Question: Subject: Security Policy & Procedures As the IT audit senior of the engagement, you are presenting to the IT manager and partner (as part of
Subject: Security Policy & Procedures
- As the IT audit senior of the engagement, you are presenting to the IT manager and partner (as part of the planning meeting) the results of the risk assessment performed in Exhibit 3.3. Based on such results (look at Exhibit 3.3, under the "Risk Rating" and "Action Priority" columns), it seems clear that the audit should focus on Financial Application #2 (FA2). Nevertheless, the IT manager and partner, based on previous relevant experience, believe that the audit should be performed on Financial Application #1 (FA1). The planning meeting is over, and you still feel doubtful on the decision just made. Your task: Answer the questions below showing why the audit should focus on FA#2. In other words, think of additional information not necessarily documented in the risk assessment shown in Exhibit 3.3 related to:
- Any additional vulnerabilities or weaknesses that may currently be in place affecting FA2
- Any additional threat-sources that can trigger the vulnerabilities or weaknesses you just identified for FA2
- Any additional risks or situations involving exposure to loss for the financial information in FA2
- Any additional controls or procedures that should be implemented to mitigate the risks just identified
Step by Step Solution
There are 3 Steps involved in it
1 Expert Approved Answer
Step: 1 Unlock
Question Has Been Solved by an Expert!
Get step-by-step solutions from verified subject matter experts
Step: 2 Unlock
Step: 3 Unlock
Study Help