Audit assignment: Analysis on Scope & Focus
Task: This assessment is designed to assess students’ ability to apply theoretical learning to practical, real world situations. In this assessment students are given an IT audit report conducted by the office of the Western Australia Auditor General and asked to do the followings:
- Identify the audit focus and scope
- Analyse audit findings in the Recruitment Advertisement Management System of the Western Australia Government
- Analyse audit findings in the Horizon Power
- Analyse audit findings pertinent to the Pensioner Rebate Scheme and Exchange departments
- Analyse audit findings in the New Land Registry office
- Point out the professional, legal, and ethical responsibilities of an IT auditor.
In completing this assessment successfully, you will be able to learn how to analyse an IT audit report, learn relevant legislation, generally accepted auditing standards and ISACA’s CORBIT framework, which will help in achieving ULO1, ULO-2, ULO-3, ULO-4, ULO-5, ULO-6, and ULO-7.
Identification of the audit focus and scope identified in the audit assignment
Audit software is computerised application programs that help the company in conducting its key business procedures that include finance, HR, case management, billing and licensing. The audit application facilitates performing specialised functions that are exceptions and essential to individual business entities. The audit focus and scope is focussed in this audit assignment in reviewing the business procedures of both private enterprise and state-owned entities (Gabrevi?ien? & Birut?, 2018). All the business processes play an integral role in the entity that affects the decision-making of the internal and external stakeholders when business processes and application are not well-managed. Within the IS Audit Report 2019 presented by the WA Auditor General’s Report, it includes 4 applications to be covered under the IS as- (RAMS), Advanced Metering Infrastructure, Pensioner Rebate Scheme and Exchange and New Land Register (Audit.wa., 2019).
Herein audit assignment, an application reviewed under the audit concentrate and scope is built upon the systematic procedures and data handling systems by exercising control over the following activities such as IT audit policies and procedures that are suitable in supporting the reliability and integrity of the information process. The highly secure and diplomatic information exercises greater control in ensuring confidentiality, integrity and generation of all required data at all times with the auditors. As explained by Amahalu et al. (2019), it is mentioned in the audit assignment that IT Audit System requires data input to feed in information which is accurate, exhaustive and authorized by the designated body for approval and continuation of auditing procedures mentioned within the focus and scope of the business applications.
After conducting the analysis of all the four functionalities of the application within this audit assignment, it was reviewed to have major control weaknesses illustrated within the report. Majorly all related policies and procedures of audit information carried poor information security systems showing endangered or misappropriation of information (Audit.wa., 2019). The report on audit assignment highlights the weakness in the control system that aimed towards ensuring the IT application software function to be more efficient, effective and remain proactive at all times. From the report, there were 37 findings found within the 4 applications listed out of which 9 were remarked as significant, 17 were moderately controlled and 11 recorded minor control issues.
Analysis of audit findings in the Recruitment Advertisement Management System (RAMS)
Major government organizations of the WA use RAMS for personnel management especially for staff recruitment, recording of severance details and re-deployment of the workforce. RAMS is based on the computerised system that is monitored by outside source, managed and controlled by a lien vendor in SaaS. The functionality of SaaS involves personal identification and storage of personal diplomatic information like personal details, bank details and tax filing details (Audit.wa., 2019). The findings generated in the RAMS considered in the audit assignment involve the successful installation of a variable number of staff appointment procedures since the commencement of the application within the government entities of WA in 2003.
RAMS has indicated a series of opportunities for further improvement of IT audit application government. However, the Commission is yet to undertake or receive auditor independent assurance about how the reporting entity manages the key suppliers and vendor information about the security control system. The audit assignment aims in conducting where the control system reports adequacy in the operations and ensures a greater degree of integrity, confidentiality and availability of information within RAMS (Audit.wa., 2019). Furthermore, it was reported that the Commission miserably failed in demonstrating well-planned and controlled procedures of monitoring and management of suppliers with adequate compliances accordingly arrangements made with desired service level and that the IT audit system may not be completely informed about the issues faced during the service delivery procedures leading to unwilling user’s demand.
A sufficient amount of risk was administered that indicated the inadequacy of planning for business continuity that would cause a negative impact on the HR activities such as recruitment and selection drive across the entire WA region and to the government. It is analysed in this audit assignment that the poorly managed access mechanism has the most potential risk exposure in terms of leakages of own and highly-secretive information leading to unsuitable accessibility of information (Salman, 2017). Therefore, since then the Commission has been keeping or storing all information on the computerised system since 2003. The results show during 2017-18, RAMS received and processed 238000 applications of recruitment for around 15400 job advertisements. At present, there are more than 712000 prospective employees who are seeking jobs in the RAMS profile for the application.
