Fundamental of Auditing and Risk Assessment

Risk-Based IS Audit for Service Centers

PART 1 Fundamental of Auditing and Risk Assessment Suppose your team has been asked to conduct an information system (IS) audit one of the following services provided by most organization: Point of Sale (POS), Automatic Teller Machine (ATM), Vending Machine, Printing Management System (PMS), and Moodle. Your main sources of information include the internet, students and staffs who work in that service, or your course lecturer (Havea Fonua). No team chooses the same service, so you need to inform the lecturer to get the priority reservation. Perform a short research on the concept of risk-based information system audit and demonstrate how would your team apply it in the service you chose. Construct an activity diagram to represent a specific process in the service center. Describe two controls that should be implemented in the departmental process.     PART 2 Network & Software Services Audit Suppose AIS employed your team to perform an information system audit on the computer network and software applications services used in the organization. Your team should focus on one of the following from the list below: No team chooses the same item in each of the two groups, so you must inform the lecturer early to get the priority reservation. (Windows 10 & MS Access), (Windows Server 2012 & MS SQL Server), (Windows Server 2016 & SQL Lite), (Windows Server 2019 & Oracle), (Cent OS 6/7 & MySQL) Perform a short research on the selected operating about the group policy and audit features that would help to enforcing controls in the corresponding database system use over the network system. Show how the group policy and audit features are configured to control a specific process in the organization. You must use Hype-V or related tools to do this demonstration activity PART 3 IT Auditing Tool & Governance Framework Suppose AIS gives your team a project to investigate and evaluate one of these IT Auditing Tools (that is, international standards, frameworks of good practices): control objectives for information technologies 5 - COBIT5, information technology infrastructure library - ITIL, international organization for standardization 27000 - ISO27000, Committee of Sponsoring Organizations of the Treadway Commission - COSO: Internal Controls Standards and enterprise risk management framework - ERM Framework. No team chooses the same tool, so you must inform the lecturer early to get the priority reservation. Perform a short research on the selected tool and briefly describe how could it possibly apply to the best fit on the context of AIS business. Identify a specific business area and demonstrate the usage of the selected standard to improve the business efficiency especially the auditing activity.PART 4 Oral Presentation Your team requires to give an oral presentation for at most 10 minutes. Each member of the team requires to contribute equally in the presentation as this is group presentation but will be assessed individually. The main aim of your presentation is to present part 3 of your assignment including your (individual) reflection when conducting this assignment. The assessment criteria can be found in Appendix B.