unit 1 individual project for ITAS365
You work for a consulting company that performs audits of a company’s IT infrastructure. Your company has been contracted to audit the IT Infrastructure for LSS (LMJ-Star Services). You and your team were sent in to complete the audit.
You determine that this will be the first review that LSS has conducted or been subjected to. An audit procedure needs to be established.
- Explain to LSS management your teams responsibilities and functions.
- Describe the steps that need to be followed to establish auditing functions for LSS.
- Describe the audit areas that would be applicable to your contracted audit.
- Describe which information systems would be considered part of the scope for the audit.
Answer:
Dear LSS Management,
I would like to take this opportunity to explain to you the responsibilities and functions of our audit team. Our team has been contracted to perform an audit of your IT infrastructure and we are here to help you assess the effectiveness of your IT controls and ensure that your IT systems are secure, reliable, and operating efficiently.
Our team’s responsibilities include:
- Planning and preparing for the audit: This involves reviewing your IT systems, understanding your organization’s goals and objectives, and identifying the audit scope and objectives.
- Conducting a risk assessment: This involves identifying potential risks to your IT systems and data and determining the appropriate controls to mitigate these risks.
- Testing IT controls: This involves evaluating the effectiveness of the controls in place to protect your IT systems and data, including security controls, data backup and recovery procedures, and change management processes.
- Communicating the results: This involves presenting our findings to you and recommending any necessary improvements to your IT infrastructure.
In order to establish auditing functions for LSS, the following steps need to be followed:
- Determine the scope of the audit: This involves defining which areas of the IT infrastructure will be included in the audit and what specific objectives will be achieved.
- Develop an audit plan: This involves creating a detailed plan for conducting the audit, including the resources and time required, and the specific procedures to be followed.
- Gather and analyze data: This involves collecting information about the IT infrastructure and evaluating it against industry standards and best practices.
- Communicate the results: This involves presenting our findings to you and providing recommendations for improvement.
The audit areas that would be applicable to your contracted audit include:
- IT governance and management practices
- IT security, including network security, access controls, and data protection
- IT operations and service management, including disaster recovery and business continuity planning
- Application and data management, including database administration and application development and maintenance
Information systems that would be considered part of the scope for the audit include:
- Servers and network infrastructure
- Data storage and backup systems
- Enterprise resource planning (ERP) systems
- Customer relationship management (CRM) systems
- Web and e-commerce systems
Thank you for the opportunity to explain our responsibilities and functions, and the steps that need to be followed to establish auditing functions for LSS. If you have any questions or concerns, please don’t hesitate to contact us.
Sincerely, [Your Name]