Analysis of audit findings in the Horizon Power
The WAIS report considered in this section of audit assignment presented an advanced metering infrastructure in the name of Horizon Power that provided its findings as with 10% data inputs, it shall bring about 10% data processing with 30% security towards diplomatic information and 50% of policies and procedures. The audit procedure focussed on the application based within the AMI that was initially operated by the WA’s Regional Power Corporations business unit known as Horizon Power (Audit.wa., 2019). The system was established for monitoring, production and recording of bills for the consumers against the electricity consumed by entities. The AMI would store highly diplomatic and personal information about the consumers where the meter electricity is installed.
Horizon is the state-run corporation that is engaged in the generation, procurement and distribution of electricity to customers of a residential area, industrial areas and commercial areas in the remote and regional towns and communities of the WA (Brender et al., 2016). The corporation provides electricity services to more than 100000 consumers and 10000 businesses. It was found from the report reviewed to prepare this audit assignment that the AMI system had successfully achieved its purpose. The system had collected and stored electricity generated consumption information and communicated the same to the other ancillary business systems of Horizon.
The integrity and confidentiality of the system have been highest where there is the lowest possible risk due to inadequacy of background security check and too easy access to contractor management. Therefore, it requires improvement of network and database system securities through rigid control and strengthening of integrity systems (Audit.wa., 2019). The audit findings obtained in the audit assignment illustrated that there has been an appropriate use of processes that detected and suggested remedy consumption mistakes before preparation of the bills issues with a high amount of errors in the values. The traditional system of Horizon known as The Velocity system reported significant mistakes causing high billing variances that required frequency corrective action when required.
The new application of AMI had corrected mistakes for Horizon in 2017-2018 worth $1.43 billion which was further comprised of $1.42 billion for one commercial user and $8.5 million for other commercial users of the WA. An amount of $1.42 billion was ascertained from the manual readings conducted from the domestic customer’s meter that was registered with network access and was read using a hand-held device (Sabauri, 2019). From the audit review done in the audit assignment, it was screened that out of 9 important employees, 8 of them did not undertake adequate training of screening or reading the meter despite being employed for 3 to 14 months with Horizons. The findings further stated that theses staff received all possible privileges accessible to the network system for generation of electricity and other related systematic procedures of AMI.
Analysis of audit findings in the Pensioner Rebate Scheme and Exchange departments
In this audit assignment, there were 11 findings discovered from the Pensioner Rebate Scheme and Exchange that showed resultant figures as 9% of audit trail, 9% of data processing, 37% of security of diplomatic information, 27% of policies and procedures, 9% of segregation of duties, 9% of backup and recovery. The State Revenue procedures included local government bodies (LGs) that claimed for disbursement of concessions and payment to rightful pensioners and superannuation by the PRS system and PRX platform (Audit.wa., 2019). LG’s is applicable to PRX in exchanging claims information by State Revenue and PRS by the same entity.
The report explored in the audit assignment showcased that State Revenue Department could not exercise its duties in capturing land ownership and occupancy rights that was prescribed in this Act. The State Revenue overtaken the authority of land ownership from LGs in 2003 however, detached from an ownership after 2005. There was a lack of suitable validation procedure that reduced the risk of concession drawbacks which were paid to the senior employees as a means of pension and superannuation payment (Audit.wa., 2019). The audit report suggested to the State Revenue about how to conduct the verification and checking procedure that was detained due to a high number of payment claims received from the pensioner and later refused as a result of incorrect land occupancy rights and information of land ownership received from the LG claim files.
Until June 2018, the State Revenue did not intimate LGs about the rejection of land occupancy rights and ownership held information (Labib, 2019). In 2010, a similar result was found out where the PRs system did not perform its duties diligently in terms of verification for land ownership rights and occupancy checking against the official land records. IT has been more than 20 years that this functioning is not rectified. It was supposed to be fixed by June 2019, still, there is no improvement.
Both the PRS and PRX system noted in this audit assignment were an effective source of support to the State Revenue and the LGS entity of WA. These processes included assisting in the payment of pension and superannuation services to pensioners and seniors (Widilestariningtyas & Karo, 2016). The computation of rebates was well-managed and worked upon in a computerised system that did not cause any difficulties to the system. However, there has been an increased exposure to risk and uncertainty observed since 2005 about the performance of ownership of land details and checking records of occupancy in WA. There have been records and events that cause a higher risk to concessions payments provided to non-eligible individuals of the country.
