Call Back

24x7 Support Available

To Get the Best Price Chat With Our Experts

chat now

In A Hurry? Get A Callback

whatsapp whatsapp

shopping cart 0

Subject Solutions Code Description Price Delete

Amount Payable : $0

continue shopping proceed to checkout

World's Leading Assignment Library

This unit introduces students to information systems audit and assurance.  An information systems (IS) audit is part of the overall audit process and is  important for good corporate governance. This 

Question Preview:

Thisunitintroducesstudentstoinformationsystemsauditandassurance.Aninformationsystems(IS)auditispartoftheoverallauditprocessandisimportantforgoodcorporategovernance.ThisunitfurtherdevelopsanunderstandingofinternalandoperationalcontrolsaswellasknowledgeoftheorganisationasitrelatestoISauditandassurance.Studentswillexaminetherisksassociatedwithinformationsystemsusingframeworksthatprovideprofessionalstandards,guidelines,toolsandtechniquesforISauditandcontrol. TheriskbasedapproachtoISauditisdevelopedsothatstudentshaveanunderstandingofinherentrisks,controlrisksanddetectionrisks.Studentswillhaveexp...

View Complete Question >>

Question Preview:

Thisunitintroducesstudentstoinformationsystemsauditandassurance.Aninformationsystems(IS)auditispartoftheoverallauditprocessandisimportantforgoodcorporategovernance.ThisunitfurtherdevelopsanunderstandingofinternalandoperationalcontrolsaswellasknowledgeoftheorganisationasitrelatestoISauditandassurance.Studentswillexaminetherisksassociatedwithinformationsystemsusingframeworksthatprovideprofessionalstandards,guidelines,toolsandtechniquesforISauditandcontrol. TheriskbasedapproachtoISauditisdevelopedsothatstudentshaveanunderstandingofinherentrisks,controlrisksanddetectionrisks.Studentswillhaveexposuretocomputerauditingtoolsandtechniquesthatbothdirectlyandindirectlyexaminetheinternallogicofanorganisation'sapplications.Inthisunitstudentsdevelopgraduatecapabilitiesinarangeofareas,including:criticalanalysisskillsininformationmanagementandanalysis;problem‐solvingskillsinsourcingandidentifyingrelevantinformationandinterpretingoutputinamultidisciplinaryenvironment;andcommunicationandnegotiationskills. PreparedbyDr.SavanidVatanasakdakul 3 Learningoutcomes Havingcompletedthissubject,studentsshouldbeableto: 1.toevaluateanddemonstratetheimportanceofISAuditforISGovernancefororganisations. 2.toshowhowtheroleofanISauditoraddsvaluetoanorganisation 3.toassessISrisksandcontrolsandtheirimplicationsfororganisations 4.toexplainhowISauditobjectivesprovideeffectiveISGovernance 5.toevaluateandexplainISaudittoolsandtechniques 6.toexploreandexplainthekeytrendsofISauditandgovernanceandtheimplicationsforindividuals,organisationsandsociety. PreparedbyDr.SavanidVatanasakdakul 4 Consultationtimes • Consultationsstartfromweek3.Theconsultationtimetablewithallstaff’scontactdetailsandconsultationtimeswillbeavailableontheunit’swebsite.• Youareencouragedtoseekhelpatatimethatisconvenienttoyoufromastaffmemberteachingonthisunitduringtheirregularconsultationhours.Ordinarily,staffwouldnotexpecttobecontactedoutsidethesedesignatedhours. PreparedbyDr.SavanidVatanasakdakul 5 TimeRequirement • Asaguide,yourworkingweekforACCG358shouldconsistofthefollowingtimecommitments: • Lecture1.5hours • Tutorial1.5hour • Independentstudy6hours PreparedbyDr.SavanidVatanasakdakul 6 Textbook • Hall,JamesA.(2012),InformationTechnologyAuditing,InternationalEdition3e,SouthWesternCengageLearning PreparedbyDr.SavanidVatanasakdakul 7 Tutorialattendance Itisimportantthatyouattendthetutorialthatyouareenrolledin.Ifyouattendthetutorialthatyouarenotenrolledin,itwillnotbecountedtowardtheattendancerecord,withanexceptionoftutorialsheldontheweekofpublicholidays. • Anychangestotutorialsmustbemadethroughe‐student.Youhavetofinaliseyourclassesbytheendofweek2afterwhichchangesarenolongerpossible. • Noexceptionfortutorialattendancesandlateassignmentswillbegrantedforstudentswhoareenrolledlateinthissubject. • Yourattendancemaynotbemarkedifyouarrivemorethan15minuteslatetoyourtutorials,unlessthereisanappropriatereasonprovidedtoyourtutors. PreparedbyDr.SavanidVatanasakdakul 8 Satisfactoryperformance • Specialconsiderationwillbedeterminedafterconsiderationofastudent’sperformanceinallaspectsofthecourse.• Forperformancetobeconsideredsatisfactoryforthisunit,studentsmusthavesubmittedallassessmenttasksandachieveatleast50percentofthetotalinternalassessmentmarks. PreparedbyDr.SavanidVatanasakdakul 9 Chapter1 Auditing, Assurance, and Internal Control PreparedbyDr.SavanidVatanasakdakul 10 Objectives • toevaluateanddemonstratetheimportanceofISAuditforISGovernancefororganisations. • toshowhowtheroleofanISauditoraddsvaluetoanorganisation • tounderstandthestructureofanauditandhaveafirmgraspoftheconceptualelementsoftheauditprocess • tounderstandtheCOSOframework PreparedbyDr.SavanidVatanasakdakul 11 Auditing • Auditing is a systematic process of objectively obtaining and evaluating evidence regarding assertions about economic actions and events to ascertain the degree of correspondence between those assertions and establishing criteria and communicating the results to interested