Auditing Issues and Implication

By: Tasha • Research Paper • 2,183 Words • May 12, 2010 • 1,037 Views

Page 1 of 9

Auditing Issues and Implication:

Engagement Risk: Since Pentagon is government organizations, normal business risk does not apply to this engagement. The engagement risk is mainly derived from the legal consequence of our audit approaches. For example, testing the individual application controls like back up, the most effective way is to pretend a real attack, and examine the reaction of that specific control. However, such pretended attack may cause serious legal issues due to the clientвЂ™s nature of organization.

Legal issues: also likely to arise when the engagement team is overwhelmed by confidential information they can access during the engagement. Keeping the clientвЂ™s information confidential should be the top priority for this engagement. Therefore the firm must pre-negotiate with the client to determine what security procedures the client expects the engagement team members to follow.

Staffing issue: Due the special nature of the client and itвЂ™s control systems are complicated more experienced and competent seniors are preferred. In addition, IT specialists are required to join the audit team to assist the team about IT environment.

Reporting issue: The format of the engagement report needs to be discussed and agreed with the client prior engagement. Since the client is government organization, the reporting format should follow audit standards for government. And the distribution of the reported needs special attention to ensure confidentiality is protected.

General Control: General control issues as discussed above are moderately pervasive. The auditing on general control should be emphasized on assessing controls over data network and access security. This is especially important because the organization unusual non-email communication internally, which may easily cause errors.

We must also examine organizationвЂ™s current policies regarding system review and system changes, and find out if properly procedures are followed, for example, proper authorization, cost/benefit analysis is conducted or not.

Auditing strategy

The following strategies are suggested for this engagement:

вЂў Maybe able to rely on the general control

вЂў Work closely with the organizationвЂ™s internal control team and use observation, enquiry, and reviewing documentations to access control weaknesses

вЂў Ensuring any system changes or system reviews are conducted properly

вЂў CAAT can be used for certain application controls. For example, to audit system damage review control, CAAT can help auditors know if the system still functions well

1. Audit risk should be set as low for a number of reasons. For one, the internal controls are weak and inadequate. The Pentagon does not have appropriate IS access controls and as such is susceptible to attack. Inherent risk is high for all assertions as the system is susceptible to attack by a number of parties (i.e. terrorists, nation-states, recreational hackers). Control risk is also high as the control environment is adequate at best and a number of control activities need to be implemented.

2. The auditor should perform a detailed fraud-risk analysis for this audit. Given the number of attacks in the past and the continued security threat that the Pentagon faces, the auditor needs to be mindful of fraud and asses the control environment and all other factors to ensure that the probability of material misstatement as a result of fraud is minimized. The Pentagon is especially vulnerable to misappropriation of assets.

3. The auditor should use a combined approach during the audit. A substantive approach, although applicable for non-computer activities, cannot be used to evaluate the computer and accounting system. Auditing вЂњthroughвЂќ the computer is required as the system in place is a large part of the control environment and needs to be evaluated to asses inter control and determine the extent of substantive tests.

4. Audit trails may be difficult to find or use as a result of inadequate control design procedures and the inherent sensitivity of government data. As a result, CAATS may be required extensively throughout the audit to match source to destination or vice versa. As CAATS can test large volumes of information with good accuracy and speed, it is most likely the most economical option.

The staff should be well trained and keep mind the sensitive nature of the information that is provided to them. They have to ensure that it is kept confidential, as a breach would be detrimental. Employee screening is very crucial because the information

Continue for 8 more pages » • Join now to read essay Auditing Issues and Implication

Read full document Save

Download as (for upgraded members)

txt

pdf

docx

Essay Preview: Auditing Issues and Implication

prev next

Report this essay

Related Essays

Controversial Issues: Justifying the Persian Gulf War

Controversial Issues: Justifying the Persian Gulf War On January 16, 1991 the Gulf War had officially started, and for good reason. In August of 1990,

376 Words | 2 Pages
The Issue of Slavery

The issue of slavery has been touched upon often in the course of history. The institution of slavery was addressed by French intellectuals during the

594 Words | 3 Pages
Human Resourse Management Issues in U.K

INTERNATIONAL HUMAN RESOURCE MANAGEMENT ASSIGNMENT (PROFESSOR CLIFF LOCKYER) Group No. 7 Kwesi Gift Anderson Rajendra Kumar Sahil Kumar Jain Hitesh Ahuja Introduction: In the 1980’s

2,370 Words | 10 Pages
Issuing Audit Reports Simulation

Issuing Audit Reports Simulation Stakeholders in companies rely on the auditors for confirmation that financial information is accurate. The auditor’s opinions and observations are presented

437 Words | 2 Pages