Analysis of audit findings in the New Land Registry office
The NLR-T computerised system brought about five findings which illustrated 40% included as policies and procedures, 20% comprising segregation of duties and responsibilities and 40% includes a security system for diplomatic information (Newton et al., 2016). The NLR-T was designated with the responsibility of the management of property owned by public and private individuals based on locational information records within the geographical territory of Western Australia. The system transformed partially the full-manual land registration process into a semi-computerised procedure that is more accurate, reliable and less error-making (Audit.wa., 2019). The system programming of NLR-T was developed based on the outsourcing of ICT arrangement under the software programming of public cloud infrastructure. The entire arrangement was managed and developed collectively by Landgate and a third-party.
The audit findings utilized in this context of audit assignment concluded that Landgated did not precede with the review procedures of transactions for the NLR-T with complete accuracy. The entity stopped performing its review system in 2016 where it was later discovered that out of the 8 land transactions conducted in 2018, 2 of them were identified as modification in the 2 land titles without suitable delegation procedures (Shi, 2020). This caused a major risk in the probability of error and brought in unexpected changes to the information disbursed by NLR-T and later caused a breach of the contract. However, it was observed that those 2 transactions had actually been supported with the correct documentation for changes in the land ownership rights.
Moreover, there was an issue with insufficient allocation and division of duties. It means out of all the staff employed in the NLR-T, two of them were assigned with the responsibility of receiving extra privileges in allowing them to discharge their functionalities in end-to-end transactions involving land titles. However, from the audit findings it was observed in this audit assignment that the system contained weak control over the user access that caused greater threats and increased disk to address unauthorised access to the system leading to high chances of misusing the information stored, given and used by NLR-T (Audit.wa., 2019). Therefore, special and specific attention must be provided in receiving additional privileges in accessing rights and correcting the weaknesses identified from the NLR-T procedures. There has been a situation of excess user interface and access rights received within the system. As mentioned by Gunawan & Amin (2018), it was found herein audit assignment that there were 7 users who were given free permission for entering into the highly secured and privileged data information source known as Assistant Registrar. They are allowed to use excessive rights and bypass system procedures and checks without any type of hindrance and security checking system.
Professional, legal and ethical responsibilities of an IT auditor
Auditor’s responsibility is to opine about an independent, objective opinion on the annual books of account for the company. In the words of Malviya et al. (2020), the auditor’s responsibilities are to share views to the company management on the presentation of information in its FS as a true and fair view. In order to do this, the auditor is required to collect all possible shreds of evidence to obtain a reasonable assurance that the FS is free from material misstatements.
The professional responsibility of an auditor includes being responsible towards his profession as well as the responsibility to comply with the auditioning standards accepted by the fellow team of auditors. The importance of audit compliance has been mentioned by the American Institute of Certified Public Accountants which has prepared a Code of Professional Conduct that includes rules for supporting the auditors with relevant standards as well as providing a basis of audit enforcement practice (Richards, Richards & Ramachandran, 2018). Professionally the auditor is required to report about any kind of indictable offences conducted by the reporting entity. If the auditor finds any piece of information while conducting the auditing procedures that results in believing that he entity or any personnel associated with the entity had committed an indictable offence prescribed under the Companies Act, it is within the responsibility of the auditor to report the same to the Office of the Director of Corporate Enforcement (ODCE).
Legal responsibility for an auditor is to discharge his function in accordance with due diligence for enhancing the reliability of the FS especially for all the external users of the accounting information. As opined by Srivenkataramana (2018) with regards to the case scenario of audit assignment, unlike any other professionals, the auditors are responsible for both civil and criminal liability while performing the duties and responsibilities of the auditors. Within the preview of the legal responsibilities of an auditor, it includes the performance of auditor’s responsibilities to the business with due care which means the concept of a prudent person. It implies the auditor is required to possess the required skills for conducting the evaluation of the accounting entries. The auditor is required to undertake all his responsibilities with good faith and highest integrity however, it must be infallible.