users. PreparedbyDr.SavanidVatanasakdakul 12 InternalAudits Internal auditing: independent appraisal function established within an organization to examine and evaluate its activities as a service to the organization  Financial Audits  Operational Audits  Compliance Audits  Fraud Audits PreparedbyDr.SavanidVatanasakdakul 13 ExternalAudit External auditing: Objective is that in all material respects, financial statements are a fair representation of organization’s transactions and account balances. SEC’s role (United States Securities and Exchange Commission) Sarbanes-Oxley Act PreparedbyDr.SavanidVatanasakdakul 14 ExternalvsInternalAudit • Comparingthekeydifferencesandsimilaritybetweenexternalauditandinternalaudit – Roleandresponsibilityofexternalauditorsvs internalauditors – Qualification– Scopeofwork – Auditperiod– etc PreparedbyDr.SavanidVatanasakdakul 15 AttestServices Requirements of attestation services Written assertions and practitioner’s written report Formal establishment of measurement criteria Limited to examination, review, and application of agreed-upon procedures PreparedbyDr.SavanidVatanasakdakul 16 AdvisoryServices Advisory services Professional services offered by public accounting firms to improve their client organizations’ operational efficiency and effectiveness Services include: Actuarial advice Business advice Fraud investigation services Information system design and implementation Internal control assessments for compliance with SOX PreparedbyDr.SavanidVatanasakdakul 17 Financialaudit  An independent attestation performed by an expert (i.e., an auditor, a CPA) who expresses an opinion regarding the presentation of financial statements  Key concept: Independence  Culmination of systematic process involving:  Familiarization with the organization’s business  Evaluating and testing internal controls  Assessing the reliability of financial data  Product is formal written report that expresses an opinion about the reliability of the assertions in financial statements; in conformity with GAAP GAAP=GenerallyAcceptedAccountingPrinciplesrefertothestandardframeworkofguidelinesforfinancialaccountingusedinanygivenjurisdiction;generallyknownasaccountingstandards PreparedbyDr.SavanidVatanasakdakul 18 IS/ITaudit IT audits: provide audit services where processes or data, or both, are embedded in technologies. Subject to ethics, guidelines, and standards of the profession (if certified)  CISA  Most closely associated with ISACA Joint with internal, external audits Scope of IT audit coverage is increasing Characterized by CAATTs IT governance as part of corporate governance PreparedbyDr.SavanidVatanasakdakul 19 RoleofAuditCommittee Selected from board of directors Usually three members Outsiders (S-OX now requires it) Fiduciary responsibility to shareholders Serve as independent check and balance system Interact with internal auditors Hire, set fees, and interact with external auditors Resolved conflicts of GAAP between external auditors and management Auditingstandard  Auditing standards  Set by the America Institute of Certified Public Accountants (AICPA)  Authoritative 1) Ten Generally Accepted Auditing Standards (GAAS)  A framework for prescribing auditor performance but it is not sufficiently detailed to provide meaningful guidance in specific circumstances.  Three categories: General Standards Standards of Field Work Reporting Standards 2) Statements on Auditing Standards (SASs) The first SAS issued by AICPA in 1972 It is interpretation on GAAS PreparedbyDr.SavanidVatanasakdakul 21 GeneralStandards StandardsofFieldWork ReportingStandards 1.Theauditormusthaveadequatetechnicaltrainingandproficiency. 1.Auditworkmustbeadequatelyplanned. 1.Theauditormuststateinthereportwhetherfinancialstatementswerepreparedinaccordancewithgenerallyacceptedaccountingprinciples. 2.Theauditormusthaveindependenceofmentalattitude. 2.Theauditormustgainasufficientunderstandingoftheinternalcontrolstructure. 2.Thereportmustidentifythosecircumstancesinwhichgenerallyacceptedaccountingprincipleswerenotapplied. 3.Theauditormustexercisedueprofessionalcareintheperformanceoftheauditandthepreparationofthereport. 3.Theauditormustobtainsufficient,competentevidence. 3.Thereportmustidentifyanyitemsthatdonothaveadequateinformativedisclosures. 4.Thereportshallcontainanexpressionoftheauditor’sopiniononthefinancialstatementsasawhole. GenerallyAcceptedAuditingStandards Audits Systematic process Five primary management assertions, and correlated audit objectives and procedures [Table 1-2]: Existence or Occurrence Completeness Rights and Obligations Valuation or Allocation Presentation and Disclosure Audits Phases: 1. Planning 2. Obtaining evidence  Tests of Controls  Substantive Testing  CAATTs  Analytical procedures 3. Ascertaining reliability  MATERIALITY = Auditors must determine whether weakness in internal controls and misstatements found in transactions and account balances are material.  The assessment of what is material is a matter of professional judgment. 