Question

Case-IT Auditing

Once a user enters a request, the internal workflows based on the information downloaded from CBHR will be used to route the request to the user’s manager. Privileged access requests are also routed to the CIO for a secondary approval. The requestor’s manager will receive an email notification of a new access request to approve and will then approve the request using ABCR. Once approved the request is routed to the ABC’s IT helpdesk who processes the request. Upon completion an email notification through ABCR occurs notifying the user that their request was completed. The Company’s IT helpdesk is short staffed so it may take a few days for completion of an access request upon initiation of the request. However, the accuracy of completion is 97% regardless of time to complete.

Question: What are the Controls and what are the GAPS

Answer 1

Controls:-

Internal control is a process, effected by an entity’s board of directors, management, or other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.” The main goal of having internal controls is to set up key points in a process, which allows companies to track progress and sustainability of performance.

When performing an audit, auditors will look to see that they can gain assurance over a process by focusing on four main types of internal controls. These types of controls consist of the following:

• Manual Controls
• IT Dependent Manual Controls
• Application Controls
• IT General Controls

The four types of internal controls mentioned above are key as they are pervasive (or at least should be) in the processes that support the systems and services provided by service organizations to their user organizations (i.e., clients and customers).

GAPS :-

A gap analysis is a method of assessing the differences in performance between a business' information systems or software applications to determine whether business requirements are being met and, if not, what steps should be taken to ensure they are met successfully. Gap refers to the space between "where we are" (the present state) and "where we want to be" (the target state). A gap analysis may also be referred to as a needs analysis, needs assessment or need-gap analysis.

In information technology, gap analysis reports are often used by project managers and process improvement teams. Small businesses, in particular, can also benefit from performing gap analyses when they're in the process of figuring out how to allocate resources. In software development, gap analysis tools can document which services and/or functions have been accidentally left out, which have been deliberately eliminated, and which still need to be developed. In compliance, a gap analysis can compare what is required by certain regulations to what is currently being done to abide by them.

There are Four Step of GAPS :-

• Analyze your current state
• Identify the ideal future state
• Find the gap and evaluate solutions
• Create and implement a plan to bridge the gap