The ethical responsibility of the auditor includes integrity principles wherein the auditors are required to establish through his professional responsibility the trust and thereby provides the basis of reliance and dependence on their judgement. The auditors shall perform the performance for his work with utmost honesty, diligence and responsibility. Furthermore, it is also stated in the audit assignment that the auditor shall observe all relevant laws and make full disclosures about the anticipated laws and profession (Pan & Song, 2017). The ethical responsibility of the auditor mentions that an auditor must express his opinion about the business subject who is based on the adequacy of knowledge, honesty and conviction. In all the possible causes, the facts generated should speak for it. The auditor opinion given shall be suede as a solid grounding and support in objectifying the evidence. ?
Amahalu, N., Abiahu, M. F. C., Chinyere, O., & Christian, O. (2016). Effect of risk-based audit on quality internal control of selected deposit money banks in Nigeria. audit assignment Abiahu, Mary-Fidelis Chidoziem, Amahalu, Nestor Ndubuisi, Chinyere, Obi Juliet and Christian, Okika Elochukwu, Effect of Risk-Based Audit on Quality Internal Control of Selected Deposit Money Banks in Nigeria (September 31, 2016). https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3050253
Audit.wa. (2019), Information Systems Audit Report 2019 - Office of the Auditor Report, https://audit.wa.gov.au/reports-and-publications/reports/information-systems-audit-report-2019/ [Retrieved on 2nd July 2020]
Brender, N., Gauthier, M., Morin, J. H., & Salihi, A. (2019). The potential impact of blockchain technology on audit practice. Journal of strategic innovation and sustainability, 14(2), 35-59. http://search.proquest.com/openview/453b3d74e20a9536186af1f39ee05a02/1?pq-origsite=gscholar&cbl=536313
Gabrevi?ien?, A. P., & Birut?, Š. D. (2018). Internal audit and control in a company in the context of management activity. , (74), 190-198. http://www.irbis-nbuv.gov.ua/cgi-bin/irbis_nbuv/cgiirbis_64.exe?C21COM=2&I21DBN=UJRN&P21DBN=UJRN&IMAGE_FILE_DOWNLOAD=1&Image_file_name=PDF/ znpgvzdia_2018_74_18.pdf
Gunawan, H., & Amin, M. N. (2018). The Audit of Control System With Information Technology. Fundamental Management Journal, 3(1), 40-48. Gunawan, H., & Amin, M. N. (2018). The Audit of Control System With Information Technology. Audit assignment Fundamental Management Journal, 3(1), 40-48.
Labib, N. (2019). Mengenal Information Systems Audit and Control Association (ISACA). https://osf.io/preprints/m93u8/
Malviya, R. K., Dharmadhikari, S., Choudhary, S., Gupta, S., & Raghuwanshi, V. (2020). Study of Inventory Audit and Control of Automobile Spare Parts Using Selective Inventory Control Techniques. Industrial Engineering Journal, 13(1). http://iiie-iej.ivyscientific.org/wp-content/uploads/sites/4/published_papers/13/1/1204/paper_1204.pdf
Newton, N. J., Persellin, J. S., Wang, D., & Wilkins, M. S. (2016). Internal control opinion shopping and audit market competition. The Accounting Review, 91(2), 603-623. https://meridian.allenpress.com/accounting-review/article-abstract/91/2/603/164210
Pan, T., & Song, Y. (2017, October). Research on internal control audit, internal control deficiency and audit fees. In Second International Conference On Economic and Business Management (FEBM 2017). Atlantis Press. https://www.atlantis-press.com/proceedings/febm-17/25887092
Richards, C., Richards, P., & Ramachandran, H. (2018). U.S. Patent Application No. 15/989,962. https://patents.google.com/patent/US20180279126A1/en
Salman, K. K. (2017). The role of the internal audit in control on budget local governments Field study in the local government province a the qar. Muthanna Journal of Administrative and Economic Sciences, 7(2), 157-177. https://www.iasj.net/iasj?func=article&aId=131253
Shi, W. (2020, June). Discussion and Research on Audit Internal Control and PracticeConstruction Based on Risk Management. In Modern Economics & Management Forum (Vol. 1, No. 1). https://en.front-sci.com/index.php/memf/article/view/103
Srivenkataramana, T. (2018). Application of Statistical Sampling to Audit and Control. DHARANA-Bhavan's International Journal of Business, 12(1), 14-19. http://eprints-bangaloreuniversity.in/8842/
Widilestariningtyas, O., & Karo, R. S. K. (2016). The influence of internal audit and internal control on fraud prevention in Bandung regency government. Journal of Administrative and Business Studies, audit assignment 2(3), 143-150. https://www.academia.edu/download/54766693/jabs-2.3.5.pdf