Page | 1 Asia Pacific International College Pty Ltd. Trading as Asia Pacific International College...

Question

Page | 1
Asia Pacific International College Pty Ltd. Trading as Asia Pacific International College
55 Regent Street, Chippendale, Sydney 2008: XXXXXXXXXX
PRV12007; CRICOS 03048D
Approved: DATE & Version
IT Audit and Controls (SBM 4302)
Assessment 3: Report
Due date: Final date: Week 12
Group/individual: Group
Word count / Time provided: 1500
Weighting: 20%
Unit Learning Outcomes: ULO-1, ULO-2, ULO-3, ULO-4, ULO-5, ULO-6, ULO-7
Course Learning Outcomes: CLO-1, CLO-6, CLO-8, CLO-9
Graduate Attributes: GA8, GA9, GA11
Assessment Details:
This assessment is designed to assess students’ ability to apply theoretical learning to practical, real
world situations. In this assessment students are given a sample IT audit report and asked to comment
upon it. Students are expected to identify and discuss any i
egularities found in the report, for
example, securing and preserving evidence. They should discuss possible audit strategies used to
produce the report and what actions, recommendations, or sanctions might be included in the report
as a result of the identification of i
egularities. In completing this assessment successfully, you will be
able to learn how to analyse an IT audit report, learn relevant legislation, generally accepted auditing
standards and ISACA’s CORBIT framework, which will help in achieving ULO1, ULO-2, ULO-3, ULO-4,
ULO-5, ULO-6, and ULO-7.

Marking Criteria and Ru
ic: The assessment will be marked out of 100 and will be weighted 20%
of the total unit mark
Marking Criteria
Not satisfactory
(0-49%) of the
criterion mark)
Satisfactory
(50-64%) of the
criterion mark
Good
(65-74%) of the
criterion mark
Very Good
(75-84%) of the
criterion mark
Excellent
(85-100%) of the
criterion mark
Identify the
isks relevant to
planning and
conducting IT
audit and
control
activities
(30 marks)

Inadequate
understanding of
organizational
and managerial
isks relevant
to planning
and conducting
IT audit and
control activities.
Basic knowledge
of organizational
and managerial
isks relevant to
planning and
conducting IT
audit and
control activities.
Exhibits
eadth
and depth of
understanding
of organizational
and managerial
isks relevant to
planning and
conducting IT
audit and control
activities.
Exhibits accurate
and detailed
eadth and
depth of
understanding of
organizational
and managerial
isks relevant to
planning and
conducting IT
audit and control
activities.
Displays
exceptional
understanding of
concepts and their
practical
application
of organizational
and managerial
isks relevant to
planning and
conducting IT
audit and control
activities.
Page | 2
Asia Pacific International College Pty Ltd. Trading as Asia Pacific International College
55 Regent Street, Chippendale, Sydney 2008: XXXXXXXXXX
PRV12007; CRICOS 03048D
Approved: DATE & Version
Describe audit
methodologies
(30 marks)

Inadequate
understanding of
audit
methodologies,
cannot discuss
concepts in own
words.
Basic knowledge
of audit
methodologies,
limited depth of
asic concepts.
Exhibits
eadth
and depth of
understanding
of audit
methodologies.
Exhibits accurate
and detailed
eadth and
depth of
understanding of
audit
methodologies.
Displays
exceptional
understanding of
concepts and their
practical
application
of audit
methodologies.
Impact of IT Audit
controls on
usiness
operations
(20 marks)
Inadequate
understanding of
the basic IT
controls and their
impact on related
usiness
operations.
Basic knowledge
of IT audit
controls and their
elationships to
usiness risks.
Exhibits
eadth
and depth of
understanding
of IT audit
controls and their
impact on related
usiness
operations.
Exhibits accurate
and detailed
eadth and
depth of
understanding of
IT audit controls
and associated
usiness risks.
Displays
exceptional
understanding of
concepts and their
practical
application
of IT audit
controls and
impact on
usiness
operations.
Describe and
discuss the
professional,
legal, and ethical
esponsibilities of
an IT Auditor
(20 marks)

Inadequate
understanding of
the professional,
legal, and ethical
esponsibilities of
an IT Auditor;
cannot discuss
concepts in own
words.
Basic knowledge
of the
professional,
legal, and ethical
esponsibilities of
an IT Auditor.
Exhibits
eadth
and depth of
understanding
of the
professional,
legal, and ethical
esponsibilities of
an IT Auditor.
Exhibits accurate
and detailed
eadth and
depth of
understanding
professional,
legal, and ethical
esponsibilities of
an IT Auditor.
Displays
exceptional
understanding of
concepts and their
practical
application of the
professional,
legal, and ethical
esponsibilities of
an IT Auditor

assessment-3-details-nqouu1o0.pdf

Ankita · Accepted Answer

9
Western Australia Information System Audit Report
Findings of Irregularities
Name:
ID:
Module:
Introduction
Huge amount of confidential and sensitive information are stored by the agencies of the Western Australian Government. It is expected that the agencies would use good practices to efficiently and effectively manage the password security dimension of their management of the overall information system. Since 2004 the office of the Auditor General has been consistently emphasizing on effective implementation of password security policy by the agencies as vital segment of the overall information security system. The objective of the Information System Audit 2018 is to find out the irregularities on the part of the agencies as regards password complexity requirements.  
Irregularities
The audit revealed number of irregularities in regard to implementation of password security policy on the part of the management of the information systems of the agencies. The identified irregularities are mentioned below:
i) The password complexity requirements are not enforced: In the audit, review of the password and privileged accounts management and control system of 17 agencies revealed that password complexity requirements are configured in their Active Directory but were never enforced strictly. The enabled accounts were never compelled to renew their passwords and complexity requirement was only enforced when pass words were changed or new passwords created. Many existing accounts use very simple passwords (Office of the Auditor General, 2018). 
The report shows that 13% or 7633 government agencies of Western Australia do not comply with the password complexity policy. Many accounts are seen to be set to ‘no password change’ mode. The following table shows the percentage of enabled accounts complying with different password complexity requirements.
Table 1: Compliance with password complexity requirements of accounts
	 Uppercase
	Lowercase
	Digits
	Non-alphanumeric
	AD complexity
	Compliance
	88%
	98%
	96%
	13%
	87%
	Yes
	12%
	2%
	4%
	87%
	13%
	No
ii) Weak or commonly used passwords
The audit team audited 234,000 enabled accounts of 17 agencies. It is found that 26% of the accounts use weak or commonly used passwords. Weak or commonly used passwords strengthen cyber attacks by cyber criminals. It is worth noting that many of the commonly used passwords comply with the password length requirement of minimum 8 characters. This shows that length of passwords alone cannot prevent unauthorized access to the accounts. Audit revealed that 6,546 enabled accounts use weak passwords. Ten Agencies are identified in the audit which have in between them 20% to 56% of accounts that use weak passwords. These accounts include 400 privileged accounts which, due to their administrator access are more vulnerable to unauthorized access (Office of the Auditor General, 2018). The following table shows the highest percentage of accounts with weak passwords in 10 agencies.
Table 2:

Page | 1 Asia Pacific International College Pty Ltd. Trading as Asia Pacific International College 55 Regent Street, Chippendale, Sydney 2008: XXXXXXXXXX PRV12007; CRICOS 03048D Approved: DATE &...

Solution

Answer To This Question Is Available To Download

Related Questions & Answers

Submit New Assignment