Question

In: Computer Science

Case-IT Auditing Once a user enters a request, the internal workflows based on the information downloaded...

Case-IT Auditing

Once a user enters a request, the internal workflows based on the information downloaded from CBHR will be used to route the request to the user’s manager. Privileged access requests are also routed to the CIO for a secondary approval. The requestor’s manager will receive an email notification of a new access request to approve and will then approve the request using ABCR. Once approved the request is routed to the ABC’s IT helpdesk who processes the request. Upon completion an email notification through ABCR occurs notifying the user that their request was completed. The Company’s IT helpdesk is short staffed so it may take a few days for completion of an access request upon initiation of the request. However, the accuracy of completion is 97% regardless of time to complete.

Question: What are the Controls and what are the GAPS

Solutions

Expert Solution

Controls:-

Internal control is a process, effected by an entity’s board of directors, management, or other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.” The main goal of having internal controls is to set up key points in a process, which allows companies to track progress and sustainability of performance.

When performing an audit, auditors will look to see that they can gain assurance over a process by focusing on four main types of internal controls. These types of controls consist of the following:

  • Manual Controls
  • IT Dependent Manual Controls
  • Application Controls
  • IT General Controls

The four types of internal controls mentioned above are key as they are pervasive (or at least should be) in the processes that support the systems and services provided by service organizations to their user organizations (i.e., clients and customers).

GAPS :-

A gap analysis is a method of assessing the differences in performance between a business' information systems or software applications to determine whether business requirements are being met and, if not, what steps should be taken to ensure they are met successfully. Gap refers to the space between "where we are" (the present state) and "where we want to be" (the target state). A gap analysis may also be referred to as a needs analysis, needs assessment or need-gap analysis.

In information technology, gap analysis reports are often used by project managers and process improvement teams. Small businesses, in particular, can also benefit from performing gap analyses when they're in the process of figuring out how to allocate resources. In software development, gap analysis tools can document which services and/or functions have been accidentally left out, which have been deliberately eliminated, and which still need to be developed. In compliance, a gap analysis can compare what is required by certain regulations to what is currently being done to abide by them.

There are Four Step of GAPS :-

  • Analyze your current state
  • Identify the ideal future state
  • Find the gap and evaluate solutions
  • Create and implement a plan to bridge the gap

Related Solutions

IT (Information Technology) Case ABC uses single sign on (SSO) therefore once the user logs into...
IT (Information Technology) Case ABC uses single sign on (SSO) therefore once the user logs into the network they will have access to all internal systems including ABCR. A user will launch ABCR from the Company’s internal web page and enter the access request. For accessing externally, the user must use an additional two-factor authentication login to access ABCR. Access internally is through the address http://ABC.ABCR.internal.com (or using the internal web home page) and externally through the address http://ABC.ABCR.external.com. What...
CASE 1 CHAPTER 1 Internal Auditing Assurance and Advisory Services Third Edition 1. How do internal...
CASE 1 CHAPTER 1 Internal Auditing Assurance and Advisory Services Third Edition 1. How do internal and external auditors differ and how should they relate? 2. How does internal audit maintain its independence and objectivity? 3. Is it mandatory to have an internal audit activity? 4. What are the critical skills and attributes of a CAE? 5. What are the skill sets and staffing needs of an internal audit activity? 6. What is internal audit’s role in preventing, detecting, and...
1. What is Internal Auditing base on the case provided? (5 pts) 2. 2. What is...
1. What is Internal Auditing base on the case provided? (5 pts) 2. 2. What is the Management Objective? Is the management objective clear? Explain your answer. (5 pts) 3. 3. Should the auditor accept or reject the engagement? Cite in the context the basis of your answer and relate it with the concept of our discussion (10 pts) 4. Give atleast 3 approaches/audit activities that the auditor should take for Tokyo on the assumption that the engagement was accepted?Explain...
Case-IT Auditing Code developers modify or create programs. The IT testing team performs all internal IT...
Case-IT Auditing Code developers modify or create programs. The IT testing team performs all internal IT testing; however, the business areas perform their own user acceptance testing. The IT Departments Middleware team is responsible for migrating all code to production (except for database triggers). The Middleware Team does not perform any code development activities. Although SQL database triggers are developed or modified by code developers, the migration for the triggers is performed by the Database Administrators from test databases to...
Auditing Question: Purchase and Payment System You are provided with the following information about the internal...
Auditing Question: Purchase and Payment System You are provided with the following information about the internal control system for materials acquisitions for the ABC Company Limited, a medium-sized company that builds special machinery to order. Material purchase acquisitions are first approved by the plant manager, who then sends them to the Purchasing Department. A prenumbered purchase order is prepared in three copies by one of several department staff. The department staff account for all purchase order numbers. The original copy...
This case is based entirely on hypothetical information –please use only the information in the case...
This case is based entirely on hypothetical information –please use only the information in the case and do not use any information about the products/brands through other sources. Ensure that you study Chapter 2 of the textbook for the BCG Growth Share Matrix and Diversification Analysis/Market Product strategies and Matrix. Please do internet based research to understand the concepts of Harvest, Invest, and Divest) The firm Johnson-Evinrude Inc (or JE, to keep it short) has been in existence for more...
Auditing What can be learned from using internal control questionnaires? How is the information used and...
Auditing What can be learned from using internal control questionnaires? How is the information used and can it reduce control risk?
Identify at least 2 internal users and 1 external user. Based on the demo and readings,...
Identify at least 2 internal users and 1 external user. Based on the demo and readings, briefly explain how their needs for health data are met. (10 points) How is the social history structured and formatted? What purpose does the social history serve in the overall patient care? Does the particular social history depicted in the video fully satisfy the intended purpose? (10 points) Identify at least 5 abbreviations that you saw in the video demonstration. What are the general...
based on this case study Campbell : Is the soup still simmering what is the internal...
based on this case study Campbell : Is the soup still simmering what is the internal and external environment ?
Based on the information given in the table, what is this project's internal rate of return?...
Based on the information given in the table, what is this project's internal rate of return? Time Cash-Flow 0 ($30) 1 $5 2 $7 3 $2 4 $6 5 $6 6 $12 WACC = 5.25% 6.35% 4.71% 6.30% 6.25% 5.25%
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT