CS456 Information System Audit

Assignment – Mini IS Audit

[Total Marks 10]
Program: BS (CS/SE)
Session: SPRING 2022
Subject: CS456 Information System Audit

Assignment Aims: To provide students with an opportunity to be involved in some basic

information systems audit activities to understand and comprehend their skills
and analyze the importance of IS Audit.

Group / Individual: Group Based

Learning Outcomes: The students learn how to conduct an IS Audit and understand an IS Audit
related problem

Problem Statement: To perform a mini-IS Audit for a simple business application installed and
running at any local organization. The student will study, review, analyze and
document the results in a given format. One student group will choose one
organization and there will be no overlap between the student group’s reports.

Visit the website of ISACA (www.isaca.org) and learn about the Framework,
standards, and the role of an IS Auditor

Methodology:

1. As this would be difficult to get the real-time data of any organization, you may assume that the
organization you have selected (In case no organization is found, an Imaginary Organization may be
considered) is required for the IS Audit and the recommendations to protect its information assets.

2. Develop a customized Questionnaire form to help consolidate your thoughts and strategy regarding the
data to be collected. It will save time for you. This form can be sent before your visit so that they have
time to prepare as necessary (In the case of an imaginary organization, you request your friends to
provide dummy information).

3. Have a face-to-face interview with the main designer/users of the application. Pay attention to the
application’s process flow.

4. Review the documents (paper forms, computer screens, input data checks, control summaries, edit
lists, output reports, etc.) used by the various users and the outputs produced by the application.

5. Give particular attention to the checks and controls, both computer and manual, being exercised for
each sub-process. Record data collected in a rough shape, and then reconfirm your understanding with
the interviewee as necessary. Please note that 2-4 meetings will be necessary to achieve your
objective.

6. Document the information collected in chapter 1 of your report in the format shown overleaf.
7. Critically analyze and comment on each area of the application from an IS Auditor’s point of view.
Although this is not normally part of an IS Audit, please recommend the possible actions that can be
taken for each one of your Audit Comments. This is chapter 2 of your report.

Required:

The student will undertake material research and visit the selected/assigned organization well in advance of
the assignment submission date. The student will interview the concerned designer and users and collect
the necessary data with permission. The student will submit a Report containing the following sections.

S. No. Chapter / Content Assessment Pages Marks %

Criteria

1. Executive Summary (Self Explanatory) Depth of knowledge; 1-2 -

clear, concise
The strategy was followed to collect the expression
information. A questionnaire was used to
collect data. Issues that were
encountered and how resolved, etc.

2. The Present Status of the application Depth of knowledge; 5-7 40

being studied. Paper forms, computer clear, concise
screens, input data checks, control expression;
summaries, edit lists, output reports, etc. Diagrams, tables,
being used, and the outputs being flowcharts are made;
produced by the application. Computer pertinent information
and other Checks and controls are being about the application.
exercised at each step.

3. Auditor’s Comments on each of the Analysis of the 2-4 40

process areas. Recommended Actions for present status,
improving each of the areas Commented general and specific
upon. area Comments.
Proposed
alternatives,
Justification for
recommendations
being made, and
Advantages of the
recommended
approach.

4. Appendices / Overall Report Presentation/Quality/ 20

Layout/Clarity
Samples of some of the forms used, Staying within Page Includes
some of the outputs, etc. S.No.1
Relevance
1. Hand Out Date
Monday, May 02, 2022. (Week 7)

2. Hand In Date5
Friday, June 10, 2022. (Week 12)

Reference Material:
You can use the resources provided to you by your instructor plus you may
search on the Internet and make references to the material, but never copied
the same, plagiarized assignment will be marked zero.

Assignment Arrangements:
The assignment should be submitted via your MS Team Account. (One group
can only submit the one copy and mentioned the names with roll numbers of
other group members.
An oral presentation may be required from students on their solution

Penalties: The following are the penalties for late submission:

 If it is submitted during the next five working days, it will be marked as normal
but the recorded grade will then be restricted to a maximum of a bare pass.

 Work submitted any later than this will receive a mark of zero.
Plagiarism
 Very severe penalties will apply if you copy or otherwise reuse the work of
others.