Companies and learning institutions use a huge information system that needs to be audited regularly in order to check the vulnerability of the information systems to attacks. The auditors are responsible for checking all the areas of the technological institutions that facilitate operations in companies and learning institutions hence when the security of the information systems is compromised the entire company and learning institution is also compromised in terms of security. Auditors are responsible for checking all the vulnerable areas within the company and ensuring that the company is secure from cyber-attacks. Cyber-attacks have been increasing in the recent past making companies and learning institutions to carry out an audit in order to determine the areas where they might be vulnerable. The audits are meant to determine the risks areas for appropriate measures to be taken.
Universities have their own data centers that store information regarding the learning institutions, and the data centers store crucial information regarding the learning institutions hence the information need to be protected against access from unauthorized people (Rosli, Siew, & Yeow, 2016). The hackers try to gain access to the information of the learning institution that they then use for their gain. The audit is meant to ensure that data centers are secure from attacks by checking all the vulnerable areas and finding ways to fix the vulnerability. Data is the most important thing in an information system; hence when it lands in the wrong hands that want to take advantage of their access, then the company will face negative impacts.
The portals are the modern ways of accessing information stored on the data centers within the learning institutions. The audit that ought to be done investigates whether any loopholes exist on the portal. Cybercriminals pose as users of the system to carry out a survey and determine whether there are any vulnerabilities within the portals. The errors found within the system will be rectified so that hackers don’t use the vulnerability of the portal to attack other information systems within the institutions. The audit should also come up with recommendations to keep the systems of the universities secure. The scope of the audit will cover all the areas that are interconnected with the information systems because they are the most vulnerable.
The audit will check the flow of information and data within the institution and how the path of information can be made more secure. Also, the financial environment is also audited to check whether any loopholes can be used by attackers to exploit the learning institution financially. The systems that are used in dealing with financial matters of the company are the most vulnerable; hence they need for an audit to be done.
The vulnerable areas that are noted need to be classified either highly vulnerable, medium or low risks vulnerabilities. The classification of the vulnerability is done on the basis of the possibility of the risk occurring an impact of the risks. Also, the classification needs to be done on the basis of the impacts that attack might cause to the learning institution (Hall, 2015). The highest risk ranked should be death with first when fixing the loopholes that might cause more effects to the institution. Medium risk is the risks that make the company face challenges repaying but need additional time to complete the payment. Low risks are the risks that don’t pose any danger to companies in paying. The auditors should also come up with mitigation measures to ensure that the vulnerability does not happen again. The employees cause some risks; hence they need to be trained to avoid such scenarios from happening again.
The audit team will face challenges in audit work; among the challenges is having a wide scope of areas that need to be covered under a tight schedule where time is limited. The audit also needs to focus on what the leaning institutions can do in order to improve the security of the information systems that they use. At the end of the auditing period, the auditor also needs to write a report regarding the audit they just concluded. The recommendation from the auditors will cover the areas that they identified as the most vulnerable and what the organization can do to ensure the vulnerability does not reoccur again in the future.
Several people usually do auditing because the areas that need to be covered are many (Groomer, & Murthy, 2018). Different auditors have specialized in different areas; hence they are given areas that they have well in expertise and skills in. Assigning roles helps in obtaining different and unique audits reports that are independent — assigning auditors’ role to help them acquire new skills that they develop while auditing various c areas of study. The division of labor through assigning role will help the auditors become experts in the areas that they specialize in. Loopholes are the opportunities that exist for a business to avoid responsibilities that have been formed by the law.
Auditing of information systems should be done in a timely manner to ensure that the vulnerabilities that might have come up (Mittelstadt, 2016). Technologies also keep on coming advancing; hence there might be new technologies that might have happened to reduce the challenges that existed in earlier. New technologies that come up might either increase the security of the information systems are making them more concern about the public.
The audit will be carried out at different hours to evaluate the performance of the technology. To ensure that there is minimum or no interruption during the audit the procedure will be carried out when there are no activities that are carried out using the system. To establish the appropriate time the team will lies with the Institution’ management so that they can appropriately schedule the audit hours. The testing will be carried out in phases with the final phase providing a detailed report of the overall performance of the technology.
The reporting will be carried out at each phase whereby after testing the performance a mini report will be compiled and presented to the Institution’s management. This will act as a guide, and the stakeholders can anticipate the final results of the audit and start thinking of strategies that can be applied to improve the technology. After compiling a final report, the audit team will come up with recommendations that can be implemented to improve the performance of the technology.
The anticipated duration for carrying and completing the audit is two weeks if the task will be carried out five days a week from Monday to Friday starting at 8 a.m to 5 p.m. This time includes that which will be used to compile the report and present it to the relevant stakeholders. The audit will commence on 25th March 2019 and continue until 9th April 2019. This time will be adjusted if the team is not able to carry out the audit in any day or days because of any justifiable reason.
Groomer, S. M., & Murthy, U. S. (2018). Continuous auditing of database applications: An embedded audit module approach. In Continuous Auditing: Theory and Application (pp. 105-124). Emerald Publishing Limited.
Gupta, B., Agrawal, D. P., & Yamaguchi, S. (Eds.). (2016). Handbook of research on modern cryptographic solutions for computer and cybersecurity. IGI Global.
Hall, J. A. (2015). Information technology auditing. Cengage Learning.
Mittelstadt, B. (2016). Automation, algorithms, and politics| auditing for transparency in content personalization systems. International Journal of Communication, 10, 12.
Rosli, K., Siew, E. G., & Yeow, P. H. (2016). Technological, organizational and environmental aspects of audit technology acceptance. International Journal of Business and Management, 11(5), 140-145.