Hi expert,

Please help asap! (4 questions below)

1. Explain the key principle/focus for each type of audit in the table below.

Type of Audit	Explanation
Internal audit
External audit
Compliance audit
Performance audit

2. There are several pieces of legislation that are used in the financial services industry.

In the table below, summarise the key requirements of each identified legislation that refers to financial transactions and reporting requirements.

To com-plete this question, you will need to conduct your own research. We suggest using the following websites:

Federal Register of Legislation: Corporations Act 2001

Austlii

Legislation	Key requirements relating to financial transactions and reporting
Corporations Act section 286

3. Secure Transfer Pty Ltd is a leading payment processing company based in Sydney, Australia. The company specialises in online payment solutions and facilitates transactions for numerous clients, ranging from small businesses to large enterprises.

With the increasing sophistication of cyber threats, there is a growing concern about the security of payment card data processed by the company. As such, Secure Transfer is looking to implement Payment Card Industry Data Security Standard (PCI DSS) compliance as part of its cybersecurity strategy to protect its clients' payment card data.

You work in Secure Transfer's internal audit department and have been asked by senior management to advise on implementing PCI DSS. The PCI Security Standards Council and General Data Protection Regulations are considered authoritative sources for cyber security and privacy industry standards.

Use these sources and answer the following questions:

As an Australian company, how should Secure Transfer use GDPR?

4. Cyber Security

You have now met with Sam, Secure Transfer's Chief Risk Officer, to discuss the approach to implementing an incident response procedure. This key internal control manages cyber security and responds to incidents impacting the safe handling of payments and data.

Sam has asked you to go ahead and implement the incident response procedure you discussed in your meeting. Sam provides the following information to assist you.

It has been decided that the incident response plan:

• Will be updated by senior management at the beginning of each financial year
• Must outline the steps to be taken in the event of the security incident at all stages including identification, containment, eradication, recovery and post-incident review.
• Must clearly outline the roles and responsibilities of each team member
• Will be emailed to all staff once updated.

Further, management will set up a dedicated incident response team. In addition, a communication plan will be developed by management outlining how information is shared both internally and externally during a security incident. The communication plan will outline the reporting requirements for specific incidents, including mandatory breach notifications.

Using the above information, develop an internal control procedure for incident response.

The procedure should:

• Incorporate the information provided by Sam above
• Include a relevant title
• State the purpose of the procedure - that is, what it aims to achieve, maintain or prevent
• Include all steps of the procedure as provided by Sam
• Outline how the procedure will be reviewed and monitored to ensure compliance and effectiveness
• State what training and awareness activities will be used to promote consistency in the use of the procedure.

Complete the template below to develop the internal control procedure.

Internal control procedure title
Purpose
Procedures (5 - 10 steps)
Record Retention
Monitoring Compliance
Training and Awareness