Report on Security and Control Risk Assessment of Bangalore –Hassan Toll Bridge 1

.Introduction:
ABC Toll company is conducting the business of Toll Bridge/Plaza between the cities Bangalore and
Hassan. The Toll Bridge contains 8 toll centers which are completely automated. The Bridge operates on a
24X7 basis. As the operations are fully automated and being 24X7 working, Information Technology
availability plays a crucial role in achieving the objectives of ABC Toll company. Toll charges are collected
on the basis of classification of vehicle. We are being approached by the Chairman of ABC Toll company.
Our Firm Jet fast LLP is a Vijayawada based Limited liability partnership established in the year 1980.
Since then we are conducting audits and assurance services for a variety of clients. Our Managing partner
Mr. Jet Pilot was the first Indian Chartered Accountant to qualify DISA and CISA in the year 1974. We are
excelled in conducting Information Systems Audit. Apart from CA’s, our firm have employed reputed
Software and Hardware engineers, who are expertised in the field of Systems Development Life Cycle, ERP
Implementation, Software Testing, COBIT implementation, COSO Implementation and hands on
experience on all the best practices available across the globe. Facts of the Case:2. Auditee’s Environment:
•The company is maintaining its IT Environment on Mini Computer with Microsoft Server 2008 as
Operating System and an Oracle as Database. •The Toll Bridge Application software in developed by an
external vendor in Oracle using Client Server Architecture. •The Main Server is connected to a Standby
Server which has Disk Mirroring facility. •The Toll booths have electric supply through an UPS with a
battery backup of 2 hours and a generator to provide power to servers and computers. •The total number of
PC workstations are 12, all of them are running on Windows operating system. Off the 12 workstations, 8
are being installed at all the 8 toll centers and remaining 4 workstations kept as standby and are installed 2
each at East and West toll plaza. •Smoke Detectors, Fire extinguishers are installed at Toll plazas and Toll
booths.
A. Details of Case Study/Project (Problem)Information System (IS) is an asset for an organization when
it is well managed, since it will provide advantages to compete and increase a successful chance of
business. In order to manage this, IS should be controlled because controlling provides an adequate
assurance to management that IS has been running according to organizational plan and objective. Any
controlled process requires a measurement to indicate IS performance in achieving the goals of control
and facilitates management to make performance improvement of IS. IS auditing is a form of IS
measurement. One of IS auditing standards that combines views of business and Information
Technology (IT) within its framework is COBIT (Control Objectives for Information and Related
Technology). COBIT contains general control standards that can be accepted and implemented
internationally.The given case study sets an example to the above. ABC Toll Company, a Government
Body is set up since XXXX. The company manages the Bangalore-Hassan Toll Bridge. The company
has a full fledge IT environment. The company conducts regular financial audits, information systems
audits and performance audits for ascertaining the extent of legality, adequacy of financial prudency
and management of financial operations. The objectives include reviewing of efficiency, effectiveness
and economy in planning, directing, execution, controlling and monitoring of operations. ABC Toll
Company has a strong commitment in the use of technology and uses the high end software to maintain
its database