4. Communicating results  Audit opinion AuditRisk The probability that the auditor will give an inappropriate opinion on the financial statements: that is, that the statements will contain materials misstatement(s) which the auditor fails to find Acceptable audit risk (AR) = level of audit risk that is acceptable to the auditor. AuditRiskComponents Inherent Risk: Unique characteristic of the business or industry of the client. The probability that material misstatements have occurred Relative risk (e.g., cash) AuditRiskComponents Control Risk: The probability that the internal controls will fail to detect material misstatements Auditors assess the level of control risk by performing test of internal controls. AuditRiskComponents Detection Risk: Is the risk that auditors are willing to take errors not detected or prevented by the control structure will also not be detected by the auditor. The probability that the audit procedures will fail to detect material misstatements Auditors set an acceptable level of detection risk that influences the level of substantive test that they perform. AuditRiskFormula AUDIT RISK MODEL: AR = IR * CR * DR Example IR=40%, CR=60%, AR=5% (fixed) .05 = .4 * .6 * DR DR = .05/.24 DR = .20 WhatisanITAudit? …most accounting transactions to be in electronic form without any paper documentation because electronic storage is more efficient. … These technologies greatly change the nature of audits, which have so long relied on paper documents. TheITEnvironment There has always been a need for an effective internal control system. The design and oversight of that system has typically been the responsibility of accountants. The I.T. Environment complicates the paper systems of the past. Concentration of data Expanded access and linkages Increase in malicious activities in systems vs. paper Opportunity that can cause management fraud (i.e., override) TheITEnvironment Audit planning Tests of controls Substantive tests CAATTs InternalControlSystem • Comprisespolicies,practices,andprocedurestoachievefourbroadobjectives: – Tosafeguardassetsofthefirm – Toensuretheaccuracyandreliabilityofaccountingrecordsandinformation – Topromoteefficiencyinthefirm’soperations – Tomeasurecompliancewithmanagement’sprescribedpoliciesandprocedures. Modifying Principles 1. Management responsibility 2. Methods of data processing  Objectives same regardless of DP method  Specific controls vary with different technologies 3. Limitations 4. Reasonable assurance  No control system is perfect  Benefits => costs Modifying Principles Limitations:  Possibility of error  Possibility of circumvention  Management override  Changing conditions ExposuresandRisk Exposure: absence or weakness of a control Risks: potential threat to compromise use or value of organizational assets Types of risk Destruction of assets Theft of assets Corruption of information or the I.S. Disruption of the I.S. ThePDCModel Preventive controls Detective controls Corrective controls Which is most cost effective? Which one tends to be proactive measures? Can you give an example of each? COSOInternalControlFramework • COSO (Treadway Commission) The control environment Risk assessment Information & communication Monitoring Control activities TheControlEnvironment Describe how each one could adversely affect internal control. The integrity and ethical values Structure of the organization Participation of audit committee Management’s philosophy and style Procedures for delegating TheElementsoftheControlEnvironment Integrity and ethical values of management Structure of the organization Participation of the organization’s board of directors and the audit committee Management’s philosophy and operating style Procedures for delegating responsibility and authority Management’s methods for assessing performance External influences Organization’s policies and practices for managing human resources TechniquesUsedtoUnderstandtheControlEnvironment Describe possible activity or tool for each. Assess the integrity of organization’s management Conditions conducive to management fraud Understand client’s business and industry Determine if board and audit committee are actively involved Study organization structure RiskAssessment Changes in environment Changes in personnel Changes in I.S. New IT’s Significant or rapid growth New products or services (experience) Organizational restructuring Foreign markets New accounting principles ElementsofInformationandCommunication Initiate, identify, analyze, classify and record economic transactions and events. Identify and record all valid economic transactions Provide timely, detailed information Accurately measure financial values Accurately record transactions TechniquesUsedtoUnderstandInformationandCommunicationStructures Auditors obtain sufficient knowledge of I.S.’s to understand: Classes of transactions that are material Accounting records and accounts used Processing steps: initiation to inclusion in financial statements (illustrate) Financial reporting process (including disclosures) Monitoring By separate procedures (e.g., tests of controls) By ongoing activities (Embedded Audit Modules – EAMs and Continuous Online Auditing - COA)

