Identification of managerial and organization risks
Dsicuss about the Internal Audit Quality And Financial Reporting Quality.
The Freddie Mac is a leading public and government-sponsored enterprise at Virginia. The accounting scandal was witnessed by the company in June 2003 as it revealed that had undergone though misstated earnings by about 5 billion dollars.
The following report discusses various control and audit controls for Freddie Mac along with designing review auditing. Then it has classified the primary IT controls and their effect on various related business operations for managing business risks along with assuring system effectiveness. Then it has discussed and described ethical, legal and professional roles for IT audits.
The various managerial and organizational risks related to conducting and planning for Freddie Mac’s IT audits and controlling activities are discussed below.
|
Disgruntled employees |
Here the internal attacks can be seen as one of the active threats to face system and data. Different kinds of rogue employees, particular members of IT group of Freddie Mac having knowledge and access to admin accounts, data centres and networks have been able to cause serious harm. |
|
The risk from Mobile Devices |
Here, data theft has been a high vulnerability as employees use mobile devices for sharing data, get access to Freddie Mac’s information or ever neglect changes to mobile passwords. The mobile security breaches have been affecting more than 50% of organization worldwide in the current age (Chou, 2015). Hence, Freddie Mac has embraced BYOD since they have been facing exposure towards risks from the devices over corporate network lying behind a firewall that also includes VPN. This takes place as the application installs various malware or various Trojan software. They have been accessing the network connection of the devices. |
|
Unpatched or different unpatchable devices |
Here, this refers to the network devices like routers and printers employing firmware and software in operation. However, there has been a patch for vulnerability within them that has to be created or sent, or the hardware has not been designed to help them to be upgraded. This happened after finding the vulnerabilities. |
|
Third-party services |
Since the technology has become a part of more complex and specialized system, Freddie Mac has been depending more on the vendors and outsourcers for maintaining and supporting systems. For instance, the organization has often been outsourcing maintenance and managing of the POS and point-of-sale systems to the third party service providers (Vasarhelyi & Halper, 2018). Apart from this, the third-parties have been using distant access tolls for connecting the network of the company. However, they have not been following various best practices of security. For instance, they have been using similar default passwords for remotely connecting every client. As the hackers come to know the password, they get the foothold towards all the networks of the clients. |
For Freddie Mac these are analyzed below
Here, the expert teams have understood the operations, internal controls and various information systems. They have been constructing audit timetable meeting the necessities.
This knowledge is helpful to analyze financial reporting risks especially business critical sectors (Newton et al., 2015).
They are the key towards becoming a more stable organization. Here improvements are to be suggested along testing the internal testing controls.
Freddie Mac uses sophisticated tools that includes data interrogation software and analyze the transactions and balances and develop the operations.
Here Freddie Mac can apply extra check assuring the accuracy of the task. Then they change the raw results to actionable insights such that one can drive improvements quickly to access the organization (Leitch, 2016).
Freddie Mac has decided to create a post-implementation audit for the current case. This has been top-to-bottom analysis of hard and soft benefits from strategic information system, project management process to deploy that and security system. Since IT has been miscalculating the number of people needed to use that system ROI has been driven down by the cost to order extra licenses (Yee et al., 2017). Here, the POA has also displayed that the system has saved the company with about more than 100,000 dollars per year.
|
Primary IT controls |
Effects on Freddie Mac’s business controls |
|
How technologies, processes and people can work harmony |
As the users get access when the request gets approved, this gets routed to access coordinates of information security utilizing the documenting processes to grant access. As soon as the access gets granted and process to share user’s password and ID has been followed, the technical access control system of the system can take over. |
|
Determining whether to disclose the IT controls |
As the time general public is aware, a community of hackers develops workable exploits and then they disseminate that far and wide to take advantages of the flaws. This happens before it can be closed down or patched (Vovchenko et al., 2017). Due to this, they are open disclosure benefits in general public more than that is acknowledged by those critics who have claimed to provide the hackers with the similar data. |
The organization security policies have been encompassing environmental and physical security assuring that all the sensitive resources and facilities of processing get secured. Then they are protected through defined security controls that are linked to business risks. Further, the authorization has been the function to specify access privileges and rights to resources that related to information and computer security to get access control in particular (Christ et al., 2015). The operation security has been identifying critical data to finding whether any friendly task is seen through enemy intelligence. This has helped in determining data retrieved through adversaries that could be interpreted to be helpful for them. Freddie Mac’s network security has covered various types of computer networks both under private and public used for daily tasks, making communication among the business, conducting transactions, people and government agencies.
