Question

Case- IT Auditing

The SSO Server is a single purpose server solely designed for SSO and resides in the internal network. Using a batch process, the vendor provides quarterly updates which are downloaded directly to the server and automatically installed by the server’s single purpose operating system. Access to the SSO application is restricted to the security administration staff. The vendor maintains an active account on the server in the event maintenance is required. The vendor accesses the system periodically to review status and log activity to determine the server’s capacity and to proactively look for concerns prior to problems arising. A replication copy of the SSO Server exists as a backup and automatically assumes primary role if the main server stops functioning.

Question: What are the Controls and what are the GAPS

Answer 1

The gap analysis is focused on what is missing in the processes compared to a set of requirements while an internal audit is centered on verifying that the process conforms to the requirements .

A control gap occurs when a control does not exist,Control gaps can relate to the design effectiveness of operating effectiveness of the control.

Process gap means an error in one of the steps but the process can still produce some of the planned output.

Internal control by auditing, is a process for assuring of an organization's objectives in operational effectiveness and efficiency, regulations and policies.

Audit Test of controls is a type of audit examination on the internal control of an entity.Quality of financial statements is significantly depending the control over financial reporting.

Internal controls are procedures implemented by a company to ensure the integrity of financial and accounting information, prevent fraud.