Prepared by Anthony Wilson for ACCG358 Semester 1, 2019 1 ACCG358 INFORMATION SYSTEMS AUDIT AND ASSURANCE Department of Accounting and Corporate Governance IS Audit Report Important note: • This is an...

Prepared by Anthony Wilson for ACCG358 Semester 1, 2019


1
ACCG358
INFORMATION SYSTEMS AUDIT AND ASSURANCE
Department of Accounting and Corporate Governance



IS Audit Report
Important note:
• This is an individual assignment. You must complete the task independently. If you submit a
eport that is similar to any of your classmate’s reports it will be considered academic
dishonesty.
• Refer to the Macquarie University Academic Honesty Procedure and associated documents.
• Please also refer to the submission instruction as per unit guide.

Estimated student workload: 30 hours

Task

Failures of, or
eakdowns in IS controls can sometimes be revealed in highly public and
emba
assing circumstances for the company or organisation concerned. Conduct a web search on
ecent (in the past 3 years) IS events to find an interesting case study, such as news articles in relation
to IS risks.

You will need to attach the original version of the case study or provide the URL link to the original
case in the appendix when you submit the assignment. Uniqueness of the case study should be
considered by students as it is more difficult to differentiate your work against many others using the
same case.

You are to assume that you are an IS external auditor, and as such, have prepared an IS audit plan and
eport to the management of your client (i.e. the company at the centre of the case study). Assume the
event in the case study has occu
ed and you are conducting an audit after the event to identify
weaknesses in the control environment and make appropriate recommendations.

The document must include the following:

1) Executive Summary
You will need to prepare an executive summary document (0.5-page maximum) suitable for
presentation to the board of directors of the affected organisation.

2) Background to the Case
Provide the background to the client’s business and computerised environment. This is to demonstrate
your understanding of the client’s business and IS environment.

3) IS Risks
Identify IS risks from the case study, including analysing the likelihood, level of risks and
implications to the business. This should include not only the risks that eventuated in the case study
ut any other risks you identify in the organisation’s IS environment.

4) Audit Plan, Objectives and Procedures
Prepare an audit plan outlining the areas that you propose to audit. In addition, you will need
to include audit objectives and audit procedures for each of the area(s) that you plan to audit.
Prepared by Anthony Wilson for ACCG358 Semester 1, 2019


2

5) Audit Questions and Documents
For each of the audit objectives, provide at least three examples of interview questions that you
will use to gather evidence from the client’s employees, including naming relevant documents that
you may want to obtain for the audit.

6) Control Recommendations
Provide recommendations of control mechanism(s) to mitigate each of the IS risks identified in part 3.
Identify the benefits of your recommendations to your client, and if there is significant expense
involved in implementing your recommendation, the justification for this expenditure.

Required

Write a report that addresses all of the above sections.

• Format requirements: “Times New Roman” size 12 with 1.5 line spacing, approximately
XXXXXXXXXXwords in total (not including references). You must include the total of words used
in your report. The report should have appropriate headings and subheadings (including the
Executive Summary for the Board and your recommendations).
• You must acknowledge the use of the work of others (e.g. the academic journal articles on
which your report is based) using the Harvard referencing style (see
http:
www.lib.mq.edu.au
esearch
eferencing.html). Any ideas or quotations must be
co
ectly cited in the body of your report and a reference list must be provided at the end of
your report.
• Once you have submitted your report, check the originality report in turn-it-in and ensure
similarity with other sources is referenced. You can resubmit your report until the due date.
• Please note that the originality report for a resubmission takes 24 hours to be produced. Please
ensure that you allow adequate time, if you are considering resubmission.
• Review the marking ru
ic on the following page so that you understand the expected
standards and how you will receive feedback.

Submission

• Students will need to upload their assignment to http:
ilearn.mq.edu.au (Turn-it-in) by
11:59 pm Friday 12th April (week 7). Otherwise your assignment will be considered late.
• Late assignments must also be submitted via Turn-it-in.

Penalties

• Late tasks will be accepted up to 72* hours after the submission deadline. There will be a
deduction of 20%* of the total available marks made from the total awarded mark for each
24-hour period or part thereof that the submission is late (for example, 25 hours late in
submission – a 40% penalty will apply).

* This penalty does not apply for cases in which an application for an extension has been
approved.


Prepared by Anthony Wilson for ACCG358 Semester 1, 2019


3
Marking Criteria
The following criteria are how IS audit report will be marked.

Not attempted
Fail Pass Credit Distinction High Distinction
1) Selection of
the case study
and risk
analysis (30%)
No attempt,
or
the answer
is copied or
substantially
copied from
materials or
other
sources.
Poor selection of
the case study.
Report indicates
poor or no
understanding of
the case study
and its
associated risks.
Average selection
of the case
study. Report
indicates some
understanding
of the case
study and its
associated
isks.
Good selection of
the case study.
Report indicates
good
understanding of
the case study
and its
associated risks.
Good selection of
the case study
showing several IS
issues.
Report indicates
high level of
understanding of
the case study
and
its associated
isks.
Unique case study
selection
epresenting
many IS issues.
Report indicates
in‐depth
understanding of
the case study
and
comprehensive
isk analysis.
2) Critical
analysis of the
case, quality of
audit plan and
ecommendation
to target
audience.
(50%)
No attempt,
or
the answer
is copied or
substantially
copied from
materials or
other
sources.
Report indicates
poor or no
understanding of
an audit plan and
inappropriate
ecommendation
to target
audience.
Report
indicates some
understanding
of an audit plan
and provides an
appropriate
ecommendation
to target
audience.
Report indicates
good
understanding of
an audit plan and
is able to provide
multiple
appropriate
ecommendations
to target
audience.
Report indicates
high level
understanding of
audit plan and
able to provide
many appropriate
ecommendations
to target
audience.
Report indicates
advanced
understanding of
audit plan and
able
to provide
appropriate
ecommendations
for all risks
identified to
target audience.
3) Structure of
the text
(10%)
No attempt,
or
the answer
is copied or
substantially
copied from
materials or
other
sources
Report does not
follow the
structure given
and information
is not generally
clearly organised
within each
section.
Report mostly
follows the
structure given
and
information is
generally
clearly
organised
within each
section.
Report follows
the structure
given and
information is
generally clearly
organised within
each section.
Report follows
the structure
given and
information in
each section is
organised in a
clear and logical
way.
Report follows the
structure given
and information
in each
section is
presented in a
clear logical way
that supports the
overall point
argument of
that section.
4) Professional
presentation
including
formatting,
spelling,
grammar,
eferencing
(10%)
No attempt,
or
the answer
is copied or
substantially
copied from
materials or
other
sources
Presentation is of
a very poor
standard, with
numerous
e
ors /
inconsistencies.
Presentation is
of a basic
standard, with
some
formatting,
spelling,
grammar,
eferencing
e
ors /
inconsistencies
Presentation is of
a good standard,
with infrequent
formatting,
spelling,
grammar,
eferencing
e
ors/
inconsistencies.
Presentation is of
a very good
standard,
with little or no
formatting,
spelling,
grammar,
eferencing
e
ors/
inconsistencies.
Presentation is of
a professional
standard, with
little or no
formatting,
spelling,
grammar,
eferencing
e
ors/
inconsistencies.