View Less >>

Solution Preview

Executive Summary

The dependence of businesses and individuals technology has been seen a tremendous rise with the birth of newer and convenient technologies. With the increasing use of technology, the risk associated with it increases. This creates a pressing need of the mechanisms to prevent, detect and correct such potential risks and breaches. 
The IT security of the technology providers have to be robust in order to safeguard the systems against any breach. This report focuses on the cases in which the security of iCloud has been potentially breached and analyses the risks associated with iCloud. It further identifies the areas which need to undergo audit, use of which can help prevent and detect potential breaches. It also recommends mechanisms which can help mitigate iCloud security risks.

question Get solution


Orginal Price : $52.0

Pay Now

Upload Assignments

250 words


Get Your Assignment

Don’t delay more, place your order now. Quick assignment help will be offered to you.

Order Now




Based on 702 reviews See all reviews here

One of the Best Service

I trust LiveWebTutors for my assignments because of their ability to deliver the perfect assignments time and again. Only a few of my assignments required minor revisions. The rest assured it is the best assignment writing service in the market.


Great Service and on time

I felt so exhausted and burdened with the large number of assignments I had to write and desperately needed someone to help me with all the writing and there was LiveWebTutors company on the internet. They finished my assignments before the due date and also offered me a first-timer discount.


One of the Best Assignment Provider

I ordered my Mathematics and Marketing assignments from them last month. I received the content on the set date. Most importantly, the assignments were well-written and plagiarism free. I scored a top grade for the assignment written by them. They are a reliable company.


Very Helpful Customer Service

I was quite unsure about getting my assignment written online but after coming across, all my worries have vanished. The quality of the assignments written by their writers is just invincible. Their customer support is very polite and helpful. You should try their service at least once