MIS 303: IS AUDIT AND MANAGEMENT

SECTION: C
GROUP ASSIGNMENT
(Audit Engagement Plan for PTCL)

Submitted to: Sir Muhammad Asghar Khan

Date of Submission: 17TH April 2019
Submitted by:
Saman Sohail
Mariam Fatima Burhan (24727)
Sumran Rani
Madiha Amjad

Page 1 of 7
TABLE OF CONTENTS Page No.

1. Organization’s Introduction…………………………………………………..3
2. Group Responsibility Matrix…………………………………………………4
3. Risk Assessment
 Audit Planning Table…………………………………………………5
 Identification of Inherent, Control and Detection Risk………………6
 Audit Engagement Risk Analysis…………………………………….7
4. Audit Engagement Plan
 Objective………………………………………………………………8
 Scope…………………………………………………………………..8
 Constraint……………………………………………………………...9
 Compliance and Criteria………………………………………………11
 Approach……………………………………………………………...11
References…………………………………………………………….12

Page 2 of 7
 1. Introduction of PTCL
From the commencement of the Posts and Telegraphs Department in 1949 and formation of Pakistan
Telephone and Telegraph Department in 1962, PTCL has been a major player in telecommunication in
Pakistan. Pakistan Telecommunication Corporation took over operations and functions from Pakistan
Telephone and Telegraph Department under Pakistan Telecommunication Corporation Act 1991. Later the
Government in 1991 announced its plans to privatize PTCL.
Pakistan Telecommunication Company limited also known as PTCL, provides telephone and internet
services nationwide and is the backbone for the country’s telecommunication infrastructure despite the
arrival of other telecommunication corporations such as Telenor GSM and China Mobile. The corporation
operates around 2000 telephone exhanges around the country. It is listed on Pakistan Stock Exchange.

PTCL has following subsidiaries:

 Ufone
 PTCL Smart TV
 U Microfinance Bank Limited
 Maskatiya Communications (Pvt) Limited
 DVCOM Data Private Limited
 Smart Sky (Private) Limited
 Paknet Ltd
 Telephone Industries Of Pakistan

PTCL have well trained staff with proper knowledge of how to solve the problems of their customers and
provides 24/7 assistance to them.

PTCL aims to be the partner of choice for its customers, to develop their people and to deliver value to
their shareholders. Their core values are:

 Professional Integrity
 Teamwork
 Customer Satisfaction
 Loyalty to Company

In order to manage risks, the Board has setup an effective Audit Committee comprising of five members
out of which four members including Chairman of Committee are non-Executive Directors. The meetings
of Audit Committee were held at least once every quarter prior to approval of interim and final results of
the company and as required by the Code. The terms of reference of committee of committee formulated
by the board have been communicated to Committee for compliance.
The statutory auditors of the company have confirmed that they have been given a satisfactory rating under
the high quality control review program of Institute of Chartered Accountants of Pakistan (ICAP).

Page 3 of 7
 2. GROUP RESPONSIBILITY MATRIX
Mariam Madiha Saman Sumran

Introduction Responsible

Group Matrix Responsible

Risk Assessment Responsible

Risk identification Responsible

Risk analysis Responsible

Objectives References

Constraints and Responsible

compliances

Approach Responsible

References Responsible Responsible Responsible Responsible

Scope Responsible

Page 4 of 7
 a. AUDIT PLANNING TABLE

AUDIT AREA TIME FRAME RESAPONSIBILITY

Physical and logical security 3M Internal Audit

Types of devices 4M External Audit

Job description of people to 4M Internal Audit

know their access

Backup and Storage 3M External Audit

Page 5 of 7
 b. IDENTIFICATION OF INHERENT, CONTROL
AND DETECTION RISKS

TYPE OF RISKS DETAILS

INHERENT RISK 1. Natural disasters.

2. Sniffers trying to hack into the
system.
3. Limited budget.
4. Time needed to understand
changes in technology.
5. Going-concern risk.

CONTROL RISK 1. Ignoring new imperatives in

privacy and security.
2. Failure to adopt new roots to
innovation.
3. Short circuit (poor equipment).
4. Network failure and no backup.
5. Lack of performance measurement
in drive execution.
6. Following the policies and
regulations.
7. Denial of Service (DOS) attack.

DECTECTION RISK 1. No proper tools for performing the

audit.
2. No cooperation from the company
and internal auditors.
3. Qualification of employees is not
checked or fake.

Page 6 of 7
REFRENCES:

https://ptcl.com.pk/uploads/Annual%20Report%202016.pdf

https://www.google.com/search?rlz=1C1CHBD_enPK771PK771&ei=Y9mxXOq7A4mYlwSWp7aY
Bg&q=ptcl+subsidiaries&oq=ptcl+subsi&gs_l=psy-
ab.1.0.0.395328.398507..399375...0.0..0.206.1786.0j8j2....2..0....1..gws-
wiz.......0i71j35i39j0i10i67j0i131j0i67j0i20i263j0i22i30j0i22i10i30.Nx_yMOGj7s4

https://en.wikipedia.org/wiki/Ptcl

Page 7 of 7