Audit methodologies, reviewing auditing and post implementation auditing
For Freddie Mac, business continuity plan has been a vital function for their business. They have been helpful for identifying processes and systems that can be sustained. Further, it is useful to detail the ways to maintain risks. Moreover, it has considered possible business disruptions.
Necessities of IT audits and relationship with financial reporting:
The IT audits for Freddie Mac have been vital to secure their business and encourage thriving that. It has been focusing on ensuring robust internal control systems for minimizing the risk of deliberate and accidental errors. The potential creditors and stakeholders have analyzed the Freddie Mac’s financial statements and measure various financial ratios (Bin-Abbas & Bakry, 2014). This has been with the data they have contained for identifying the economic strengths and drawbacks. It has also been helpful to determine whether the company has been a good credit or investment risk. The mangers have used them for aiding decision making.
Freddie Mac’s IT auditing has a great impact on their decision-making in the presence of the going-concern uncertainties that have been characterized as two-stage procedures. Here, the first stage has been to identify the potential continuous problems and the second stage has been to find out whether the specific company has been receiving a qualified opinion (He et al., 2017). Various results have indicated that the audit quality has been affecting the possibility that Freddie Mac, being an economically distressed organization has received an opinion. Here, the probability has been influencing by the ability of the auditor to find out financial uncertainties. However, this has also been the auditor’s decision making that must refer what kind of opinion can be financially issued.
Here the auditors are liable to perform and plan audits to be seen as a reasonable assurance regarding whether financial statements. They must be free of various material misstatements caused by fraud and errors.
The auditors have been engaged to provide various services to Freddie Mac. Here each of them has been having their related liabilities, right and duties. Then the central activity of the auditor has been producing reports of auditors over Freddie Mac’s yearly reports and accounts (Chang et al., 2014).
Though individuals performing quality audits have not been the members of ASQ, some underlying principles are applied to ethics of audits (Abbott et al., 2016). Here, the team leaders must need to comply totally with the customs, regulations and rules of Freddie Mac during an audit.
Classification of primary IT controls and effect on various related business operations for managing risks of business and assuring system effectiveness
Conclusion:
Planning IT audit for Freddie Mac has included various steps that are understood from the study. The report has been helpful to understand information and perform planning. The next step has been to retrieve risk by the audit approach that is needed to analyse risks and help IT auditors to undertake decisions. For Freddie Mac, the risk-based approach discussed above has been depending on various operational and internal controls along with knowledge of the business. These kinds of risk analysis decisions have been helpful to relate to the cost-benefit analysis to manage known risks.
References:
Abbott, L. J., Daugherty, B., Parker, S., & Peters, G. F. (2016). Internal audit quality and financial reporting quality: The joint importance of independence and competence. Journal of Accounting Research, 54(1), 3-40.
Bin-Abbas, H., & Bakry, S. H. (2014). Assessment of IT governance in organizations: A simple integrated approach. Computers in Human Behavior, 32, 261-267.
Chang, S. I., Yen, D. C., Chang, I. C., & Jan, D. (2014). Internal control framework for a compliant ERP system. Information & Management, 51(2), 187-205.
Chen, Y., Smith, A. L., Cao, J., & Xia, W. (2014). Information technology capability, internal control effectiveness, and audit fees and delays. Journal of Information Systems, 28(2), 149-180.
Chou, D. C. (2015). Cloud computing risk and audit issues. Computer Standards & Interfaces, 42, 137-142.
Christ, M. H., Masli, A., Sharp, N. Y., & Wood, D. A. (2015). Rotational internal audit programs and financial reporting quality: Do compensating controls help?. Accounting, Organizations and Society, 44, 37-59.
He, X., Pittman, J. A., Rui, O. M., & Wu, D. (2017). Do social ties between external auditors and audit committee members affect audit quality?. The Accounting Review, 92(5), 61-87.
Leitch, M. (2016). Intelligent internal control and risk management: designing high-performance risk control systems. Routledge.
Newton, N. J., Persellin, J. S., Wang, D., & Wilkins, M. S. (2015). Internal control opinion shopping and audit market competition. The Accounting Review, 91(2), 603-623.
Vasarhelyi, M. A., & Halper, F. B. (2018). The continuous audit of online systems. In Continuous Auditing: Theory and Application (pp. 87-104). Emerald Publishing Limited.
Vovchenko, G. N., Holina, G. M., Orobinskiy, S. A., & Sichev, A. R. (2017). Ensuring financial stability of companies on the basis of international experience in construction of risks maps, internal control and audit. European Research Studies Journal, 20(1), 350-368.
Yee, C. S., Sujan, A., James, K., & Leung, J. K. (2017). Perceptions of Singaporean internal audit customers regarding the role and effectiveness of internal audit. Asian Journal of Business and Accounting, 1(2), 147-174.
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
