AUDCISE FINAL OUTPUT

I. AUDITING IT GENERAL CONTROLS

A. System Development Process Case: Audio Visual Corporation

Required:

As an IT Auditor, identify the problems/weaknesses in the development of the new

system and provide control recommendations to AVC. Use the format below:

System Development Problems/Weaknesses Audit Recommendations

Process
Project initiation 1. Extensive resources
are required.
2. Project costs can be
huge.
3. It takes enormous
time to develop a
system.
System Analysis & Design Formulation of end-users
requirements is a
complicated and tedious
task.
Construction This stage is where much
expertise is required so that
a great system can be
constructed.
Testing & Quality Integrating the full testing
Assurance and quality assurance system
is time-consuming and
hectic.
Implementation Moving data and
components from the old
system to a new one is a
hazardous task and creates a
colossal problem.
AVC needs to make a
balance between cost and
between cost and benefits
form the new system so
that the maximum
resources the entity can be
utilized with minimum
wastage.
Analyze the need of end
users so that the new
software can meet the
expectations.
In this stage of the system
development process,
where end-users determine
the specific business need
for the proposed system
company should keep these
things in determination.
The testing should be done
in that the end users can be
satisfied or accept the
proposed system.
The implementation should
be done in phase manner
so that it is acceptable to all
stakeholders.

B. Computer Operations and Access to Program & Data

Listed below are some scenarios. For each scenario, discuss the potential consequences
and give a prevention technique. Follow this format:

RISKS PREVENTIVE CONTROL

1. a. Damage of hardware system.  The organization should
 b. Lost of data due to hardware
damage.
c. Data loss and hardware
damage incur a lot of additional
overhead of maintenance and
repairing for the company.
2. a. Malware infection may lead to
serious security and integrity
concerns for the data and system
within the organization.
b. Illegal access of data is
possible for external hackers.
c. The virus will spread in
geometric proportion which
makes the data to be destroyed
or corrupted leading to system
crash and other related damages.
3. a. Unauthorized data access for
collecting sensitive information
from internal network of an
organization.
b. Illegal data leakage
c. Security threat to integrity of
system and data.
formulate strict policies for
banning food items in strategic
hardware locations.
 The smoke detector was highly
sensitive nod its alarm went off,
which triggered the sprinkler
system.
 There should be a warning alarm
from the sprinkler system before
it automatically goes in to ON
mode.
 In case the large fire, this warning
time is enough for activating fire
extinguishing system.
 Strong application level firewall
which protects the internal
system from portion of its own
and also from external network.
 Installing strong antivirus
software which can detect and
delete the presence of virus
attacks.
 Regular system monitoring for
illegal of unauthorized system
access through keystroke
monitoring and security scanning
software.
 Regularly scanning the entire
system for virus attacks.
 The organization should
immediately take actions to
suspend or delete the login
accounts of terminated
employees so that they don’t
have future access to the system.
 As the employees was having
access to critical data like cases
control list and user IDs, all the
passwords for accessing these
data must be changed with
immediate effect.
 Stronger methods of user
authentication techniques like
one-time password should be
installed for preventing illegal
external access to system.
 Conducting regular system audit
 trails for ensuring the data and
system integrity.

II. AUDITING IT APPLICATION CONTROLS

A. Brief Description of the Online System or Program

AliExpress is an e-commerce company that was founded in China in 2005 by Ma Dongrui

and Zhang Zhidong. The company's main focus is to sell products from other countries,
and it has over 20 million products listed on its website.

AliExpress is an online marketplace that connects consumers with sellers from around
the world. The app allows users to search for products and make purchases from these
sellers, which are arranged in categories based on their country of origin.

AliExpress offers an easy-to-use interface that allows users to search for and purchase
products from all over the world. Users can also use AliExpress to find local stores that
sell their products and then make purchases directly from these stores.

AliExpress has a large selection of products, with over 1 million unique offerings
available in each category. Users can filter by price range, brand, color, description, and
more. The application also enables users to save favorite products for easy access later.

B. Input/Edit Validation Controls Identified. Follow this format.

INPUT/ EDIT TESTING REMARKS/EVIDENCES

TECHNIQUES PROCEDURES
Range Check Allows user to
and Numeric- click/choose the
alphabetic specific color, shoe
check size and quantity.
The numeric-
alphabetic check is
used to prevent users
from entering data
incorrectly.
 Numeric- Numeric-alphabetic
alphabetic check is used to
check and prevent users from
Completeness entering non-
Check alphabetical
characters, such as
numbers or
punctuation marks,
into a field.

Completeness check
ensures that the user
has filled out all
required fields in the
form.
Existence The existence check is
Check used to verify that a
value is available
before it is checked.

It is an effective
control because it
prevents incorrect
data from being
entered, which can
lead to a lot of
problems in the
system.
Validity Check Validity is used to
ensure that the user's
data matches the
requirements of the
system. Also checks
whether an input is
filled in correctly,
while the other
checks whether an
entire form is filled in
correctly.