Background
System Solution Pvt Ltd is one of the fastest growing IT companies in Maldives which provides the best IT services and currently facing issues in stakeholders’ confidence about financial activities related to the services.
The main scope of the audit is to handle the IT activity controls in different sectors and to inspect if the IT controls protect the company’s asset (Lennox and Wu 2018).
The main objectives of the entity level control audit are to control the rules, policies and the procedures.
|
Entity Level Control Objectives |
Control Assessment |
|
Controlled environment |
Satisfactory |
|
Risk assessment policies |
Satisfactory |
|
Controlled Activities |
Unsatisfactory |
|
Internal Information shared |
Changes Required |
|
Maintained Communication |
Unsatisfactory |
|
Good Controls |
Weak Controls |
|
· The environment is controlled · Risk Assessment polices are maintained and well shared. · All the activities are monitored properly (Sierra-García et al. 2019). |
· All the activities are not controlled properly. · The communication is not maintained between the entities · The detailed information about the activities is not shared always. |
|
Detail observation |
|||
|
All the activities are not controlled properly because of the communication gap among the entities. The polices are maintained and shared properly. |
|||
|
Action Plan |
|||
|
The better training is provided to reduce the communication gap between the entities and the individuals will be asked to share the detailed information. |
|||
|
Responsible Role |
The manager |
Estimated Completion Date |
29.03.22 |
The main objectives of the data centres and disaster recovery audit is to check if the data are documented properly to get the efficient data and check of the data are safe in the disaster recovery (Surianarayanan and Chelliah 2019).
|
Data Centres and Disaster Recovery Objectives |
Control Assessment |
|
Measing the security of the data centres |
Satisfactory |
|
The inspection of the missing assets |
Satisfactory |
|
Disaster recovery objectives are set |
Unsatisfactory |
|
Recovery plan |
Unsatisfactory |
|
The staff’s ability to work on the recovery of data |
Need Changes |
|
Good Controls |
Weak Controls |
|
· The missing assets are set and inspected properly · The system is inspected and set for back up options. |
· No proper recovery plans · No proper objectives about the disaster recovery plan. · Staff’s knowledge on the recovery plan |
|
Detail observation |
|||
|
The staffs are not properly aware about the disaster recovery processes and the individual proceed with the disaster recovery plan and cannot set the objectives for the plan. |
|||
|
Action Plan |
|||
|
All the individual staffs will be trained about the recovery plan. |
|||
|
Responsible Role |
Data officer |
Estimated Completion Date |
01.04.22 |
The main objectives of the Routers, Switches, Firewalls and Security Devices audit is to check the usage and availability of the devices.
|
Routers, Switches, Firewalls and Security Devices Objectives |
Control Assessment |
|
Router’s availability |
Satisfactory |
|
Identification of the correct usage of Switches |
Need changes |
|
Security measurements of firewalls |
Unsatisfactory |
|
Inspection of all the routers |
Need changes |
|
Inspection of the threats on the security devices |
Satisfactory |
|
Good Controls |
Weak Controls |
|
· Router’s availability is inspected and confirmed · All the threats are inspected on the security devices |
· Security measurements of firewalls are not confirmed · All the routers and switches are needed to be checked if it is used by authorized entities |
|
Detail observation |
|||
|
All the devices are checked for threat identification. The correct usage of the routers and the switches are not inspected properly and the security control measurements are not confirmed properly. |
|||
|
Action Plan |
|||
|
Better inspection team with proper and system will be recruited. |
|||
|
Responsible Role |
IT management team |
Estimated Completion Date |
10.04.22 |
The main objectives of the Windows Operating Systems audit are to check if the operating systems are working correctly by the right users (Ring et al. 2021).
|
Windows Operating Systems Objectives |
Control Assessment |
|
Operating system is handling the files |
Unsatisfactory |
|
Memory management is used properly |
Satisfactory |
|
Right Input and output |
Unsatisfactory |
|
Connection with other devices |
Satisfactory |
|
Windows originality |
Need changes |
|
Good Controls |
Weak Controls |
|
· The proper use of memory management · Connection with other devices |
· File handling by operating system · Right input and output are no achieved · The originality of the operating system |
|
Detail observation |
|||
|
Even though the windows are connected with other devices it is unable to manage the files which created the doubt about its originality. |
|||
|
Action Plan |
|||
|
The OS will be checked for better usage and better versions will be installed |
|||
|
Responsible Role |
IT management team |
Estimated Completion Date |
15.04.22 |
The main objectives of the Unix and Linux Operating Systems are ton check if the computer resources are allocated correctly and if the system log is working properly with the time-to-time software update.
