Conducting And Reporting An IT Infrastructure Compliance Audit Responses
Provide (4) 150 words substantive response with a minimum of 1 APA references for RESPONSES 1, 2, 3 and 4 below. Ensure you list and break down each response in a word document, along with its reference. Response provided should further discuss the subject or provide more insight. To further understand the response, below is the discussion post that’s discusses the responses. 100% original work and not plagiarized.
The skills related to IT Auditing can be considered both soft skills and those of a technical aspect. For IT Auditors they need to have the soft skills in order to communicate and distribute information within an organization or to an external organization. There is also the need for IT Auditors to be able to communicate with team members effectively when conducting interviews as part of the audit process. The successful IT Auditor should also be able to accurately describe and rate a particular risk. It could be easy for someone to come in and believe that every risk is adverse, and while some are there are other risks that might be determined to be acceptable amounts of risk. Another skill that IT Security auditors need to possess is the technical knowledge regarding the systems and controls that they are auditing and recommending changes for.
There are many different organizations that have issued guidance for the standards of audits, particularly professional organizations that attempt to represent the industry. One example is the Institute of Internal Auditors which release the international standards for the professional practice of internal auditing. There is of course other standards within the industry that pertain to both internal and external auditing. The US Government even has standards for the auditing process as it relates to IT security.
These events were so profound to the security auditing and in general auditing practice because it shows the value of having a good auditing team and practices. These events often left their customers in dire straights financially because the computers systems that were in use were not combed through as much as they should have.
There are many differences in auditing through the computer versus the more traditional bood and records audit. First, the through the computer method leverages computer technology in order to better understand and audit things that is hard for the human eye to see, such as computer software. The traditional method would only have auditors look at paper records of things rather than the actual computer hardware.
1. What are the skills related to IT Auditing? List and describe 3 areas.
– Data analytics is the process of analyzing massive volumes of data to find patterns and anomalies (Indeed Editorial Team).
– Security risk management: The process of identifying security threats and developing measures to mitigate them is known as security risk management. The possibility of recognized threats exploiting vulnerabilities, as well as the effect they have on valued assets, are used to calculate risk (Indeed Editorial Team).
– Computer security: A security audit is a high-level explanation of the many methods in which a company might test and analyze its overall security posture (White, 2019). Firewalls, encryption methods, and other security measures are evaluated by auditors, who must have experience in cybersecurity, data analysis, and information management.
2. What are examples of Auditor’s Standards of Practice? Which organizations have issued standards or guidance to the auditor?
The Yellow Book, the Red Book (International Professional Practices Framework), and the Generally Accepted Auditing Standards (GAAS) are only a few examples (U.S. GAO, 2021). The American Institute of Certified Public Accountants (AICPA), the Institute for Internal Auditors (IIA), and the Information Systems Audit and Control Association (ISACA) are all organizations that specialize in auditing and controlling information systems (Weiss, M., & Solomon, M. G).
3. Why are the “Equity Funding” and “Enron” events so important to computer auditing?
These two occurrences are significant because they are high-profile failures in auditing. These occurrences emphasized the need for a more dependable and precise accounting system. Because there was no confirmation of correctness until it was too late, these firms were able to get away with making fraudulent trades.
4. What are the differences in “auditing through the computer” versus the more traditional book and records audit?
The major change is the passage of time. An auditor who uses computer-assisted techniques can analyze a bigger volume of data more quickly. Because they are written down, log books may be difficult to read and easily altered or fabricated.
Weiss, M., & Solomon, M. G. (2011). Auditing IT infrastructures for compliance,1st ed. MA: Jones & Bartlet
Indeed Editorial Team. (2021, February 23). Auditing Skills: Definition and Examples. Indeed Career Guide. https://www.indeed.com/career-advice/resumes-cover-letters/auditing-skills
The first metrics I want to mention is the one use by RIPv1 and RIPv2. RIP means Routing information Protocol this is what is called a distance vector protocol. RIPv1 what it does is that the router will send the entire routing table across the network reaching other routers, when the table hit the router is looking for it will stop sending it. The metric use by RIP is count the hops the table does across the network. Now, RIPv1 only can go up to 15 hops when it reaches the 16, it will determine that the desire router is unreachable.
RIPv2 use the subnet mask information with the routing tables, what it does is support Variable Length Subnet Masks (VLSMs), meaning that will allow the metrics classless routing that will save address space. This way not every piece of equipment attach to the router will have the same subnet mask. RIP does not account very much for bandwidth, sending all this data will consume the bandwidth, it is not recommended for network that use diverse media.
The second metric is one that Enhanced Interior Gateway Routing Protocol (EIGRP) use, this routing protocol use at least 5 metrics, but I will focus on bandwidth. The bandwidth is expressed in units of kilobits and this metric needs to be manually configure. According to the medium and the bandwidth input, it will determine the delay of the data to reach across the network. This protocol will calculate the bandwidth with load and the delay to determine the best route to take.