/2014/10/6-ways-to-improve-your-life-with-information-management/

Tallyfy. (n.d.). What is Operations Management? Retrieved from https://tallyfy.com/guides/operations-management/

04/06/2020

Audit Evidence

1