|
Unix and Linux Operating Systems Objectives |
Control Assessment |
|
Computer resource allocation |
Unsatisfactory |
|
Task scheduling |
Satisfactory |
|
System log checking |
Unsatisfactory |
|
Detailed information about security events |
Need changes |
|
Software updates |
Satisfactory |
|
Good Controls |
Weak Controls |
|
· On time software updates · Proper task scheduling |
· Detailed information of security issues · Regular log checking · Resource allocation |
Observation and Action Plan:
|
Detail observation |
|||
|
The software is updated on the right time and the tasks are scheduled om the right time. But the regular system log is not checked and the computer resources are not allocated properly (Sedano and Salman 2021). |
|||
|
Action Plan |
|||
|
The OS will be checked for better usage and better versions will be installed |
|||
|
Responsible Role |
Security Management team |
Estimated Completion Date |
19.04.22 |
The main objectives of the database and storage audit is to check if the database and the storage are used correctly and to check he security of the data bases.
|
Database & Storage Objectives |
Control Assessment |
|
DBMS traces |
Unsatisfactory |
|
Capabilities of the storage systems |
Satisfactory |
|
Logging files |
Satisfactory |
|
Accessibility |
Unsatisfactory |
|
Security of DBMS |
Unsatisfactory |
|
Good Controls |
Weak Controls |
|
· Storage capabilities · Logging files |
· Traces of DBMS used for the tasks · No restrictions in accessibility · No strong security in DMBS |
|
Detail observation |
|||
|
The system is accessible by any one which creates the security issue. |
|||
|
Action Plan |
|||
|
Better team for managing the security will be provided |
|||
|
Responsible Role |
DBMS team |
Estimated Completion Date |
20.04.22 |
The main objectives of the Web Servers and Web Application audit is ton check if there are occurrences of the threats and if the web services are used for the right purpose.
|
Applications Objectives |
Control Assessment |
|
Right usage of web server and applications |
Satisfactory |
|
Appropriate theme of the server |
Need changes |
|
Loopholes in the services |
Satisfactory |
|
Inspections of code metrics |
Need changes |
|
Authentication checking |
Unsatisfactory |
|
Good Controls |
Weak Controls |
|
· The services are used right · The loopholes are identified |
· Appropriate website theme for the organization · Code metrics are needed to be inspected · Authentication checking of the users |
|
Detail observation |
|||
|
The web services are used right and the loopholes are identified but the theme of the website can be better and code metric are needed to be inspected with the proper authentication checking. |
|||
|
Action Plan |
|||
|
The appropriate theme will be applied, the authentication option will be updated. |
|||
|
Responsible Role |
IT Management team |
Estimated Completion Date |
30.04.22 |
The main objectives of the Applications are to check the correct usage and the security of the applications.
|
Applications Objectives |
Control Assessment |
|
Setting the audit framework |
Need changes |
|
System and data flow |
Unsatisfactory |
|
Applications outputs security |
Satisfactory |
|
Accuracy of the outputs |
Satisfactory |
|
Application usage for organizational purpose |
Unsatisfactory |
|
Good Controls |
Weak Controls |
|
· Accurate outputs · Security of the output |
· Framework for audit · The data and system flow · Use of the application for organizational purpose |
|
Detail observation |
|||
|
The security of the application is not checked and the proper framework is not provided. The use of application for the organizational purpose is not confirmed. |
|||
|
Action Plan |
|||
|
Application usage will be restricted and better security will be provided for the accurate outputs. |
|||
|
Responsible Role |
HRM |
Estimated Completion Date |
26.04.22 |
References:
Lennox, C.S. and Wu, X., 2018. A review of the archival literature on audit partners. Accounting Horizons, 32(2), pp.1-35.
Ring, M., Schlör, D., Wunderlich, S., Landes, D. and Hotho, A., 2021. Malware detection on windows audit logs using LSTMs. Computers & Security, 109, p.102389.
Sedano, W.K. and Salman, M., 2021, July. Auditing Linux Operating System with Center for Internet Security (CIS) Standard. In 2021 International Conference on Information Technology (ICIT) (pp. 466-471). IEEE.
Sierra-García, L., Gambetta, N., García-Benau, M.A. and Orta-Pérez, M., 2019. Understanding the determinants of the magnitude of entity-level risk and account-level risk key audit matters: The case of the United Kingdom. The British Accounting Review, 51(3), pp.227-240.
Surianarayanan, C. and Chelliah, P.R., 2019. Disaster Recovery. In Essentials of Cloud Computing (pp. 291-304). Springer, Cham.
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
