Professional Documents
Culture Documents
Auditing in CIS Environment: From: Laiza Cristella J. Saray BSA - 3 (C - 2021-0495)
Auditing in CIS Environment: From: Laiza Cristella J. Saray BSA - 3 (C - 2021-0495)
CIS
Environment
Instructions: In this assignment, you will explore the auditing aspects related to systems
Part 1: Research
1.Define the role of auditing in a Computer Information Systems (CIS) environment. Explain
why auditing is essential for ensuring the integrity and security of information systems.
systematic examination of the controls, processes, and operations within an information system
to ensure compliance, accuracy, and security. The primary objective of auditing in this context is
provide recommendations for improvement. Auditing helps in verifying that the information
systems are operating as intended, data integrity is maintained, and security measures are
resources. Without auditing, there's a risk of undetected errors, security breaches, or compliance
failures, which can lead to significant financial losses, reputational damage, or legal
2. Identify and explain at least three key audit procedures that can be applied specifically to
Answer:
documents, coding standards, and testing protocols. This review helps in assessing
whether proper procedures are followed, requirements are adequately captured, and
b. Code Review - Auditors can conduct a detailed review of the source code to identify
potential vulnerabilities, coding errors, or deviations from coding standards. This process
involves analyzing the logic, structure, and security aspects of the code to ensure that it
implemented during systems development. This involves reviewing test plans, test cases,
Answer: Change management refers to the process of controlling and managing changes to
auditing, change management is crucial because any alterations to the system can impact its
integrity, security, and compliance. Auditors need to monitor program changes to ensure that
proper controls are in place to manage the entire change lifecycle, from initiation to
process for changes, evaluating the impact analysis conducted before implementing changes,
verifying that changes are tested adequately before deployment, and ensuring proper
documentation and tracking of changes for audit trail purposes. Failure to effectively manage
information systems. Therefore, auditors play a critical role in overseeing change management
processes to mitigate risks and maintain the integrity and security of information systems.
Part 2: Case Study Analysis
Read the following case study and answer the questions that follow:
Case Study:
Company ABC is a financial services firm that is undergoing a major software upgrade to
enhance its online banking platform. As part of the upgrade, several program changes are being
Questions:
As an auditor, what specific aspects of the software upgrade project would you focus on to
Answer:
a. Compliance
Ensure that the software upgrade adheres to regulatory requirements such as data
b. Security
c. Data Integrity
Assess the data migration processes to verify the accuracy and completeness of
transferred data, ensuring that no data loss or corruption occurs during the upgrade.
Validate the integrity of critical financial data and transaction records post-upgrade.
How would you verify that proper change management procedures are followed during the
Answer:
a. Documentation Review
Examine change request forms, change management policies, and procedures to ensure that
all changes are authorized, documented, and tracked throughout the upgrade process.
Verify that comprehensive impact assessments are conducted before implementing changes
to assess potential risks, dependencies, and implications on system functionality, security, and
performance.
c. Testing Validation
Review test plans and results to confirm that adequate testing is performed at various stages
of the upgrade, including unit testing, integration testing, and regression testing, to mitigate
Discuss the potential risks associated with program changes in the context of financial services,
Answer:
a. Data Breaches
Risk of unauthorized access or data breaches due to security vulnerabilities introduced during
the upgrade.
Mitigation: Implement robust security measures, conduct penetration testing, and deploy
b. System Downtime
Risk of service disruptions or downtime during the upgrade, impacting customer access to
Mitigation: Develop a comprehensive rollback plan, conduct the upgrade during off-peak
hours, and communicate with customers about scheduled maintenance windows to minimize
inconvenience.
c. Regulatory Non-Compliance
consequences.
Mitigation: Conduct regular compliance audits, stay updated with regulatory changes, and
involve legal counsel in reviewing software upgrades to ensure adherence to applicable laws
and regulations.
strategies, auditors can help ensure the successful execution of the software upgrade project
while maintaining compliance, security, and data integrity in the financial services
environment.