Presentation is loading. Please wait.

Presentation is loading. Please wait.

Technology Audit Plan ----BCSY University

Published byMildred Ellis Modified over 6 years ago

Similar presentations

Presentation on theme: "Technology Audit Plan ----BCSY University"— Presentation transcript:

1 Technology Audit Plan ----BCSY University
Class: MIS-5201 Team Member: Marsha Billups Qiyu Chen Ping Sun Qianru Yang

2 Agenda Technology background overview Scope of your audit
Risk assessment IT Audit team members’ roles and responsibilities in this audit Key dates and deliverable Breakdown of audit hours for planning, testing, reporting phases

3 Background BCSY University is a private university located in Downtown Boston. There is a Intensive English Language Program (IELP) department in BCSY university attracts students from all over the world to the historic city of Boston, a cultural, artistic and culinary center. IELP department’s enterprise application has vulnerability on change management, and data protection which may impact user authentication, confidentiality, integrity, availability.

4 Audit Scope IT Asset Management Data Protection Problem Management

5 Risk Assessment - Major changes
Risks: USB devices risk Dependent financial office risk Dumpster diving risk Changes: Using uniform USB drives that were given by department Building independent financial office Using paper shredders for all hard copy documents

6 Risk Assessment - Main Risks
Operation Risk: Weak account and password access control Cross Training Risk: Weak separate duties control High Authority Risk: Weak authority division Significant Project Risk: System using in uncontrolled place and environment Paper Documents Holding Risk: Weak physical control for hard copy documents.

7 Risk Assessment - Impact/Likelihood
Risk Category Impact Likelihood Overall Operation Risk High Cross Training Risk Moderate Low High Authority Risk Significant Project Risk Paper Documents Holding Risk

8 Audit Team Members The Boss, Audit Manager
Marsha Billups.IT Audit Lead Qiyu Chen, Sr. IT Auditor Ping Sung, IT Auditor Qianru Yang - IT Auditor

9 IT Audit Manager Roles & Responsibilities
Accountable for Audit Onsite for Kick-Off Meeting, Key Walk-Throughs & Audit close-out Ensures Audit process standardization across platforms Identifies & resolves Audit issues Communicates with Sr. Leadership Reviews all Audit documents Authors Executive Audit Summary and Audit Report

10 IT Lead Auditor Roles & Responsibilities
Plans Audit & Authors Scope letter with Management review Helps ensure Audit process standardization across platforms Leads all aspects of the audit, risk assessment, controls analysis & review process including planning, control analysis, testing, reporting, and making/writing recommendations Manages Audit teams day-to-day activities Communicates with Leadership Prepares, reviews & compiles all Audit work papers Drafts/Compiles comprehensive Audit Report for Manager

11 Sr. IT Auditor Roles & Responsibilities
Owns, designs, plans & executes Audit plan for assigned Audit area(s) Communicates with assigned Audit Area owner(s) Performs review of IT policies, standards & procedures Recommends corrective actions to improve controls, enhance operations & increase efficiency Performs independent testing and prepares/consolidated workpapers Identifies, develops, documents & helps resolve audit issues Assists in the preparation of the draft Audit Report Reviews work of supporting IT Auditor

12 IT Auditor Roles & Responsibilities
Supports Sr. It Auditor in planning & execution of Audit of assigned area Works with the Audit Area to secure requested data in an easily accessible, organized manner Performs independent testing & prepares associated work papers Reviews IT policies, standards & procedures Recommends corrective actions to improve controls, enhance operations & increase efficiency Identifies, develops, documents & helps resolve audit issues Assists in the preparation of the draft Audit Report

13 Breakdown of audit hours for planning, testing, reporting phases

14 Key Dates & Deliverables

15 Questions? Thank you!!!

Download ppt "Technology Audit Plan ----BCSY University"

Similar presentations

MSCG Training for Project Officers and Consultants: Project Officer and Consultant Roles in Supporting Successful Onsite Technical Assistance Visits.

MSCG Training for Project Officers and Consultants: Project Officer and Consultant Roles in Supporting Successful Onsite Technical Assistance Visits.
Internal Audit Who? What? When? How? Why? In brief...

Internal Audit Who? What? When? How? Why? In brief...
1 LBNL Enterprise Computing (EC) January 2003 LBNL Enterprise Computing.

1 LBNL Enterprise Computing (EC) January 2003 LBNL Enterprise Computing.
Pertemuan 11-12 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Office of Inspector General (OIG) Internal Audit

Office of Inspector General (OIG) Internal Audit
Measuring the effectiveness of government IT systems Current ANAO initiatives to enhance IT Audit integration and support in delivering Audit outcomes.

Measuring the effectiveness of government IT systems Current ANAO initiatives to enhance IT Audit integration and support in delivering Audit outcomes.
Buffalo State College Internal Control Program Presented to: Buffalo State College Line Staff Delivered by: BSC IC Program & Department Managers.

Buffalo State College Internal Control Program Presented to: Buffalo State College Line Staff Delivered by: BSC IC Program & Department Managers.
Created May 2, 20081 Division of Public Health Managing Records What is a Record? What is a Records Retention & Disposition Schedule? Why is this Important?

Created May 2, Division of Public Health Managing Records What is a Record? What is a Records Retention & Disposition Schedule? Why is this Important?
Chicagoland IASA Spring Conference

Chicagoland IASA Spring Conference
Roles and Responsibilities

Roles and Responsibilities
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Agency Risk Management & Internal Control Standards (ARMICS)

Agency Risk Management & Internal Control Standards (ARMICS)
Advanced Program in Auditing and Accounting Regulation Module 12 Enhancing Statutory Audit Quality from a Financial Regulator’s Perspective Presenter:

Advanced Program in Auditing and Accounting Regulation Module 12 Enhancing Statutory Audit Quality from a Financial Regulator’s Perspective Presenter:
Project Kick-off Meeting Presented By: > > > > Office of the Chief Information Officer.

Project Kick-off Meeting Presented By: > > > > Office of the Chief Information Officer.
College Reviews An Overview Presented by Howard Lutwak, CIA Director of Internal Audit January 2004.

College Reviews An Overview Presented by Howard Lutwak, CIA Director of Internal Audit January 2004.
Enterprise Cybersecurity Strategy

Enterprise Cybersecurity Strategy
WESTERN PA CHAPTER OF THE AMERICAN PAYROLL ASSOCIATION – NOVEMBER 4, 2015 Risk Management for Payroll.

WESTERN PA CHAPTER OF THE AMERICAN PAYROLL ASSOCIATION – NOVEMBER 4, 2015 Risk Management for Payroll.
Internal Audit Section. Authorized in Section 20.055, Florida Statutes Section 20.055, Florida Statutes (F.S.), authorizes the Inspector General to review.

Internal Audit Section. Authorized in Section , Florida Statutes Section , Florida Statutes (F.S.), authorizes the Inspector General to review.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.

Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.

Similar presentations

Ads by Google