THESE ARE IT AUDITING QUESTIONS CAN YOU SOLVE THEM PLEASE.. 1. What is the purpo
ID: 3741108 • Letter: T
Question
THESE ARE IT AUDITING QUESTIONS CAN YOU SOLVE THEM PLEASE..
1. What is the purpose of the auditor’s assessment of IT controls during an IT audit?
2. During a financial audit (using COSO or another framework), auditing IT also important as well as the financial processes. Why?
3. Give an example of a preventive control.
4. What is the difference between preventive control and detective control?
5. Explain how information technology drives today’s business processes.
6. IT security can be defined as maintaining confidentiality, integrity and availability for information assests used in business operations. Explain Confidentiality, Integrity and Availability. In your opinion, which one(s) is/are important for business?
7. Why does an IT auditor should possess fundamentals of finance, accounting and other management functions?
8. Describe three risks associated with logging in to a company’s ERP system using username/password.
Explanation / Answer
1) Examination of management controls withing IT infrastructure is IT audit. Purpose of an IT audit is to evaluate system's control design and effectivity.Main function of an It audit to exmaine the systems that guards the particular organisation's data. These audits are used to evaluate organisation's ability to protect their information assets.
2) COSO framework provides steps to enhance environment at our financial institution emphasizing the importance of governance and information security. Auditing is calculating effectiveness of company's internal controls. Hence cost of capital is important for every company whether it's physical like human assets or virtual like information assets. Hence both are valuable cause both are helping in a way to reduce risk of threats to company or an organisation.
3) Firewalls installed in various companies and oragnisation are example of preventive control. If firewalls are configured for maximum security then organization can prohibit the same person to gain access to some websites that can cause damage to information asset of an organisation.
4) Preventive controls happen before the fact while detective control happen after the fact. Preventive controls are the steps that are being taken for protect information asset of an organisation before the fact like installing firewall that prevents hacker breach while detective controls are detection system that alerts about any misleading activity. For example a company installs a firewall to protect their data from hackers and to cover the risk holes company deployed intrusion detection system. So the firewall is act as preventive control step while instrusion detection is detective control.
* We are required to do 4 parts to any given question.
Related Questions
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.